====== Cisco AnyConnect Install on Linux ======
Steps to install
  - Download ''anyconnect-linux64-4.7.04056-predeploy-k9.tar.gz''
  - Verify sha512sum
  - Unzip and install
  - Download CA certificates
  - Convert CA certificates from .crt to .der to .pem
  - Place .pem certificates in ''/opt/.cisco/certificates/ca/'' directory
  - Make pem files read-only
  - Run vpn on vpnui (''/opt/cisco/anyconnect/bin/vpn'' OR ''/opt/cisco/anyconnect/bin/vpnui'' if you have X11)
  - Additional run options
    - To run/connect: ''vpn -s connect https://vpn.example.org/vpn-profile01''
    - To disconnect: ''vpn -s disconnect''
    - To check status:  ''vpn -s state''

To convert .crt to .pem (Repeat for each crt file)
<code bash>
CRTFILE=vendor-ca.crt
filename=$(basename -- "$CRTFILE")
filename="${filename%.*}"
DERFILE=${filename}.der
PEMFILE=${filename}.pem
openssl x509 -in $CRTFILE -out $DERFILE -outform DER
openssl x509 -in $DERFILE -inform DER -out $PEMFILE -outform PEM
rm $DERFILE
cp $PEMFILE /opt/.cisco/certificates/ca/
chmod 444 /opt/.cisco/certificates/ca/$PEMFILE
</code>

Install steps
<code bash>
tar zxvf anyconnect-linux64-4.7.04056-predeploy-k9.tar.gz
cd anyconnect-linux64-4.7.04056/vpn
./vpn_install.sh
systemctl daemon-reload
ps auxw | grep vpnagentd | grep -v grep
systemctl status vpnagentd.service
alias vpn='/opt/cisco/anyconnect/bin/vpn'
alias vpnui='/opt/cisco/anyconnect/bin/vpnui'
</code>

Other considerations
  * Profile is downloaded at: /opt/cisco/anyconnect/profile/
  * Run ''route -n'' to check routes when VPN is running
  * Add alias to bashrc