1. Installing VPN for Linux
  2. Using the Cisco AnyConnect Security Mobility Client

Cisco AnyConnect 4.1 supports Linux Red Hat 6, 7 & Ubuntu 12.04 (LTS), and 14.04 (LTS) (64-bit only).

By default Students do not get VPN access, any Student requiring VPN access will need to request access

Connection Server: cuvpn.carleton.ca/mfa

Installing VPN for Linux

Note: The following installation procedure was tested on Ubuntu 14.04 with Firefox.

  1. Go to: cuvpn.carleton.ca and login with your MC1 Username and Password.
  2. The WebLaunch will detect the version of Java you have installed and attempt to automatically install Cisco AnyConnect Security Mobility Client. If failed, below screen will appear, and click AnyConnect VPN to download the client.
  3. Under the heading What should Firefox do with this file? Select Save File, then the OK button
  4. Exe installation scripts can be found in: /opt/cisco/anyconnect/bin/vpnui
  5. Run the script sh to have the Cisco AnyConnect Secure Mobility Client setup.

Using the Cisco AnyConnect Security Mobility Client

Beginning in November 2022, multifactor authentication (MFA) is required when using the Cisco AnyConnect Security Mobility Client.

  1. To use the VPN Service with MFA, go to Applications -> Internet ->Cisco AnyConnect Secure Mobility Client and launch the client.

    2. In the dropdown menu, type cuvpn.carleton.ca/mfa , and click Connect.

3. You will be prompted for a Username, Password and Second Password

    • In the Username field, enter your MyCarletonOne (MC1) account (do not include @cunet.carleton.ca.)
    • In the Password field, enter your MC1 password.
    • The Second Password asks for the multi-factor authentication (MFA) that you would like to use. You have two options:
      • Option 1 (Recommended method for first-time users of the VPN with MFA): Enter a passcode (6-digit pin) from the Duo mobile application on your phone. To do this, open the Duo app on your phone and follow these instructions. You can also use a hardware token associated with your Duo account, or a bypass code created by the Service Desk. OR
      • Option 2: Enter the word push to have Duo push an authentication prompt to your default mobile application, or the word phone to receive a phone call to your default phone number. Accept the prompt to proceed.

Note: The first time you connect to the VPN service using multi-factor authentication (MFA), the Cisco AnyConnect VPN client will download an updated profile, which will include a longer timeout value when using the push or phone methods. We recommend that you use a passcode the first time you use this configuration.

    • Once you’ve completed all fields, click OK.

4. You will be presented with the policy and privacy acknowledgement to accept before establishing the connection. Once connected you should have access to all the same resources allowed to you. Click Accept to proceed.

5. After you connect using multi-factor authentication (MFA), when you next launch the Cisco AnyConnect VPN client you should see an alternate profile available. Please use CarletonU-RA-Duo, CarletonU-RemoteVPN-Duo, or other Duo enabled profile that has been assigned to you when connecting to the VPN service in the future.

Please contact the ITS Service Desk if you would like any assistance.