VPN with OpenConnect on Linux
There is an official Cisco VPN client for Linux. It is a hassle to get working sometimes - certainly with recent versions of Ubuntu. OpenConnect works as well, and if it's in your distribution packages it's a lot easier to get working.
Ubuntu 18.04 desktop §
(should work with other recent Ubuntu versions)
Install the network-manager-openconnect-gnome package
. This should pull in all the other required dependencies.
Use from the GUI
Once this has installed you should be able to open up the network properties and add a VPN connection. This should then give you the option of creating a openconnect profile.
Note: if the openconnect option does not appear try restarting NetworkManager with sudo systemctl restart network-manager.service
.
When you choose the openconnect option you get a dialog with various options. You only need to fill in two fields:
- The name of the connection (anything you like)
- The Gateway (
gucsasa1.cent.gla.ac.uk
)
Then click the green Add
button.
You can initiate the connection from the network settings screen, but most of the time it's probably most convenient to do it from the system menu at the top right corner. The drop-down menu should now have a VPN option. Choose your connection and connect.
This should bring up the connection dialog. From here the choices are the same as for the Cisco client. Choose either the Campus_use
or Off_Campus_use
profiles (confusingly referred to as GROUP: here) depending on your requirements, and enter your GUID username and password (note that using your email address as the username does not work here).
Note that after you've connected the first time, the VPN host should rename itself to GUsecure.
Then click login
.
The connection should work almost instantly (notably faster than the Cisco clients on Mac or Windows). A padlock icon appears next to the network icon(s) to let you know the connection is active. You can click on this to disconnect (or do it from the system menu drop-down).
Use from the command line
See https://www.infradead.org/openconnect/manual.html for details.
Checking routing setup
To verify that the correct network configuration is active you can use the command ip route
. The first set of routes shown here are for the Off_Campus_use
, and the second for On_Campus
. Note that the VPN service has seen a lot of reconfiguration during 2020, so the routes you see may be different from the examples here.