Using UVic VPN in Gnome (Updated)
The Cisco AnyConnect client is an encumbrance, especially when trying to use the VPN in a script. Fortunately, there’s a workaround - openconnect. Here’s how to use it:
- Install a package: sudo apt install network-manager-openconnect-gnome
- CLI:
- Create a new interface that a regular user can use: sudo ip tuntap add vpn0 mode tun user greg
- Connect:
openconnect --authgroup=Default --quiet --interface=vpn0 --script='sudo -E /usr/share/vpnc-scripts/vpnc-script' https://vpn.uvic.ca/employeedept --user=$NETLINKID
- GUI:
- open Gnome Control Centre -> Network
- Add a VPN by clicking the + and choosing
Multi-protocol VPN client (openconnect)
- Fill in the gateway (in our case,
vpn.uvic.ca/employeedept). Configuration complete.
NOTE: read the docs for more info on why things are done this way
NOTE: if you need to debug a connection, add --dump-http-traffic to your command
NOTE: to remove a network device do ‘ip link delete $DEVICE’ - e.g. ‘sudo ip link delete vpn0’
NOTE: this method has been tested successfully from off-campus.
Command explained
- authgroup: Default looks like the only option available. Not sure how VPN pools works in this context though.
- interface: the virtual network interface created above. Note that this allows network-facing code to run without root. The vpnc script needs root, but that isn’t the same, see here
- script: there is a script that gets run once the handshake is done. It’s located at /usr/share/vpnc-scripts on Ubuntu.
This post was originally published 2019-02-19, and updated several times.