Skip to main content

Cornell University

Connect Linux to CU VPN

Connect to Cornell's VPN using Cisco Secure Client software.

This article applies to: CU VPN

On This Page

To use Cornell's Virtual Private Network (VPN) with campus networks and services, you must use Cisco Secure Client VPN software. See the How to Install Cisco VPN Software page for instructions.

Two-Step Login is required for all users to authenticate to the CU VPN and all departmental VPNS. Using Two-Step Login allows you to better protect both your personal information and the university's services and data under your custodianship.

Connect to CU VPN with Two-Step Login

Duo Security provides documentation on how to log in to the Cisco Secure Client used with Cornell's VPN service. For more information, see Logging in with Cisco Client.

  1. At the command line (in a Terminal window), enter: /opt/cisco/anyconnect/bin/vpnui &
    launch via Applications - Internet - Cisco Secure Mobility Client.
  2. In the Cisco Secure Client window be sure that is selected in the Connect To box, then click Connect.
    Linux CUVPN window with correct vpn address selected and "connect" button circled.
  3. In the Cisco Secure Client window:
    • In the Group box, select Two-Step_Login. This will be required for all VPNs as of July 15, 2021, but you can use it any time.
    • In the User Name box, enter your Cornell NetID or GuestID.
      Note: If you are connecting to a departmental VPN, enter your NetID and the name of the departmental group, for example, pqs665@departmental_group_name.
    • In the Password box, enter your NetID password.
    • In the Second Password or DUO Passcode (push/SMS/phone) box, type one of the following options to complete Two-Step Login:
      • push to send a login request to your smartphone or another mobile device
      • phone to call you on your mobile phone or landline
      • SMS to receive a new set of passcodes. (You'll need to log in again.)
      • a passcode from a hardware token 

        NOTE: First-time users will see a Second Password box while returning users will see a DUO Passcode (push/SMS/phone) box.
        Cisco Secure Client login window with appropriately filled in fields.
    • Click Connect.
    • If you entered push or phone, complete the Two-Step Login process.
      You're now connected to CU VPN.
If you don't have access to the default device you use for Two-Step Login, you can use an alternate device. In Step 3 above, enter the method you use to complete Two-Step Login followed by a number, for example push2 or phone2. To see the devices you have set up and the numbers to use for each, go to Your Two-Step Login Devices and use the number in the Device Number column.   Manage Devices screen with Device Number column highlighted  


To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.