6

I'm not too familiar with VPNs and I'm having a hard time connecting to a VPN service with OpenConnect.

The VPN service I've purchased uses Cisco AnyConnect, which I can't get for Linux, but the OpenConnect application is supposed to do the same thing. I've installed OpenConnect and the GUI for it.

On other OS'es like Android, the VPN service simply has me link the Cisco AnyConnect client to an XML file which AnyConnect then uses to connect to the servers. No other configuration in the client software is needed besides providing this XML file, which makes me think that this XML file contains all the information necessary to connect to all these VPN servers - no configuring checkboxes, no downloading of certificates, etc.

Once I provide the XML file, AnyConnect generates the list of VPN servers, I choose one, and fill in my username and password in the ensuing popup boxes and that's it.

<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
<ClientInitialization>
<UseStartBeforeLogon UserControllable="false">false</UseStartBeforeLogon>
<StrictCertificateTrust>false</StrictCertificateTrust>
<RestrictPreferenceCaching>false</RestrictPreferenceCaching>
<RestrictTunnelProtocols>IPSec</RestrictTunnelProtocols>
<BypassDownloader>true</BypassDownloader>
<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
<CertEnrollmentPin>pinAllowed</CertEnrollmentPin>
<CertificateMatch>
<KeyUsage>
<MatchKey>Digital_Signature</MatchKey>
</KeyUsage>
<ExtendedKeyUsage>
<ExtendedMatchKey>ClientAuth</ExtendedMatchKey>
</ExtendedKeyUsage>
</CertificateMatch>
<BackupServerList>
<HostAddress>localhost</HostAddress>
</BackupServerList>
</ClientInitialization>
<ServerList>
<HostEntry>
<HostName>server 1</HostName>
<HostAddress>japan.examplevpn.com</HostAddress>
</HostEntry>
<HostEntry>
<HostName>server 2</HostName>
<HostAddress>amsterdam.examplevpn.com</HostAddress>
</HostEntry>  
</ServerList>
</AnyConnectProfile>

OpenConnect on Linux doesn't seem to have any provision to import an XML file.

What do I need to do to configure each connection in OpenConnect, based on what's in the XML file?

enter image description here enter image description here

fuzzybabybunny
  • 171
  • 2
  • 3

2 Answers2

0

You should convert your xml to base 64 encoding config.xml | tr -d '\n' > config.xml.base64

Then manually open connection with editor in /etc/NetworkManager/system-connections/

Your xml configfile should be saved as base64 value in [vpn-secrets] config section:

[vpn-secrets] xmlconfig=

Pavel Gusev
  • 1
0

This is not the answer you're looking for, but unfortunately OpenConnect cannot natively support XML files for anything useful. It can read a hostname and user group from them but nothing else.

The source code shows that clearly: https://github.com/openconnect/openconnect/blob/master/xml.c

In practice this means you can at most do:

<openconnect>
    <ServerList>
        <HostEntry>
            <HostName>vpn.example.com</HostName>
            <HostAddress>vpn.example.com</HostAddress>
            <UserGroup>test123</UserGroup>
        </HostEntry>
    </ServerList>
</openconnect>
kiler129
  • 101
  • 1