Sunday, November 27, 2011

Cisco AnyConnect VPN Client vs. OpenConnect on 64-Bit Linux Mint 12

Last night I decided to replace my Ubuntu 11.10 installation on my System76 Serval Pro with Linux Mint 12. I've used Linux Mint on and off since version 9, and Linux Mint 10 and 11 were my full-time OSes until I ran into some lockup issues with Mint 11 on my System76 Lemur Ultra-Thin, at which point I decided to give Ubuntu 11.10 with Unity a real shot.

Not to get sidetracked on the real topic of this post, but Unity isn't nearly as bad as many make it out to be. After using it for a week I actually started to like it and found myself quite productive with it. That said, since I've also always loved Mint I figured I better kick the tires on their latest release which is now the most popular GNU/Linux distribution, having recently bumped Ubuntu from the top spot.

If you've seen all my previous posts on getting Cisco AnyConnect running on GNU/Linux you'll know that this is an ever-changing series of problems and fixes over the years, but with Ubuntu 11.10 and Cisco finally releasing a native 64-bit version of the AnyConnect client the steps were finally limited to simply install and launch.

For some reason that isn't the case with Linux Mint 12 and as in the past the fixes that worked previously don't seem to apply to Mint 12. Downloading and installing the client is the same as previously, and the installation works fine, but at least on my machine when I try to connect I get a different certificate-related error than I've received in the past and I haven't yet determined how to resolve it.

In the mean time, some folks commented on a previous post to try OpenConnect, which is an open source VPN client designed to work with Cisco hardware. I'd tried it in the past without success against my specific VPN server but since I wasn't having much luck with AnyConnect (and to be fair, I probably only fought with it for about 30 minutes so there may well be a solution--if you know what it is I'd love to hear it!) I decided to try OpenConnect again. (An aside: my apologies for not responding to comments to that post. Posterous is having notification issues and I haven't received comment notifications for a while.)

Installation of the client and the integration with the Mint network manager is easy enough:
sudo apt-get install openconnect network-manager-openconnect

After installation completes you go to Network Settings and configure your VPN connection, which basically just requires the host name of your VPN server. With that configured you can then click on the network connection icon on the top right of the screen and select your VPN connection from the VPN list, and in my case it connected fine.

I did try running OpenConnect from a terminal and even when starting with sudo (which you have to do in order for the tunnel to be created), I got the error "No --script argument provided; DNS and routing are not configured" so although it connected to the VPN server fine, I couldn't do anything once I was connected. Using the network manager piece resolved that issue for some reason. The issue with running from a terminal is probably just a configuration thing but using the network manager is more convenient anyway, so I didn't dig into that either.

So for now at least I'll be using OpenConnect instead of AnyConnect, though if/when I install Mint 12 on one of my other machines I may try to figure out what's wrong with AnyConnect to satisfy my curiosity if nothing else. For now I just had to get something working since tomorrow it's back to work after the Thanksgiving holiday.

If anyone has AnyConnect running on Mint 12 and has ideas of what to try I'd be very interested to hear how you got things running, and I'll do a follow-up post if I figure it out when I work on it on another machine.


dwmw2 said...

Jason Lebrun said...

Pretty helpful material, much thanks for this article
Harvard case solution excel file