1. Prerequisite
- 2-factor authentication (2FA) is required for accessing the HKUVPN service.
- Please uninstall any earlier version of Cisco Anyconnect VPN client from your PC before you start the following installation.
2. Configuration Procedures (to be done once only)
Note: The following steps are prepared based on Ubuntu 14.04.3 LTS.
- Download the VPN client for Linux from here.
- Obtain superuser rights to run the installation script. For example-
sudo bash - Unzip the VPN client with the following command-
tar zxvf anyconnect–k9.tar.gz The files extracted will be saved to a directory named anyconnect- under the current directory.
- Go to VPN client directory and type the following command-
./vpn_install.sh - You will be prompted to accept the license agreement as shown below-
Do you accept the terms in the license agreement? [y/n] Press “y” and “Enter” key to accept the license agreement.
- After installation is completed, you will see-
Starting Cisco AnyConnect Secure Mobility Client Agent…
Done!
- Install the root CA certificates to complete the setup.
cp /etc/ssl/certs/* /opt/.cisco/certificates/ca/
3. Connection Procedures
3.1 By command line
- Start the VPN client by following command-
/opt/cisco/anyconnect/bin/vpn connect vpn2fa.hku.hk - Enter your HKU Portal UID and PIN when you see the username and password command line.
Username: Password: - (i) Applicable to staff/students who choose EMAIL TOKENYou will receive an email containing the 6-digit email token to your registered alternate email address. The token is valid for 5 minutes after its sent out time.
- Open FortiToken Mobile
- Open FortiToken.
- Enter your PIN of 4 digits to unlock the app.
- Enter your PIN of 4 digits to unlock the app.
- App token will be retrieved.
- App token will be retrieved.
- Enter the 6-digit One Time Password in the Answer command line and press Enter.
>> Authentication Message >> Please enter your token code: Answer: <6-digit One Time Password> - When connected, you will see-
>> notice: Establishing VPN… >> state: Connected >> notice: Connected to vpn2fa.hku.hk - To disconnect from VPN connection, type the following command-
/opt/cisco/anyconnect/bin/vpn disconnect

(ii) Applicable to staff who choose APP TOKEN
Please retrieve the app token from your mobile device. The token is valid for 1 minute after it is obtained.
Note: For installation of the mobile app, please refer to here.
On Android devices- | On iOS devices- |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
3.2 By GUI client
- Start the VPN client by the following command-
/opt/cisco/anyconnect/bin/vpnui - Type “vpn2fa.hku.hk” in the Connect to field and click Connect.
- Enter your HKU Portal UID and PIN in the Username and Password fields respectively and click Connect.
- (i) For students and staff who choose to use email token. You will receive an email containing the 6-digit email token to your registered alternate email address. The token is valid for 5 minutes after its sent out time.
(ii) For staff who choose to use app token, please retrieve the app token from your mobile device. The token is valid for 1 minute after it is obtained. Note: For installation of the mobile app, please refer to here
On Android devices- On iOS devices- - Open FortiToken Mobile.
- Open FortiToken.
- Enter your PIN of 4 digits to unlock the app.
- Enter your PIN of 4 digits to unlock the app.
- App token will be retrieved.
- App token will be retrieved.
- Enter the 6-digit One Time Password in the Answer box and click Continue.
- To disconnect from HKUVPN server, click Disconnect.



