Cisco AnyConnect Install on Linux
Steps to install
- Download
anyconnect-linux64-4.7.04056-predeploy-k9.tar.gz
- Verify sha512sum
- Unzip and install
- Download CA certificates
- Convert CA certificates from .crt to .der to .pem
- Place .pem certificates in
/opt/.cisco/certificates/ca/
directory - Make pem files read-only
- Run vpn on vpnui (
/opt/cisco/anyconnect/bin/vpn
OR/opt/cisco/anyconnect/bin/vpnui
if you have X11) - Additional run options
- To run/connect:
vpn -s connect https://vpn.example.org/vpn-profile01
- To disconnect:
vpn -s disconnect
- To check status:
vpn -s state
To convert .crt to .pem (Repeat for each crt file)
CRTFILE=vendor-ca.crt filename=$(basename -- "$CRTFILE") filename="${filename%.*}" DERFILE=${filename}.der PEMFILE=${filename}.pem openssl x509 -in $CRTFILE -out $DERFILE -outform DER openssl x509 -in $DERFILE -inform DER -out $PEMFILE -outform PEM rm $DERFILE cp $PEMFILE /opt/.cisco/certificates/ca/ chmod 444 /opt/.cisco/certificates/ca/$PEMFILE
Install steps
tar zxvf anyconnect-linux64-4.7.04056-predeploy-k9.tar.gz cd anyconnect-linux64-4.7.04056/vpn ./vpn_install.sh systemctl daemon-reload ps auxw | grep vpnagentd | grep -v grep systemctl status vpnagentd.service alias vpn='/opt/cisco/anyconnect/bin/vpn' alias vpnui='/opt/cisco/anyconnect/bin/vpnui'
Other considerations
- Profile is downloaded at: /opt/cisco/anyconnect/profile/
- Run
route -n
to check routes when VPN is running - Add alias to bashrc