1. Prerequisite
- 2-factor authentication (2FA) is required for accessing the HKUVPN service.
- Please uninstall any earlier version of Cisco Anyconnect VPN or Cisco Secure Client from your PC before you start the following installation.
2. Configuration Procedures (to be done once only)
The following steps are illustrated using Ubuntu 23.04.
- Download the VPN client for Linux from here.
- Obtain superuser rights to run the installation script. For example-
- Unzip the VPN client with the following command-
- The files extracted will be saved in a directory with a name that begins with “cisco-secure-client-linux64-“ under the current directory.
- Go to the VPN client directory named “cisco-secure-client-linux64-*/vpn/” and enter the following command:
- You will be prompted to accept the license agreement as shown below-
- Press “y”and “Enter” key to accept the license agreement.
- After installation is completed, you will see-
| sudo bash |
| tar zxvf cisco-secure-client-linux64-*.tar.gz |
| ./vpn_install.sh |
| Do you accept the terms in the license agreement? [y/n] |
| Starting Cisco Secure Client Agent… Done! |
3. Connection Procedures
3.1 By command line
- Start the VPN client by following command-
- Enter your HKU Portal UID and PIN when you see the username and password command line.
- (i) Applicable to staff/students who choose EMAIL TOKENYou will receive an email containing the 6-digit email token to your registered alternate email address. The token is valid for 5 minutes after its sent out time.
- Open FortiToken Mobile
- Open FortiToken.
- Enter your PIN of 4 digits to unlock the app.
- Enter your PIN of 4 digits to unlock the app.
- App token will be retrieved.
- App token will be retrieved.
- Enter the 6-digit One Time Password in the Answer command line and press Enter.
>> Authentication Message >> Please enter your token code: Answer: <6-digit One Time Password> - When connected, you will see-
>> notice: Establishing VPN… >> state: Connected - To disconnect from VPN connection, type the following command-
/opt/cisco/anyconnect/bin/vpn disconnect
| /opt/cisco/secureclient/bin/vpn connect vpn2fa.hku.hk |
| Username: Password: |
(ii) Applicable to staff who choose APP TOKEN
Please retrieve the app token from your mobile device. The token is valid for 1 minute after it is obtained.
Note: For installation of the mobile app, please refer to here.
| On Android devices- | On iOS devices- |
 |
 |
 |
 |
 |
 |
3.2 By GUI client
- Start the VPN client by the following command-
/opt/cisco/anyconnect/bin/vpnui - Type “vpn2fa.hku.hk” in the Connect to field and click Connect.
- Enter your HKU Portal UID and PIN in the Username and Password fields respectively and click Connect.
- (i) For students and staff who choose to use email token. You will receive an email containing the 6-digit email token to your registered alternate email address. The token is valid for 5 minutes after its sent out time.
(ii) For staff who choose to use app token, please retrieve the app token from your mobile device. The token is valid for 1 minute after it is obtained. Note: For installation of the mobile app, please refer to here
On Android devices- On iOS devices- - Open FortiToken Mobile.
- Open FortiToken.
- Enter your PIN of 4 digits to unlock the app.
- Enter your PIN of 4 digits to unlock the app.
- App token will be retrieved.
- App token will be retrieved.
- Enter the 6-digit One Time Password in the Answer box and click Continue.
- To disconnect from HKUVPN server, click Disconnect.
