The Cisco AnyConnect client is an encumbrance, especially when trying to use the VPN in a script. Fortunately, there's a workaround - openconnect. Here's how to use it:

1. Install a package: sudo apt install network-manager-openconnect-gnome
2. CLI:
   
   • Create a new interface that a regular user can use: sudo ip tuntap add vpn0 mode tun user greg
   • Connect: openconnect --authgroup=Default --quiet --interface=vpn0 --script='sudo -E /usr/share/vpnc-scripts/vpnc-script' https://vpn.uvic.ca --user=$NETLINKID
3. GUI:
   
   • open Gnome Control Centre -> Network
   • Add a VPN by clicking the + and choosing 'Cisco AnyConnect Compatible VPN (openconnect)
   • Fill in the gateway. Configuration complete.

NOTE: read the docs for more info on why things are done this way

NOTE: if you need to debug a connection, add '--dump-http-traffic' to your command

NOTE: to remove a network device do 'ip link delete $DEVICE' - e.g. 'sudo ip link delete vpn0'

NOTE: this method has been tested successfully from off-campus.

Command explained
=================

• authgroup: Default or VPN Multi Factor (you can use a YubiKey, but I don't think it has any effect in our case)
• interface: the interface created above. Note that this allows network-facing code to run without root. The vpnc script needs root, but that isn't the same, see here
• script: there is a script that gets run once the handshake is done. It's located at /usr/share/vpnc-scripts on Ubuntu.