You are here

Setup Procedure of HKUVPN with 2-Factor Authentication (2FA) for Linux Using OpenConnect

1. Prerequisite
2. Configuration Procedures
3. Connection Procedures

1. Prerequisite

  1. 2-factor authentication (2FA) is required for accessing the HKUVPN service.
  2. Please uninstall any earlier version of OpenConnect VPN client before you start the following installation.

2. Configuration Procedures (to be done once only)

     Note: The following steps are prepared based on Ubuntu 15.10.

  1. Download and install OpenConnect (VPN client) with the following command-

    sudo apt-get install network-manager-openconnect-gnome

  2. Press "y" and "Enter" to kick off the installation when you see the following message.

    After this operation, 4,691 kb of additional disk space will be used.

    Do you want to continue? [Y/n]

  3. Under System Settings, select Network.


  4. Click button. Then select VPN from the list and click Create.

    Create VPN

  5. Select Cisco AnyConnect Compatible VPN (openconnect) and click Create.

    Select Cisco AnyConnect Compatible VPN (openconnect)

  6. Perform the following-
    • Enter "VPN2FA" in Connection Name field;
    • Enter "" in Gateway field;
    • Click Save button.

    Enter VPN2FA", "".

3. Connection Procedures

  1. Click Network Manager icon Network Manager icon in the notification area.

    Network Manager icon

  2. Select VPN Connections and click VPN2FA.


  3. Enter your HKU Portal UID and PIN in the Username and Password fields respectively and click Login.

    HKU Portal UID and PIN

  4. (i) Applicable to staff/students who choose EMAIL TOKEN

    You will receive an email containing the 6-digit email token to your registered alternate email address. The token is valid for 5 minutes after its sent out time.

    email token

    (ii) Applicable to staff who choose APP TOKEN

    Please retrieve the app token from your mobile device. The token is valid for 1 minute after it is obtained.

    Note: For installation of the mobile app, please refer to

    On Android devices- On iOS devices-
    • Open FortiToken Mobile.

      FortiToken Mobile

    • Open FortiToken.


    • Enter your PIN of 4 digits to unlock the app.

      enter pin

    • Enter your PIN of 4 digits to unlock the app.

      enter pin

    • App token will be retrieved.

      app token

    • App token will be retrieved.

      app token

  5. Enter the 6-digit One Time Password in the Response box and click Login.

    6-digit One Time Password

  6. When the VPN is connected, system message VPN Connection has been successfully established will be shown in the notification area.

    VPN connected

  7. To disconnect from HKUVPN server, click Network Manager icon in the notification area. Then select VPN Connections and click Disconnect VPN.

    Disconnect HKUVPN