Cisco AnyConnect VPN with openvpn & openconnect

cool_penguin_smallI was looking for an alternative to Cisco AnyConnect VPN client for my Ubuntu box. The official client is a JAVA one and I am not interested in installing JAVA on my lean Ubuntu installation. I chose the openvpn plus openconnect combination.

I have the official client installed on a Windows 7 box and I had to find out the configuration I need to connect to the service on Ubuntu. After spending some time I could successfully connect to the VPN service. Here’s how.

  1. You need to get the connection details from the AnyConnect XSD profile file and the VPN specific XML file. Location of the files:
    Windows: %ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
    Mac and Linux: /opt/cisco/anyconnect/profile [in case you want to nuke JAVA]
  2. Open the XML file and look for the tag HostAddress. This is the address of your VPN server. Note that it can also be HostName for you. There might be multiple tags. You need to pick the right one. Let’s say it is
  3. You might need the VPN group as well. In my case I don’t need this. In case you need, search for the keyword “group” in the XML (and probably XSD) to get the required group information.
  4. Install openvpn and openconnect on Ubuntu
    $ sudo apt-get install openvpn openconnect
  5. You are good to connect to your VPN now. Note that using a openconnect script is not mandatory and I am not using any. Issue the following commands:
    $ sudo openvpn --mktun --dev tun1
    $ sudo ifconfig tun1 up
    $ sudo openconnect [--authgroup=mygroup] --interface=tun1
    //server address from Step 2
    //group name from Step 3 if required
  6. You need to provide your username and password for the connection to establish.
  7. Once done with the VPN connection, bring down the interface
    $ sudo ifconfig tun1 down
    $ sudo openvpn --rmtun --dev tun1

7 thoughts on “Cisco AnyConnect VPN with openvpn & openconnect”

  1. What was the point of the openvpn tunnel? Can’t you just use openconnect as an anyconnect replacement without openvpn? My networking knowledge is shaky so thank you.

Leave a Reply

Your email address will not be published. Required fields are marked *