Skip to main content

Cisco AnyConnect VPN Client vs. OpenConnect on 64-Bit Linux Mint 12

Last night I decided to replace my Ubuntu 11.10 installation on my System76 Serval Pro with Linux Mint 12. I've used Linux Mint on and off since version 9, and Linux Mint 10 and 11 were my full-time OSes until I ran into some lockup issues with Mint 11 on my System76 Lemur Ultra-Thin, at which point I decided to give Ubuntu 11.10 with Unity a real shot.

Not to get sidetracked on the real topic of this post, but Unity isn't nearly as bad as many make it out to be. After using it for a week I actually started to like it and found myself quite productive with it. That said, since I've also always loved Mint I figured I better kick the tires on their latest release which is now the most popular GNU/Linux distribution, having recently bumped Ubuntu from the top spot.

If you've seen all my previous posts on getting Cisco AnyConnect running on GNU/Linux you'll know that this is an ever-changing series of problems and fixes over the years, but with Ubuntu 11.10 and Cisco finally releasing a native 64-bit version of the AnyConnect client the steps were finally limited to simply install and launch.

For some reason that isn't the case with Linux Mint 12 and as in the past the fixes that worked previously don't seem to apply to Mint 12. Downloading and installing the client is the same as previously, and the installation works fine, but at least on my machine when I try to connect I get a different certificate-related error than I've received in the past and I haven't yet determined how to resolve it.

In the mean time, some folks commented on a previous post to try OpenConnect, which is an open source VPN client designed to work with Cisco hardware. I'd tried it in the past without success against my specific VPN server but since I wasn't having much luck with AnyConnect (and to be fair, I probably only fought with it for about 30 minutes so there may well be a solution--if you know what it is I'd love to hear it!) I decided to try OpenConnect again. (An aside: my apologies for not responding to comments to that post. Posterous is having notification issues and I haven't received comment notifications for a while.)

Installation of the client and the integration with the Mint network manager is easy enough:
sudo apt-get install openconnect network-manager-openconnect

After installation completes you go to Network Settings and configure your VPN connection, which basically just requires the host name of your VPN server. With that configured you can then click on the network connection icon on the top right of the screen and select your VPN connection from the VPN list, and in my case it connected fine.

I did try running OpenConnect from a terminal and even when starting with sudo (which you have to do in order for the tunnel to be created), I got the error "No --script argument provided; DNS and routing are not configured" so although it connected to the VPN server fine, I couldn't do anything once I was connected. Using the network manager piece resolved that issue for some reason. The issue with running from a terminal is probably just a configuration thing but using the network manager is more convenient anyway, so I didn't dig into that either.

So for now at least I'll be using OpenConnect instead of AnyConnect, though if/when I install Mint 12 on one of my other machines I may try to figure out what's wrong with AnyConnect to satisfy my curiosity if nothing else. For now I just had to get something working since tomorrow it's back to work after the Thanksgiving holiday.

If anyone has AnyConnect running on Mint 12 and has ideas of what to try I'd be very interested to hear how you got things running, and I'll do a follow-up post if I figure it out when I work on it on another machine.


dwmw2 said…

Popular posts from this blog

Installing and Configuring NextPVR as a Replacement for Windows Media Center

If you follow me on Google+ you'll know I had a recent rant about Windows Media Center, which after running fine for about a year suddenly decided as of January 29 it was done downloading the program guide and by extension was therefore done recording any TV shows.

I'll spare you more ranting and simply say that none of the suggestions I got (which I appreciate!) worked, and rather than spending more time figuring out why, I decided to try something different.

NextPVR is an awesome free (as in beer, not as in freedom unfortunately ...) PVR application for Windows that with a little bit of tweaking handily replaced Windows Media Center. It can even download guide data, which is apparently something WMC no longer feels like doing.

Background I wound up going down this road in a rather circuitous way. My initial goal for the weekend project was to get Raspbmc running on one of my Raspberry Pis. The latest version of XBMC has PVR functionality so I was anxious to try that out as a …

Setting Up Django On a Raspberry Pi

This past weekend I finally got a chance to set up one of my two Raspberry Pis to use as a Django server so I thought I'd share the steps I went through both to save someone else attempting to do this some time as well as get any feedback in case there are different/better ways to do any of this.

I'm running this from my house (URL forthcoming once I get the real Django app finalized and put on the Raspberry Pi) using I don't cover that aspect of things in this post but I'm happy to write that up as well if people are interested.

General Comments and Assumptions

Using latest Raspbian “wheezy” distro as of 1/19/2013 (’lll be using Nginx ( as the web server/proxy and Gunicorn ( as the WSGI serverI used heavily as I was creating this, so many thanks to the author of that tutorial. If you’re looking for more details on …

The Definitive Guide to CouchDB Authentication and Security

With a bold title like that I suppose I should clarify a bit. I finally got frustrated enough with all the disparate and seemingly incomplete information on this topic to want to gather everything I know about this topic into a single place, both so I have it for my own reference but also in the hopes that it will help others.Since CouchDB is just an HTTP resource and can be secured at that level along the same lines as you'd secure any HTTP resource, I should also point out that I will not be covering things like putting a proxy in front of CouchDB, using SSL with CouchDB, or anything along those lines. This post is strictly limited to how authentication and security work within CouchDB itself.CouchDB security is powerful and granular but frankly it's also a bit quirky and counterintuitive. What I'm outlining here is my understanding of all of this after taking several runs at it, reading everything I could find on the Internet (yes, the whole Internet!), and a great deal…