The Cisco AnyConnect client is an encumbrance, especially when trying to use the VPN in a script. Fortunately, there's a workaround - openconnect. Here's how to use it:
- Install a package: sudo apt install network-manager-openconnect-gnome
- Create a new interface that a regular user can use: sudo ip tuntap add vpn0 mode tun user greg
- Connect: openconnect --authgroup=Default --quiet --interface=vpn0 --script='sudo -E /usr/share/vpnc-scripts/vpnc-script' https://vpn.uvic.ca --user=$NETLINKID
- open Gnome Control Centre -> Network
- Add a VPN by clicking the + and choosing 'Cisco AnyConnect Compatible VPN (openconnect)
- Fill in the gateway. Configuration complete.
NOTE: read the docs for more info on why things are done this way
NOTE: if you need to debug a connection, add '--dump-http-traffic' to your command
NOTE: to remove a network device do 'ip link delete $DEVICE' - e.g. 'sudo ip link delete vpn0'
NOTE: this method has been tested successfully from off-campus.
- authgroup: Default or VPN Multi Factor (you can use a YubiKey, but I don't think it has any effect in our case)
- interface: the interface created above. Note that this allows network-facing code to run without root. The vpnc script needs root, but that isn't the same, see here
- script: there is a script that gets run once the handshake is done. It's located at /usr/share/vpnc-scripts on Ubuntu.