[mdlug] Openconnect To Cisco VPN
Peter Bart
peterbart.ch at gmail.com
Sun Apr 19 17:04:18 EDT 2020
Hi All,
By some stroke of magic/providence I was able to set up a VPN for a
user to login into work and start and instance of VMWare Horizon. I
wanted to share the steps I took in case it is helpful to someone. I
started out with the Linux version of Cisco Anyconnect, but almost
immediately I had problems because Anyconnect would fail to start
complaining about being on a multi user system and then the VPN was
upgraded and no longer had the image of my instance of Anyconnect and
would not allow me to connect. I worked around the first by creating a
user that automatically was logged in, then logging out of that and
logging in to my user. I went back and forth with support; enduring the
expected reboot everything and try again; until they did add a Linux
image on the VPN, just not the one I had. So I went back to Openconnect,
reread everything, and managed to sort it out. I have had no further
issues logging in to the company VPN. No fake user needing to be logged
in/out, and apparently no matching image of my Openconnect needing to be
on the server?? FWIW and YMMV:
running on openSUSE Leap 15 April 2020
Packages downloaded via Yast:
NetworkManager-openconnect
NetworkManager-openconnect-gnome
NetworkManager-vpnc
NetworkManager-vpnc-gnome
NetworkManager-vpnc-lang
libnm-glib-vpn1
openconnect
openconnect-lang
vpnc
Probably not needed??
kvpnc
yast2-vpn
Openconnect reference
<https://www.infradead.org/openconnect/index.html>
Substitute your user for myuser in the following:
get csd-post.sh from
<https://gitlab.com/openconnect/openconnect/-/blob/master/trojans/csd-post.sh>;
csd-post is preferable to csd-wrapper; create as /home/myuser/csd-post.sh.
Terminal command to make executable in /home/myuser:
chmod a+x csd-post.sh
Terminal command used to succesfully connect:
sudo openconnect --csd-user=myuser
--csd-wrapper=/home/myuser/csd-post.sh https://yourvpnaddress
Configure VPN from >Settings>Network and click + by VPN heading.
Details tab, uncheck "Make available to other users" to prevent Gnome
from requesting admin password when connecting.
Identity tab, name whatever has no bearing, VPN protocol set to Cisco
Anyconnect, Gateway: yourvpnaddress, check Allow Cisco Secure Desktop
trojan, specify CSD wrapper script (from above)
/home/myuser/csd-post.sh, leave all others at default.
IPv4 and IPv6 tabs leave default
Now you can click system tray>VPN Off>Connect
Check "Automatically start connecting" and "Save passwords", fill in
username and password then click login
More information about the mdlug
mailing list