Problems with Cisco Anyconnect on Ubuntu 14.04 (Breaks Internet Connections)

Posted: Jan 11, 2015 22:01;
Last Modified: Jan 11, 2015 22:01
Keywords:

This blog is about resolving an issue I had after installing Cisco Anyconnect, the U of L’s VPN client.

This is an aide memoire for me, but might be useful to others. The information comes from, with the first being most useful for this particular case:

The symptoms
The solution
- Things that don’t work
- What works

The symptoms

The U of L uses Cisco Anyconnect as its VPN client. I installed it two days ago (stupidly, while travelling). This produced a problem where I couldn’t access the internet: I could log in to a SSD, but couldn’t ping any sites, and none of my webbrowesers could resolve or connect to any hosts.

#h3(#diagnosis). The diagnosis

The problem is that anyconnect rewrites /etc/resolv.conf.

The original /etc/resolv.conf is a link to /run/resolv.conf/ and /run/resolvconf/resolv.conf@ contains a local address nameserver (in my case 127.0.1.1, others report 127.0.0.1).

Anyconnect backs this file up (whew!) as /etc/resolv.conf.vpnbackup and replaces it with a new resolv.conf that contains a number of different nameservers in the uleth domain (i.e. 142....).

The solution

Things that don’t work

These are the things I tried that don’t work (in the order I tried them).

rebooting
switching to windows logging into the SSD, then returning to ubuntu and doing it again (this once reset things for me a few years ago when I had trouble)
deleting the anyconnect directory
reinstalling the anyconnect directory and then using //uninstallvpn.sh (I should have done it in the other order, but I was tired). Doesn’t work anyway, and both installvpn.sh and uninstallvpn.sh need access to something at vpn.uleth.ca

What works

Because anyconnect backs things up, all you need to do is the following:

cd to /etc/
check that the situation matches what I’m reporting (i.e. that there are two resolv.conf files, resolv.conf and resolv.conf.backupvpn or similar.
rename the current resolv.conf: mv resolv.conf resolv.conf.CISCO
rename the current resolv.conf.backupvpn (or similar): mv resolv.conf.backupvpn resolv.conf
check that the (now) current resolv.conf is a link to /run/resolvconf/resolv.conf by running ls -l resolv.conf on /etc/ (if it is a link, the line will include an arrow showing what it is pointing at).
check that the nameserver in resolv.conf is a local address (127...).

Comment

Follow me on Twitter

@LorinYochim @CAUT_ACPPU @case_acse @CSSESCEE @UMFA_FAUM @ULFAssociation I'm afraid I don't. I thought it was one o… twitter.com/i/web/status/1… Jun 27, 09:17 AM

RT @BUFABrock: The results are in! @BUFABrock members have voted 97% in favour of strike authorization, if necessary. The participation r… Jun 27, 08:33 AM

@LorinYochim @CAUT_ACPPU @case_acse @CSSESCEE @UMFA_FAUM @ULFAssociation I thought I heard talk of this at caut this year. Jun 27, 08:30 AM

RT @deelomas: And, the official winner of the ‘Not My Job’ award goes to… pic.twitter.com/0sDes9D5oq Jun 26, 09:34 PM

I'm beginning to think that electric vehicles are sort of a Linux of the car world at the moment. Except Teslas whi… twitter.com/i/web/status/1… Jun 26, 08:57 AM

"He felt that American children in recent generations have had too much parental protection and too little opportun… twitter.com/i/web/status/1… Jun 18, 09:01 PM

I've been going through Ernie Pyle's Brave Men (a collection of columns from the European front in WWII) looking up… twitter.com/i/web/status/1… Jun 17, 08:52 PM

Traditionally, “knowledge workers” have had two productivity peaks in their workday: just before lunch and just aft… twitter.com/i/web/status/1… Jun 10, 10:25 PM

RT @JasonOnTheDrums: #Ableg Today was within 97% of the record votes we record on Tuesday. We’re on pace for 784,475 votes over and will… May 26, 08:08 PM

So if we were doing bets, here's mine: NDP 45 UCP 41 IND (Child-hating poop-cookie) 1 I think people are undere… twitter.com/i/web/status/1… May 26, 08:07 PM

Daniel Paul O'Donnell