[mdlug] Openconnect To Cisco VPN

Carl T. Miller carl at carltm.com
Sun Apr 19 19:38:06 EDT 2020


Thanks for sharing this.  So far I haven't been required
to use a Cisco VPN, but I'm keeping your notes in case.

c


On 4/19/20 5:04 PM, Peter Bart wrote:
> Hi All,
> 	By some stroke of magic/providence I was able to set up a VPN for a
> user to login into work and start and instance of VMWare Horizon. I
> wanted to share the steps I took in case it is helpful to someone. I
> started out with the Linux version of Cisco Anyconnect, but almost
> immediately I had problems because Anyconnect would fail to start
> complaining about being on a multi user system and then the VPN was
> upgraded and no longer had the image of my instance of Anyconnect and
> would not allow me to connect. I worked around the first by creating a
> user that automatically was logged in, then logging out of that and
> logging in to my user. I went back and forth with support; enduring the
> expected reboot everything and try again; until they did add a Linux
> image on the VPN, just not the one I had. So I went back to Openconnect,
> reread everything, and managed to sort it out. I have had no further
> issues logging in to the company VPN. No fake user needing to be logged
> in/out, and apparently no matching image of my Openconnect needing to be
> on the server?? FWIW and YMMV:
>
> running on openSUSE Leap 15 April 2020
>
> Packages downloaded via Yast:
> NetworkManager-openconnect
> NetworkManager-openconnect-gnome
> NetworkManager-vpnc
> NetworkManager-vpnc-gnome
> NetworkManager-vpnc-lang
> libnm-glib-vpn1
> openconnect
> openconnect-lang
> vpnc
>
>
> Probably not needed??
> kvpnc
> yast2-vpn
>
> Openconnect reference
> <https://www.infradead.org/openconnect/index.html>
>
> Substitute your user for myuser in the following:
>
> get csd-post.sh from
> <https://gitlab.com/openconnect/openconnect/-/blob/master/trojans/csd-post.sh>;
> csd-post is preferable to csd-wrapper; create as /home/myuser/csd-post.sh.
>
> Terminal command to make executable in /home/myuser:
> chmod a+x csd-post.sh
>
> Terminal command used to succesfully connect:
> sudo openconnect --csd-user=myuser
> --csd-wrapper=/home/myuser/csd-post.sh https://yourvpnaddress
>
> Configure VPN from >Settings>Network and click + by VPN heading.
>
> Details tab, uncheck "Make available to other users" to prevent Gnome
> from requesting admin password when connecting.
>
> Identity tab, name whatever has no bearing, VPN protocol set to Cisco
> Anyconnect, Gateway: yourvpnaddress, check Allow Cisco Secure Desktop
> trojan, specify CSD wrapper script (from above)
> /home/myuser/csd-post.sh, leave all others at default.
>
> IPv4 and IPv6 tabs leave default
>
> Now you can click system tray>VPN Off>Connect
>
> Check "Automatically start connecting" and "Save passwords", fill in
> username and password then click login
> _______________________________________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/listinfo/mdlug



More information about the mdlug mailing list