Connecting to Anyconnect SSL VPN from Linux

Dieselboy · September 09, 2019, 09:23:44 PM

Recently developed a Linux workstation build to replace Windows laptops for developers. One of the requirements is ability to connect to the SSL VPN we have for working remotely. My first choice was the Cisco Anyconnect installer for the Anyconnect client. Then I noticed that Anyconnect SSL is supported in Linux without the official Cisco software and with open sauce software

.

Tested on both Ubuntu 18 and CentOS 7, I used

Code Select

openconnect

Code Select


sudo yum install openconnect -y

Code Select

sudo apt install openconnect -y

Then to connect:

Code Select

sudo openconnect your.vpn.url/portal

And then follow the prompts.

Or you can use the gui network VPN settings menu. However, the CentOS 7 build has a bug and is missing a library file. To fix this, install

Code Select

NetworkManager-openconnect-gnome which includes the missing lib.

deanwebb · September 10, 2019, 11:10:19 AM

Wow, that's easy-peasy! Since it's an SSL VPN, you take whatever parameters come from the server.

Is there a way to set up an IPSEC VPN as easily on Linux?

Dieselboy · September 11, 2019, 09:46:06 PM

Yes - use the gui

In the network settings area there is a specific VPN option, go in there and add the gubbins like group name, password etc.

One other benefit of using `openconnect` is that it will be updated when running a system update, unlike Anyconnect which will require you to manually download and run the installer, which is not usually accessible to the end-user.

deanwebb · September 12, 2019, 03:25:53 PM

Does openconnect also work on MacOS stuff?

Dieselboy · September 12, 2019, 09:37:00 PM

Good point, although Mac is supported, sort of.. I say sort of because our last upgrade resulted in the anyconnect client on the mac being unable to uninstall itself (so it could install the newer version) and leaving the end user stuck. They had to manually run the .sh script from /opt/cisco/something/something/yes/it/was/long

Quick look online found me a how-to guide for a university for mac and openconnect, so does look like it will work. It installs using homebrew on mac, which I have only heard about from colleagues but never used it.
http://kb.mit.edu/confluence/pages/viewpage.action?pageId=152588205

deanwebb · September 13, 2019, 01:44:11 PM

That is helpful and handy to know! Good stuff, DB!

Dieselboy · September 26, 2019, 12:28:57 AM

Following on from the OP I have 2 updates:

1. I tested openconnect on mac. It was installed through http://brew.sh. Couldnt install any gui, it said not found. But the openconnect CLI works fine. To disconnect you `ctrl+c` the CLI window.

2. Second - there is an openconnect server. I think this should mimick the ASA SSL VPN or iOS SSL VPN server http://ocserv.gitlab.io/www/index.html

I havent tried it yet.

Connecting to Anyconnect SSL VPN from Linux

Dieselboy

deanwebb

Dieselboy

deanwebb

Dieselboy

deanwebb

Dieselboy