Differences
This shows you the differences between two versions of the page.
tech:others:cisco_anyconnect [2019/08/14 06:26] |
tech:others:cisco_anyconnect [2019/08/14 06:26] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Cisco AnyConnect Install on Linux ====== | ||
+ | Steps to install | ||
+ | - Download ''anyconnect-linux64-4.7.04056-predeploy-k9.tar.gz'' | ||
+ | - Verify sha512sum | ||
+ | - Unzip and install | ||
+ | - Download CA certificates | ||
+ | - Convert CA certificates from .crt to .der to .pem | ||
+ | - Place .pem certificates in ''/opt/.cisco/certificates/ca/'' directory | ||
+ | - Make pem files read-only | ||
+ | - Run vpn on vpnui (''/opt/cisco/anyconnect/bin/vpn'' OR ''/opt/cisco/anyconnect/bin/vpnui'' if you have X11) | ||
+ | - Additional run options | ||
+ | - To run/connect: ''vpn -s connect https://vpn.example.org/vpn-profile01'' | ||
+ | - To disconnect: ''vpn -s disconnect'' | ||
+ | - To check status: ''vpn -s state'' | ||
+ | |||
+ | To convert .crt to .pem (Repeat for each crt file) | ||
+ | <code bash> | ||
+ | CRTFILE=vendor-ca.crt | ||
+ | filename=$(basename -- "$CRTFILE") | ||
+ | filename="${filename%.*}" | ||
+ | DERFILE=${filename}.der | ||
+ | PEMFILE=${filename}.pem | ||
+ | openssl x509 -in $CRTFILE -out $DERFILE -outform DER | ||
+ | openssl x509 -in $DERFILE -inform DER -out $PEMFILE -outform PEM | ||
+ | rm $DERFILE | ||
+ | cp $PEMFILE /opt/.cisco/certificates/ca/ | ||
+ | chmod 444 /opt/.cisco/certificates/ca/$PEMFILE | ||
+ | </code> | ||
+ | |||
+ | Install steps | ||
+ | <code bash> | ||
+ | tar zxvf anyconnect-linux64-4.7.04056-predeploy-k9.tar.gz | ||
+ | cd anyconnect-linux64-4.7.04056/vpn | ||
+ | ./vpn_install.sh | ||
+ | systemctl daemon-reload | ||
+ | ps auxw | grep vpnagentd | grep -v grep | ||
+ | systemctl status vpnagentd.service | ||
+ | alias vpn='/opt/cisco/anyconnect/bin/vpn' | ||
+ | alias vpnui='/opt/cisco/anyconnect/bin/vpnui' | ||
+ | </code> | ||
+ | |||
+ | Other considerations | ||
+ | * Profile is downloaded at: /opt/cisco/anyconnect/profile/ | ||
+ | * Run ''route -n'' to check routes when VPN is running | ||
+ | * Add alias to bashrc | ||