Setup Procedure of HKUVPN with 2-Factor Authentication (2FA) for Linux Using OpenConnect

1. Prerequisite

2-factor authentication (2FA) is required for accessing the HKUVPN service.
Please uninstall any earlier version of OpenConnect VPN client before you start the following installation.

2. Configuration Procedures (to be done once only)

Note: The following steps are prepared based on Ubuntu 15.10.

Download and install OpenConnect (VPN client) with the following command-

sudo apt-get install network-manager-openconnect-gnome
Press “y” and “Enter” to kick off the installation when you see the following message.

After this operation, 4,691 kb of additional disk space will be used. Do you want to continue? [Y/n]
Under System Settings, select Network

Click + button. Then select VPN from the list and click Create.

Select Cisco AnyConnect Compatible VPN (openconnect) and click Create.

Perform the following-
- Enter “VPN2FA” in Connection Name field;
- Enter “vpn2fa.hku.hk” in Gateway field;
- Click Save button.

3. Connection Procedures

Click Network Manager icon in the notification area.

Select VPN Connections and click VPN2FA.

Enter your HKU Portal UID and PIN in the Username and Password fields respectively and click Login.

(i) Applicable to staff/students who choose EMAIL TOKENYou will receive an email containing the 6-digit email token to your registered alternate email address. The token is valid for 5 minutes after its sent out time.

(ii) Applicable to staff who choose APP TOKEN

Please retrieve the app token from your mobile device. The token is valid for 1 minute after it is obtained.

Note: For installation of the mobile app, please refer to here.

On Android devices-	On iOS devices-
Open FortiToken Mobile.	Open FortiToken.
Enter your PIN of 4 digits to unlock the app.	Enter your PIN of 4 digits to unlock the app.
App token will be retrieved.	App token will be retrieved.