Update 2021-12-20. The below no longer works. I get an error telling me “Your environment does not meet the access criteria defined by your administrator” when I try to activate the VPN.

UCL VPN under Linux

If you want to log in to myhr to see payslips or to access shared drives you need to be on the UCL network or use their VPN (in principle you can also use my.desktop but in my experience it was unusably slow). Here’s how I got the VPN working in Debian 10.

  • install the openconnect and network-manager-openconnect packages. They’re in the Debian repos
  • save a copy of csd-wrapper.sh from here and chmod a+x csd-wrapper.sh
  • open network manager (right-click the wifi logo and select “edit connections”, or open “Advanced Network Connections”), add a new VPN connection, select “Cisco AnyConnect Compatible” as the type
  • put vpn.ucl.ac.uk as the gateway and the path to your csd-wrapper.sh in the CSD Wrapper Script box. You will have to tick the box that says “Allow Cisco Secure Desktop trojan” if you want this to work. Don’t do that unless you understand what is happening or you trust Cisco with your data or you don’t care about security. Read the blogs.ucl link above to begin with.
  • connect to your new VPN connection. It will ask for your username and password, username should be your 7-letter UCL id.
  • you are now connected to the UCL VPN. Don’t do anything that you don’t want to share with your employer.
  • if you want to mount the shared S drive or your personal N drive, follow these instructions. There’s a link at the bottom for the N drive.

screenshot of network manager. The VPN tab is selected. VPN protocol dropdown is set to Cisco AnyConnect. Gateway is vpn.ucl.ac.uk. CA certificate is none. Proxy is blank. The Allow Cisco Secure Desktop Trojan checkbox is ticked. The CSD wrapper script box contains the path of the shell script csd-wrapper.sh. User certificate and private key are none. Use FSID for key passphrase is not checked. Token mode is set to disabled.