OpenConnect, an Excellent Alternative to Cisco AnyConnect for Unix Clients

I recently ran into trouble connecting to a Cisco AnyConnect SSL VPN gateway, which requires the Cisco AnyConnect client software, from my Linux workstation. Cisco does make a Linux AnyConnect client and seems to keep it fairly current but it suddenly stopped working for me (updates were performed on both the VPN and client machines within a couple of weeks of each other, so maybe the issues had something to do with that).

Eventually, I stumbled across OpenConnect, which is an open source client made for Unix systems (It has been tested on Linux, OpenBSD, FreeBSD, and Mac OSX). Installing OpenConnect was straightforward and once on my workstation, I was able to connect to the Cisco VPN again without issue.

By the way, if you are looking to connect to a Cisco IPsec VPN, you probably need to use vpnc instead of AnyConnect or OpenConnect. There are a few different GUI front-ends for vpnc such as KVpnc and the NetworkManager vpnc plug-in.

If you are a user of a recent Fedora release, you’re in luck — OpenConnect and its accompanying NetworkManager plug-in are available in the yum repositories so you can easily install them that way. Similarly, there is an OpenConnect package in the Debian unstable repository (though the plug-in is not available there).

To get OpenConnect going on your workstation from source code, read on.

First, ensure you have the prerequisites, libxml2 (Development files for the GNOME XML library) and OpenSSL.

I had to install libxml2 for my system. Since I am running Ubuntu on my PC, this was easily done via “sudo apt-get update” followed by “sudo apt-get install libxml2-dev.” I suspect this library is also in the yum repositories for popular RPM distributions — if not, try one of the RPM sites such as RPM Find or DAG.

Download the OpenConnect source from it’s web site.

Unpack the tarball as in tar -xvzf openconnect-*.tar.gz.

Run make (type “make” without the quotes at the command line).

Run make install. (I actually use checkinstall instead, myself,  so I can easily remove the application, if necessary).

Connecting to the VPN

Once installed, you can connect to the VPN by typing openconnect yourvpn.yourhost.com.

You will then be prompted separately for a user name, password, and group.  You should be connected after filling each of those in.

Press ctrl-c to terminate OpenConnect and disconnect from the VPN.

I wrote a simple script for myself, shown below, to make connecting a bit easier.

#!/bin/bash

sudo openconnect -u mike –authgroup=’TunnelAllTraffic(Advanced)’ vpn.mikestestnetwork.com

I didn’t bother with the NetworkManager plug-in since it had a bunch of dependencies and using this script at the command line works pretty well for me but remember the plug-in is a nice option to connect to your VPN in a few clicks.

There are many options and features for OpenConnect listed at the project page. Huge thanks to the OpenConnect developers for creating a vital application that works great!

Leave a Reply