Oh... boy this one was a pain to set up. Anyway, here's a write up on setting up anyconnect on arch.

Introduction

What is Anyconnect?

Anyconnect is a proprietary software developed by Cisco as a VPN client. It is useful for enterprises who have deployed a lot of Cisco equipment (such as switches, routers, firewalls, etc), as these come with Cisco's VPN for onsite access.

I stumbled across this (I'm typically OpenVPN/Tailscale) when I was trying to access servers for my university. The servers have ports only accessible on the school internet, so I had to use a VPN for onsite access. However, the university uses Cisco anyconnect, resulting in some cursed issues trying to setup anyconnect to work.

For anyone in the future running arch and trying to get anyconnect to work, this is a summary of what I did.

Initial Setup

First, I'm going to put my environment out.

• i3wm
• Network Manager (nmtui)

So, the first thing that I did was I looked at the packages. There are two packages for connecting to Cisco Anyconnect:

• Official Secure Client (deb file, aur)
• Openconnect (open sourced, official repo)

Initially, I used the official secure client, but it kept getting errors about not supporting SSO. Yes, my university uses SSO login on the anyconnect. This was hard to troubleshoot (closed source) and none of the advice online (e.g, installing webgtk4.1) worked. On top of that, my device is unsupported so probably no enterprise support either.

As a result, I turned to openconnect. Openconnect also did not work out of the box. The first thing I discovered was that without useragent, it just wouldn't want cookies or open a webpage.

Now, once I setup the cookies, it seemed to be that openconnect was interested in opening a webpage. However, I tested ran it with openconnect, however, it kept saying no SSO handler. After some research, it seems that only networkmanager supported the SSO handler.

This is the command I ended up using to add the vpn to my computer.

nmcli connection add \
	 connection.id MyOrgVPN \
	 connection.type vpn \
	 vpn.service-type openconnect \
	 vpn.data cookie-flags=2,gateway=vpnserviceaddr,useragent=Anyconnect,protocol=vpntype vpn.secrets gateway=vpnserviceaddr,gwcert=

Now, it didn't fully work either, as when I tried using nmtui to connect to it, it kept asking for a cookie string. I didn't know how to get around this, and I did try using the bash script the documentation provided, but I just couldn't get it to work.



So what I did was that I went to vpn address (vpn.university.edu) and did a manual login. After finishing the SSO auth, I inspect element the webpage and found the webvpn cookie. I co



Well, it allowed me to connect to the university servers, making this mission a success and allowing me to complete my work. 

Now... if only it was a much easier process.