Text only | Text with Images

Networking-Forums.com

Professional Discussions => Security => Topic started by: Dieselboy on September 09, 2019, 09:23:44 PM

Title: Connecting to Anyconnect SSL VPN from Linux
Post by: Dieselboy on September 09, 2019, 09:23:44 PM
Recently developed a Linux workstation build to replace Windows laptops for developers. One of the requirements is ability to connect to the SSL VPN we have for working remotely. My first choice was the Cisco Anyconnect installer for the Anyconnect client. Then I noticed that Anyconnect SSL is supported in Linux without the official Cisco software and with open sauce software ;) .

Tested on both Ubuntu 18 and CentOS 7, I used
Code Select
openconnect
Code Select

sudo yum install openconnect -y
Code Select
sudo apt install openconnect -y

Then to connect:
Code Select
sudo openconnect your.vpn.url/portal

And then follow the prompts.

Or you can use the gui network VPN settings menu. However, the CentOS 7 build has a bug and is missing a library file. To fix this, install
Code Select
NetworkManager-openconnect-gnome which includes the missing lib.
Title: Re: Connecting to Anyconnect SSL VPN from Linux
Post by: deanwebb on September 10, 2019, 11:10:19 AM
Wow, that's easy-peasy! Since it's an SSL VPN, you take whatever parameters come from the server.

Is there a way to set up an IPSEC VPN as easily on Linux?
Title: Re: Connecting to Anyconnect SSL VPN from Linux
Post by: Dieselboy on September 11, 2019, 09:46:06 PM
Yes - use the gui :) In the network settings area there is a specific VPN option, go in there and add the gubbins like group name, password etc.

One other benefit of using `openconnect` is that it will be updated when running a system update, unlike Anyconnect which will require you to manually download and run the installer, which is not usually accessible to the end-user.
Title: Re: Connecting to Anyconnect SSL VPN from Linux
Post by: deanwebb on September 12, 2019, 03:25:53 PM
Does openconnect also work on MacOS stuff?
Title: Re: Connecting to Anyconnect SSL VPN from Linux
Post by: Dieselboy on September 12, 2019, 09:37:00 PM
Good point, although Mac is supported, sort of.. I say sort of because our last upgrade resulted in the anyconnect client on the mac being unable to uninstall itself (so it could install the newer version) and leaving the end user stuck. They had to manually run the .sh script from /opt/cisco/something/something/yes/it/was/long

Quick look online found me a how-to guide for a university for mac and openconnect, so does look like it will work. It installs using homebrew on mac, which I have only heard about from colleagues but never used it.
http://kb.mit.edu/confluence/pages/viewpage.action?pageId=152588205
Title: Re: Connecting to Anyconnect SSL VPN from Linux
Post by: deanwebb on September 13, 2019, 01:44:11 PM
That is helpful and handy to know! Good stuff, DB!
Title: Re: Connecting to Anyconnect SSL VPN from Linux
Post by: Dieselboy on September 26, 2019, 12:28:57 AM
Following on from the OP I have 2 updates:

1. I tested openconnect on mac. It was installed through http://brew.sh. Couldnt install any gui, it said not found. But the openconnect CLI works fine. To disconnect you `ctrl+c` the CLI window.

2. Second - there is an openconnect server. I think this should mimick the ASA SSL VPN or iOS SSL VPN server http://ocserv.gitlab.io/www/index.html

I havent tried it yet.
Text only | Text with Images