How to Install OpenConnect SSL VPN Client on Ubuntu Linux

|

|

OpenConnect SSL VPN software enables remote users and employees to securely connect to VPN gateways in an enterprise environment from Linux systems. Although not officially supported by network vendors, OpenConnect can be used on Linux systems with limited VPN support. OpenConnect comes with Ubuntu repositories by default and once installed, allows for secure connection and…

This post shows you how to install the OpenConnct SSL VPN client on Ubuntu 18.04 or 16.04 and connect to a popular VPN server gateway.

OpenConnect SSL VPN software was created to allow remote users and employees to securely connect to a Cisco, Juniper, or Palo Alto SSL VPN gateway running in an enterprise environment from Linux systems.

OpenConnect is not officially supported by these network vendors (Cisco Systems, Juniper Networks, Pulse Secure, or Palo Alto Networks); however, if you’re using a Linux machine with no official or limited support, you should look at OpenConnect SSL VPN client instead to help you connect to your company’s VPN gateway.

Employees can use the OpenConnect SSL VPN client to connect, and if authentication is approved, the connected users or employees are granted access to internal resources.

Read this post to learn how to install the official Cisco AnyConnect SSL VPN client.

When you’re ready to install OpenConnect, follow the steps below:

Install OpenConnect

OpenConnect SSL VPN client is included with Ubuntu repositories by default. No additional software and configurations are needed to get the package.

Simply use the commands below to install OpenConnect on Ubuntu machines.

sudo apt-get update
sudo apt-get install openconnect

Connect to SSL VPN Servers

Once the OpenConnect package has been successfully installed on Ubuntu, you should be ready to connect to SSL VPN servers, which can use Cisco’s AnyConnect SSL VPN and Juniper Pulse Connect Secure.

Simply run the commands below to establish a VPN connection to your VPN server gateway. In this example, our VPN gateway is vpn.example.com

sudo openconnect -u user --passwd-on-stdin vpn.example.com

Replace vpn.example.com with the gateway of your SSL VPN gateway server name or IP. Press enter to initiate the connection. If the server is up, you should be prompted for a password to authenticate.

After a successful connection and authentication, you should see a similar message as below:

POST https://vpn.example.com/
Connected to 192.168.15.2:443
SSL negotiation with vpn.example.com
Connected to HTTPS on vpn.example.com
XML POST enabled
Please enter your username and password.
Username: username
Password:
POST https://vpn.example.com/
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 30, Keepalive 20
Connected as 10.25.59.81, using SSL
Established DTLS connection (using GnuTLS). Ciphersuite (DTLS0.9)-(RSA)-(AES-256-CBC)-(SHA1).
Too long time in MTU detect loop; MTU set to 1322.
Detected MTU of 1322 bytes (was 1406)
Connect Banner:
| Welcome to the vpn.example.com VPN! You have been granted access to our internal resources.

That’s it! You’re not connected and can use internal resources from your Linux machine.

Congratulations! You have successfully installed and configured OpenConnect to access Cisco and other VPN providers’ gateway.

You may also like the post below:

Like this:



8 responses to “How to Install OpenConnect SSL VPN Client on Ubuntu Linux”

  1. Tom Ekberg Avatar
    Tom Ekberg

    Great article. Near the end you see “You’re not connected”. I think you meant to say “You’re now connected”.

    1. CP Avatar
      CP

      True!

  2. Muzi Avatar
    Muzi

    Thanks bud. very helpful

  3. Henning Avatar
    Henning

    I need to connect to a SonicWall firewall/vpn. They want me to install their closed source client NetExtender that additionally needs OracleJDK. Any idea whether I can connect with clients shipped with Ubuntu 16.04?

  4. Raghu Avatar
    Raghu

    How to install openconnect in windows through command line.

  5. shantesjh Avatar
    shantesjh

    i get this message

    XML response has no “auth” node
    Failed to obtain WebVPN cookie

  6. Robert Avatar
    Robert

    This worked for me to connect to my company’s corporate Palo Alto GlobalProtect VPN gateway, but how can I set this up correctly in NetworkManager so I can start the VPN as a standard user? I tried by entering the settings into NetworkManager, and my laptop will connect and authenticate, but network traffic does not flow through the VPN tunnel when I start the VPN this way.

    1. Thomas Eitzenberger Avatar
      Thomas Eitzenberger

      Thats a known bug in nm currently, resort to the cmd line 😉

Leave a Reply to Tom Ekberg Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.