Trace: cisco_anyconnect

Cisco AnyConnect Install on Linux

Steps to install

  1. Download anyconnect-linux64-4.7.04056-predeploy-k9.tar.gz
  2. Verify sha512sum
  3. Unzip and install
  4. Download CA certificates
  5. Convert CA certificates from .crt to .der to .pem
  6. Place .pem certificates in /opt/.cisco/certificates/ca/ directory
  7. Make pem files read-only
  8. Run vpn on vpnui (/opt/cisco/anyconnect/bin/vpn OR /opt/cisco/anyconnect/bin/vpnui if you have X11)
  9. Additional run options
    1. To run/connect: vpn -s connect https://vpn.example.org/vpn-profile01
    2. To disconnect: vpn -s disconnect
    3. To check status: vpn -s state

To convert .crt to .pem (Repeat for each crt file) 

CRTFILE=vendor-ca.crt
filename=$(basename -- "$CRTFILE")
filename="${filename%.*}"
DERFILE=${filename}.der
PEMFILE=${filename}.pem
openssl x509 -in $CRTFILE -out $DERFILE -outform DER
openssl x509 -in $DERFILE -inform DER -out $PEMFILE -outform PEM
rm $DERFILE
cp $PEMFILE /opt/.cisco/certificates/ca/
chmod 444 /opt/.cisco/certificates/ca/$PEMFILE

Install steps 

tar zxvf anyconnect-linux64-4.7.04056-predeploy-k9.tar.gz
cd anyconnect-linux64-4.7.04056/vpn
./vpn_install.sh
systemctl daemon-reload
ps auxw | grep vpnagentd | grep -v grep
systemctl status vpnagentd.service
alias vpn='/opt/cisco/anyconnect/bin/vpn'
alias vpnui='/opt/cisco/anyconnect/bin/vpnui'

Other considerations

  • Profile is downloaded at: /opt/cisco/anyconnect/profile/
  • Run route -n to check routes when VPN is running
  • Add alias to bashrc

QR Code
QR Code tech:others:cisco_anyconnect (generated for current page)