Trace:

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

tech:others:cisco_anyconnect [2019/08/14 06:26] (current)
Line 1: Line 1:
 +====== Cisco AnyConnect Install on Linux ======
 +Steps to install
 +  - Download ''​anyconnect-linux64-4.7.04056-predeploy-k9.tar.gz''​
 +  - Verify sha512sum
 +  - Unzip and install
 +  - Download CA certificates
 +  - Convert CA certificates from .crt to .der to .pem
 +  - Place .pem certificates in ''/​opt/​.cisco/​certificates/​ca/''​ directory
 +  - Make pem files read-only
 +  - Run vpn on vpnui (''/​opt/​cisco/​anyconnect/​bin/​vpn''​ OR ''/​opt/​cisco/​anyconnect/​bin/​vpnui''​ if you have X11)
 +  - Additional run options
 +    - To run/​connect:​ ''​vpn -s connect https://​vpn.example.org/​vpn-profile01''​
 +    - To disconnect: ''​vpn -s disconnect''​
 +    - To check status: ​ ''​vpn -s state''​
 +
 +To convert .crt to .pem (Repeat for each crt file)
 +<code bash>
 +CRTFILE=vendor-ca.crt
 +filename=$(basename -- "​$CRTFILE"​)
 +filename="​${filename%.*}"​
 +DERFILE=${filename}.der
 +PEMFILE=${filename}.pem
 +openssl x509 -in $CRTFILE -out $DERFILE -outform DER
 +openssl x509 -in $DERFILE -inform DER -out $PEMFILE -outform PEM
 +rm $DERFILE
 +cp $PEMFILE /​opt/​.cisco/​certificates/​ca/​
 +chmod 444 /​opt/​.cisco/​certificates/​ca/​$PEMFILE
 +</​code>​
 +
 +Install steps
 +<code bash>
 +tar zxvf anyconnect-linux64-4.7.04056-predeploy-k9.tar.gz
 +cd anyconnect-linux64-4.7.04056/​vpn
 +./​vpn_install.sh
 +systemctl daemon-reload
 +ps auxw | grep vpnagentd | grep -v grep
 +systemctl status vpnagentd.service
 +alias vpn='/​opt/​cisco/​anyconnect/​bin/​vpn'​
 +alias vpnui='/​opt/​cisco/​anyconnect/​bin/​vpnui'​
 +</​code>​
 +
 +Other considerations
 +  * Profile is downloaded at: /​opt/​cisco/​anyconnect/​profile/​
 +  * Run ''​route -n''​ to check routes when VPN is running
 +  * Add alias to bashrc
  

QR Code
QR Code tech:others:cisco_anyconnect (generated for current page)