Problems with Cisco Anyconnect on Ubuntu 14.04 (Breaks Internet Connections)
This blog is about resolving an issue I had after installing Cisco Anyconnect, the U of L’s VPN client.
This is an aide memoire for me, but might be useful to others. The information comes from, with the first being most useful for this particular case:
- http://askubuntu.com/questions/264398/cisco-anyconnect-vpn-client-broke-my-internet
- http://askubuntu.com/questions/225134/cannot-connect-to-the-internet-after-installing-cisco-anyconnect-vpn-client
- http://askubuntu.com/questions/3518/connecting-to-vpn-prevents-access-to-normal-web-sites
- http://askubuntu.com/questions/84344/internet-becomes-unavailible-after-connecting-through-vpn
The symptoms
The U of L uses Cisco Anyconnect as its VPN client. I installed it two days ago (stupidly, while travelling). This produced a problem where I couldn’t access the internet: I could log in to a SSD, but couldn’t ping any sites, and none of my webbrowesers could resolve or connect to any hosts.
#h3(#diagnosis). The diagnosis
The problem is that anyconnect rewrites /etc/resolv.conf.
The original /etc/resolv.conf is a link to /run/resolv.conf/ and /run/resolvconf/resolv.conf@ contains a local address nameserver (in my case 127.0.1.1, others report 127.0.0.1).
Anyconnect backs this file up (whew!) as /etc/resolv.conf.vpnbackup and replaces it with a new resolv.conf that contains a number of different nameservers in the uleth domain (i.e. 142....).
The solution
Things that don’t work
These are the things I tried that don’t work (in the order I tried them).
- rebooting
- switching to windows logging into the SSD, then returning to ubuntu and doing it again (this once reset things for me a few years ago when I had trouble)
- deleting the anyconnect directory
- reinstalling the anyconnect directory and then using
//uninstallvpn.sh(I should have done it in the other order, but I was tired). Doesn’t work anyway, and bothinstallvpn.shanduninstallvpn.shneed access to something at vpn.uleth.ca
What works
Because anyconnect backs things up, all you need to do is the following:
- cd to
/etc/ - check that the situation matches what I’m reporting (i.e. that there are two
resolv.conffiles,resolv.confandresolv.conf.backupvpnor similar. - rename the current
resolv.conf:mv resolv.conf resolv.conf.CISCO - rename the current
resolv.conf.backupvpn(or similar):mv resolv.conf.backupvpn resolv.conf - check that the (now) current
resolv.confis a link to/run/resolvconf/resolv.confby runningls -l resolv.confon/etc/(if it is a link, the line will include an arrow showing what it is pointing at). - check that the nameserver in
resolv.confis a local address (127...).
