OpenConnect

From XennisWiki
Jump to: navigation, search

OpenConnect is an open-source software application for connecting to virtual private networks (VPN), which implement secure point-to-point connections. It was originally written as an open source replacement for Cisco's proprietary AnyConnect SSL VPN client, which is supported by several Cisco routers. As of 2013, the OpenConnect project also offers an AnyConnect-compatible server, and thus offers a full client-server VPN solution. More recently,the OpenConnect client has added support for Juniper Networks' SSL VPN as well. (Wikipedia)

Install

Debian using APT

sudo apt-get install openconnect

Debian build newest version

Further information: Building OpenConnect 7 on Ubuntu 14 (trusty) and 15 (vivid)

Install dependencies (libgnutls28-dev is for GnuTLS only (maybe also gnutls-bin))

sudo apt-get install curl vpnc-scripts build-essential libssl-dev libxml2-dev liblz4-dev gettext libglib2.0-dev libgnutls28-dev

Download and unpack version 7.09

curl -O ftp://ftp.infradead.org/pub/openconnect/openconnect-7.06.tar.gz
tar xzf openconnect-7.06.tar.gz
cd openconnect-7.06

When you configure OpenConnect, you have two options: 1. Run OpenConnect with GnuTLS or 2. run it with OpenSSL. For the second option add --without-gnutls to the first line

./configure --with-vpnc-script=/usr/share/vpnc-scripts/vpnc-script
make
sudo make install
sudo ldconfig /usr/local/lib

Finally you find OpenConnect in /usr/local/sbin/openconnect

Basics

Get the version

Exemplary output when using GnuTLS

$ openconnect -V
OpenConnect version v7.06
Using GnuTLS. Features present: PKCS#11, HOTP software token, TOTP software token, DTLS

Exemplary output when using OpenSSL

$ openconnect -V
OpenConnect version v7.06
Using OpenSSL. Features present: TPM (OpenSSL ENGINE not present),
HOTP software token, TOTP software token, DTLS

Connect to Juniper VPN

sudo openconnect <vpn-url> --juniper [-u <username>]

Provide user and password

Use the options --passwd-on-stdin and -u

echo '<password>' | sudo openconnect <vpn-url> -u <username> --passwd-on-stdin

Errors and problems

error: msgfmt could not be found

Error message
checking for msgfmt... no
configure: error: msgfmt could not be found. Try configuring with --disable-nls
Solution
sudo apt-get install gettext

pkg-config script could not be found

Error message
checking for LIBXML2... no
configure: error: The pkg-config script could not be found or is too old.  Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config
Solution
sudo apt-get install libglib2.0-dev

See also

External links