Installation and setup of the Cisco Secure Client for Linux
Installation
- Download the Cisco Secure Client for Linux. A bash script is available which checks your Linux distribution for compatibility. You must log in with your student or personal account for this download [Fig. 1].
- You will need a terminal to install the package. Either open the folder in which the file was downloaded by clicking on "Show all downloads" in the browser under Downloads (varies depending on the browser) [Fig. 2] or navigate to the corresponding folder via the file explorer.
- Open a terminal in this folder by right-clicking -> Open in terminal [Fig. 3]. Alternatively, you can also open a terminal and switch to your download directory with cd /home/user/Downloads, for example.
Now install Cisco Secure Client by executing the following command to start the script:
sudo bash ./cisco-secure-*.sh- After completing the command, you will find Cisco Secure Client in the list of your installed programs.
Note on Ubuntu 20.04
Please note: In version Ubuntu 20.04, it is not possible to open the terminal via the context menu in the respective folder. If this option is not displayed, open the terminal using Ctrl + T, for example, and switch to the relevant folder using the command "cd [folder path to file]".
Note if the Cisco Secure Client does not start after successful installation (To the best of our knowledge: Ubuntu 25.10. & OpenSuse Tumbleweed
Please note the troubleshooting instructions under the following link: https://itcc.uni-koeln.de/en/services/internet-access-web/network-access/vpn/troubleshooting#c26025
Configuration & use
- Under your Linux distribution, search for "Cisco Secure" by clicking on the grid button at the bottom left in the case of Ubuntu (9 dots).
- Now enter "Cisco Secure Client" in the search and click on the corresponding program.
- In the new window, enter "vpngate.uni-koeln.de" as the server address (without quotation marks) and then click on "Connect".
- You will be redirected to the Shibboleth login via your standard browser. If you want to change the tunnel type, minimize the browser window and select the tunnel type in the Cisco Secure Client dialog box.
- Then log in to Shibboleth with your user name and password.
- Confirm your login in Shibboleth using multi-factor authentication with your smartphone, tablet or hardware token (the interface varies slightly depending on how multi-factor authentication is set up).
- If the login was successful, you will receive a message in your browser. You can now close it.
Troubleshooting
Error message "Not enrolled in Duo"
If you receive an error message with the title "Not enrolled in Duo" during multi-factor authentication, then you have not yet set up multi-factor authentication.
Information on setting up multi-factor authentication can be found here.
Message in Cisco Duo "Enter bypass code"
If you are asked to enter a bypass code, it is very likely that the initial registration of your device for multi-factor authentication has not been completed. Contact the ITCC helpdesk and ask to be able to carry out the initial registration again.
Then make sure that you do not interrupt the initial registration process at any point the next time.
Difficulties using the client
You can find tips on troubleshooting when using the client on our help pages:
Special cases for use under Linux
Use of systemd-free Linux operating systems
Please note that the Secure Client from Cisco requires the libsystemd systemd library. On Linux systems without systemd, the elogind package can be used instead, which provides libelogind.so, a largely ABI-compatible implementation of libsystemd.so.
In very rare cases, it is necessary to manually set symlinks from libsystemd to libelogind, for example via
ln -s /lib64/libelogind.so.0 /lib64/libsystemd.so.0
ln -s /lib64/libsystemd.so /lib64/libsystemd.so