Setup Procedure of HKUVPN with 2-Factor Authentication (2FA) for Linux Using OpenConnect

1. Prerequisite

  1. 2-factor authentication (2FA) is required for accessing the HKUVPN service.
  2. Please uninstall any earlier version of OpenConnect VPN client before you start the following installation.

2. Configuration Procedures (to be done once only)

 Note: The following steps are prepared based on Ubuntu 15.10.
  1. Download and install OpenConnect (VPN client) with the following command-
    sudo apt-get install network-manager-openconnect-gnome
  2. Press “y” and “Enter” to kick off the installation when you see the following message.
    After this operation, 4,691 kb of additional disk space will be used. Do you want to continue? [Y/n]
  3. Under System Settings, select Network
  4. linux_2fa_06
  5. Click button. Then select VPN from the list and click Create.
  6. linux_2fa_07
  7. Select Cisco AnyConnect Compatible VPN (openconnect) and click Create.
  8. linux_2fa_08
  9. Perform the following-
    • Enter “VPN2FA” in Connection Name field;
    • Enter “” in Gateway field;
    • Click Save button.
  10. linux_2fa_09

3. Connection Procedures

  1. Click linux_2fa_10 Network Manager icon in the notification area.
  2. linux_2fa_11
  3. Select VPN Connections and click VPN2FA.
  4. linux_2fa_12
  5. Enter your HKU Portal UID and PIN in the Username and Password fields respectively and click Login.
  6. Linux_2fa_13
  7. (i) Applicable to staff/students who choose EMAIL TOKENYou will receive an email containing the 6-digit email token to your registered alternate email address. The token is valid for 5 minutes after its sent out time.


    (ii) Applicable to staff who choose APP TOKEN

    Please retrieve the app token from your mobile device. The token is valid for 1 minute after it is obtained.

    Note: For installation of the mobile app, please refer to here.

    On Android devices- On iOS devices-
      • Open FortiToken Mobile.
    FortiToken Mobile
      • Open FortiToken.
      • Enter your PIN of 4 digits to unlock the app.
      • Enter your PIN of 4 digits to unlock the app.
    2fa_token code_02
      • App token will be retrieved.
      • App token will be retrieved.
  8. Enter the 6-digit One Time Password in the Response box and click Login.
  9. linux_2fa_12
  10. When the VPN is connected, system message VPN Connection has been successfully established will be shown in the notification area.
  11. linux_2fa_14
  12. To disconnect from HKUVPN server, click Network Manager icon in the notification area. Then select VPN Connections and click Disconnect VPN.
  13. linux_2fa_14