Trace:

no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


tech:others:cisco_anyconnect [2019/08/14 11:26] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +====== Cisco AnyConnect Install on Linux ======
 +Steps to install
 +  - Download ''anyconnect-linux64-4.7.04056-predeploy-k9.tar.gz''
 +  - Verify sha512sum
 +  - Unzip and install
 +  - Download CA certificates
 +  - Convert CA certificates from .crt to .der to .pem
 +  - Place .pem certificates in ''/opt/.cisco/certificates/ca/'' directory
 +  - Make pem files read-only
 +  - Run vpn on vpnui (''/opt/cisco/anyconnect/bin/vpn'' OR ''/opt/cisco/anyconnect/bin/vpnui'' if you have X11)
 +  - Additional run options
 +    - To run/connect: ''vpn -s connect https://vpn.example.org/vpn-profile01''
 +    - To disconnect: ''vpn -s disconnect''
 +    - To check status:  ''vpn -s state''
 +
 +To convert .crt to .pem (Repeat for each crt file)
 +<code bash>
 +CRTFILE=vendor-ca.crt
 +filename=$(basename -- "$CRTFILE")
 +filename="${filename%.*}"
 +DERFILE=${filename}.der
 +PEMFILE=${filename}.pem
 +openssl x509 -in $CRTFILE -out $DERFILE -outform DER
 +openssl x509 -in $DERFILE -inform DER -out $PEMFILE -outform PEM
 +rm $DERFILE
 +cp $PEMFILE /opt/.cisco/certificates/ca/
 +chmod 444 /opt/.cisco/certificates/ca/$PEMFILE
 +</code>
 +
 +Install steps
 +<code bash>
 +tar zxvf anyconnect-linux64-4.7.04056-predeploy-k9.tar.gz
 +cd anyconnect-linux64-4.7.04056/vpn
 +./vpn_install.sh
 +systemctl daemon-reload
 +ps auxw | grep vpnagentd | grep -v grep
 +systemctl status vpnagentd.service
 +alias vpn='/opt/cisco/anyconnect/bin/vpn'
 +alias vpnui='/opt/cisco/anyconnect/bin/vpnui'
 +</code>
 +
 +Other considerations
 +  * Profile is downloaded at: /opt/cisco/anyconnect/profile/
 +  * Run ''route -n'' to check routes when VPN is running
 +  * Add alias to bashrc
  

QR Code
QR Code tech:others:cisco_anyconnect (generated for current page)