Log in

HCMC Journal

Using UVic VPN in Gnome (Updated)

: Greg Newton, Martin Holmes

The Cisco AnyConnect client is an encumbrance, especially when trying to use the VPN in a script. Fortunately, there’s a workaround - openconnect. Here’s how to use it:

  1. Install a package: sudo apt install network-manager-openconnect-gnome
  2. CLI:
    • Create a new interface that a regular user can use: sudo ip tuntap add vpn0 mode tun user greg
    • Connect: openconnect --authgroup=Default --quiet --interface=vpn0 --script='sudo -E /usr/share/vpnc-scripts/vpnc-script' https://vpn.uvic.ca/employeedept --user=$NETLINKID
    • NOTE: As of 2023-06-22, a new parameter is required, but this is sufficient to connect successfully:
    • sudo openconnect --useragent=AnyConnect --protocol=anyconnect https://vpn.uvic.ca/employeedept -u $NETLINKID
    • To disconnect, Control + C in the terminal where you ran the script.
  3. GUI:
    • open Gnome Control Centre -> Network
    • Add a VPN by clicking the + and choosing Multi-protocol VPN client (openconnect)
    • Fill in the gateway (in our case, vpn.uvic.ca/employeedept). Configuration complete, except that as of 2023-06-22 this fails because of the need to supply an additional parameter --useragent=AnyConnect. However, on campus I was able to get around this by adding AnyConnect in the Reported OS field. This triggers an error, but the process then succeeds. Unfortunately this does not seem to work from outside the UVic campus, so the command line is the best option.

NOTE: read the docs for more info on why things are done this way

NOTE: if you need to debug a connection, add --dump-http-traffic to your command

NOTE: to remove a network device do ‘ip link delete $DEVICE’ - e.g. ‘sudo ip link delete vpn0’

NOTE: this method has been tested successfully from off-campus.

Command explained

This post was originally published 2019-02-19, and updated several times.