UM IST Help

VPN - Instructions for installing Linux VPN

Updated on

Audience: Faculty, staff, students

Introduction

Learn how to set up the virtual private network (VPN) with Ivanti Secure Access Client for Linux. 

Download the VPN client software for Linux

How to Install Ivanti Secure Access Client on Linux

This guide provides instructions for installing the Ivanti Secure Access Client on a Linux workstation, enabling a secure VPN connection. The steps are based on the Ivanti Secure Access Client Administration Guide.

Supported Operating Systems

The Ivanti Secure Access Client for Linux supports a range of 64-bit distributions. It's important to note that specific versions are officially qualified and supported by Ivanti.

Minimum Supported Distributions

*   **RHEL-based (e.g., Red Hat Enterprise Linux, CentOS, AlmaLinux, Rocky Linux):** Version 8

*   **Fedora:** Version 34

*   **Ubuntu:** Version 20.04.1

*   **Debian:** Version 10.6

Qualified Platforms (as of Ivanti Secure Access Client Release 22.8R4)

*   **Fedora:** 42

*   **Ubuntu:** 24.04.02, 22.04.05

*   **Debian:** 12

*   **RHEL-based:** 9

Prerequisites & Dependencies

Before installing the client, you must install required dependency packages.

Automatic Dependency Installation (Recommended)

The Ivanti Secure Access Client package often includes an installation script (such as `installer.sh` or `package_installer.sh`) which can automatically detect and install necessary dependencies. This is generally the recommended approach for simplifying the dependency installation process.

*   After obtaining and extracting the Ivanti Secure Access Client package, navigate to the extracted directory.

*   Look for a script named `installer.sh` or `package_installer.sh`.

    - /opt/pulsesecure/bin$ sudo bash ./package_installer.sh

*   Some versions might also provide a dedicated dependency installer script, for example, `/usr/local/pulse/PulseClient.sh install_dependency_packages`.

If an automatic script is not available or does not work as expected, proceed with manual dependency installation:

Manual Dependency Installation

Both Debian-based and RPM-based systems generally require `nss3-tools` and `net-tools`.

*   **For Debian/Ubuntu:**

    ```bash

    sudo apt-get update

    sudo apt-get install nss3-tools net-tools

    ```

*   **For Fedora/RHEL/CentOS:**

    ```bash

    sudo yum install nss3-tools net-tools

    ```

Specific Dependencies for Modern Ubuntu (e.g., 24.04, 22.04)

Newer versions of Ubuntu often require specific libraries for the client's graphical interface and secure communication.

*   **`libwebkit2gtk-4.0`:** This library is crucial for the client's user interface.

    ```bash

    sudo apt update

    sudo apt install libwebkit2gtk-4.0-dev

    ```

    *   **Note for Ubuntu 24.04:** Ubuntu 24.04 ships with `libwebkit2gtk-4.1`, which may cause compatibility issues with Ivanti Secure Access Client versions expecting `libwebkit2gtk-4.0`. A workaround might involve installing `libwebkit2gtk-4.0` from an older repository (e.g., `jammy` 22.04). If the package is not found, you may need to edit `/etc/apt/sources.list` and add the line: `deb http://gb.archive.ubuntu.com/ubuntu jammy main`. Then, run `sudo apt update` again before attempting to install `libwebkit2gtk-4.0-dev`.

    NOTE: Remove line: `deb http://gb.archive.ubuntu.com/ubuntu jammy main` from `/etc/apt/sources.list` once you installed `libwebkit2gtk-4.0`.

 Ivanti is actively working on addressing this dependency in future releases.

*   **`libcurl4-openssl-dev`:** Required for secure communication.

    ```bash

    sudo apt install libcurl4-openssl-dev

    ```

Installing the Client

*   **Extract the Package:** If the downloaded package is a compressed archive (e.g., `.zip` or `.tar.gz`), extract its contents first.

    ```

    Follow any on-screen prompts.

*   **Manual Package Installation (if no installer script or preferred) using your system's package manager:**

    *   **For Debian/Ubuntu:**

        Open a terminal and run the `dpkg` command. Replace `<package_name>.deb` with the actual filename of your downloaded Debian package.

        ```bash

        sudo dpkg -i <package_name>.deb

        ```

    *   **For Fedora/RHEL/CentOS:**

        Open a terminal and run the `rpm` command. Replace `<package_name>.rpm` with the actual filename of your downloaded RPM package.

        ```bash

        sudo rpm -ivh <package_name>.rpm

        ```

Post-Installation Steps

After installation, follow these steps to configure and use the client

Launch the Client

You can launch the graphical user interface from the terminal:

```bash

/opt/pulsesecure/bin/pulseUI

```

Install Chromium Embedded Framework (CEF)

CEF is required for features like SAML authentication. The client may prompt you to install it automatically upon the first connection attempt.

Alternatively, you can install it manually using the provided utility script. This requires root privileges.

```bash

sudo /opt/pulsesecure/bin/setup_cef.sh install

```

Add a VPN Connection

You can add a VPN connection in two ways:

1.  **Manually via the UI:**

    *   Launch the client (`/opt/pulsesecure/bin/pulseUI`).

    *   Click the **+** button to add a new connection.

    *   Enter a **Name** for the connection and the **Server URL** provided by your administrator.

        - **Name**: uofm-vpn (This can be whatever you want)

        - **Server URL**: https://vpn.cc.umanitoba.ca

    *   Click **Add**.

Installing CA Certificates (Optional)

If your connection requires a custom Certificate Authority (CA) that is not trusted by your system, you must install it.

*   **For Debian/Ubuntu:**

    1.  Ensure `ca-certificates` package is installed: `sudo apt-get install ca-certificates`

    2.  Copy your CA certificate file (e.g., `device-ca.crt`) to `/usr/local/share/ca-certificates/`.

    3.  Update the system's CA store: `sudo update-ca-certificates`

*   **For Fedora/RHEL/CentOS:**

    1.  Ensure `ca-certificates` package is installed: `sudo yum install ca-certificates`

    2.  Copy your CA certificate file to `/etc/pki/ca-trust/source/anchors/`.

    3.  Update the system's CA store: `sudo update-ca-trust extract`

Your Ivanti Secure Access Client should now be installed and ready to connect.

Uninstallation

To remove the Ivanti Secure Access Client from your system:

*   **For Debian/Ubuntu:**

    ```bash

    sudo dpkg -r <package name>

    ```

*   **For Fedora/RHEL/CentOS:**

    ```bash

    sudo rpm -e <package name>

    ```

    *(You can find the exact package name by running `rpm -qa | grep -i pulse` or `dpkg -l | grep -i pulse`)*

Additional resources

Related pages 

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Previous Article VPN - Installation and configuration steps for Android
Next Article How to log in to the virtual private network (VPN) and bookmark your drives

Not finding what you're looking for? Contact the IST Service Desk

Monday - Friday: 8:00 a.m. to 8:00 p.m. CST.

Call: 204-474-8600 or use our new "Chat with us" bubble at the bottom right corner of the Information Services and Technology website

To report a critical system outage after hours or on weekends and holidays, call 204-474-8600 and press 2. 

 

This content is available in alternate formats upon request.

My connections

Wi-Fi 2
Virtual private network (VPN) 8
Remotely accessing files and folders 8
Print Article
Still Need Help? Contact us