Vpn to etat.lu with Luxtrust card under Linux (tested with Ubuntu 16.04)


To realise the vpn connection, the CTIE delivers the Cisco vpn client which runs with Java.

Unfortunately, Linux is said to not be supported, but it just works!


A good idea is to run the connection on another account on the Linux machine as your browser must   be running with root privileges!


Here we go:


  2. 1.Create another account who is in the sudoers group. 

  3. 2.Change to this account and install xterm. 

  4. 3.Install pcscd. This is the deamon for accessing the smartcard.  

  5. 4.You will need libssl0.9.8 and libssl1.0.0. If your distribution provides no libssl0.9.8, go to http://loes.org.lu/files/libssl0.9.8_0.9.8o-7ubuntu3. and install it. 

  6. 5.Now, go to https://www.luxtrust.lu/fr/simple/189 and install the middleware corresponding to your architecture (32bit or 64bit).  

  7. 6.When everything is ok (when you get no error message), you have successfully installed ly your reader. When your architecture is 32 bit, then you already connect to your webbanking using your LuxTrust smartcard.. 

  8. 7.Your browser must know, where to find the necessary certificate, you must tell firefox, where to find the reader with your smartcard: Go to: Edit→Preferences→Advanced→Security Devices→NSS Internal PKCS#11 Module->Load. 

  9. 8.A new window opens and proposed the name for your device. The proposed name is OK→Module Filename: /usr/lib/pkcs11/libgclib.so→OK. 

  10. 9.The new device (Under New pkcs11 Module-: Gemalto PC  Twin Reader 00:00) appears and its status is showed. With the Luxtrust card inside, Status is changed from: Not Present to Not Logged In. 

  11. 10.Restart your browser with root privileges (Close current session, open a terminal and type: sudo firefox). 

  12. 11.Go To: vpn.etat.lu and follow the instructions. 

  13. 12.If the installation of te anyconnect client fails, you must install it manually. Download the proposed script setup.sh and start it with root privileges: Open a terminal and cd to the directory where you downloaded it (~/Downloads) and type: sudo bash setup.sh. 

  14. 13.Once the vpnsetup finished, several windows opened to ask privileges. Accept these and an icon appears in your system tray as the window says. 

  15. 14.Enjoy your connection!