Cisco AnyConnect VPN CentOS 7 Server GUI with KDE

Summary

Procedure for connecting to Cisco AnyConnect VPN from a CentOS7 installed with Server GUI with KDE option. Probably will work on CentOS7 GNOME desktop option as well (the only difference being what packages are installed by default with these original install options. You might have to install an extra package or two depending on whether your install was minimal, desktop, etc). This should also work on Oracle Linux and Red Hat Linux.

Procedure

This is the procedure. For now I'm just going to paste in the commands from the terminal from the beginning to the connection example.

[gstanden@cl7 Desktop]$ cat /etc/centos-release

CentOS Linux release 7.2.1511 (Core)

[gstanden@cl7 Desktop]$

[root@centos-72a ~]# yum install epel-release

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

* base: centos.mirrors.tds.net

* extras: mirror.cisp.com

* updates: mirror.beyondhosting.net

Resolving Dependencies

--> Running transaction check

---> Package epel-release.noarch 0:7-6 will be installed

--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================================================================================================================================

Package Arch Version Repository Size

===================================================================================================================================================================================================================

Installing:

epel-release noarch 7-6 extras 14 k

Transaction Summary

===================================================================================================================================================================================================================

Install 1 Package

Total download size: 14 k

Installed size: 24 k

Is this ok [y/d/N]: y

Downloading packages:

epel-release-7-6.noarch.rpm | 14 kB 00:00:00

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

Installing : epel-release-7-6.noarch 1/1

Verifying : epel-release-7-6.noarch 1/1

Installed:

epel-release.noarch 0:7-6

Complete!

[root@centos-72a ~]# yum install openconnect

Loaded plugins: fastestmirror

epel/x86_64/metalink | 12 kB 00:00:00

epel | 4.3 kB 00:00:00

epel/x86_64/updateinfo FAILED

http://ftp.osuosl.org/pub/fedora-epel/7/x86_64/repodata/6903e789fb60fc5dd338b92c8b9c08a48cba1ead7be57903214408b242f28470-updateinfo.xml.bz2: [Errno 14] HTTP Error 404 - Not Found 0.0 B/s | 0 B --:--:-- ETA

Trying other mirror.

To address this issue please refer to the below knowledge base article

https://access.redhat.com/articles/1320623

If above article doesn't help to resolve this issue please create a bug on https://bugs.centos.org/

epel/x86_64/updateinfo FAILED

https://mirrors.lug.mtu.edu/epel/7/x86_64/repodata/6903e789fb60fc5dd338b92c8b9c08a48cba1ead7be57903214408b242f28470-updateinfo.xml.bz2: [Errno 14] HTTPS Error 404 - Not Found ] 0.0 B/s | 0 B --:--:-- ETA

Trying other mirror.

(1/3): epel/x86_64/group_gz | 170 kB 00:00:00

(2/3): epel/x86_64/updateinfo | 625 kB 00:00:00

(3/3): epel/x86_64/primary_db | 4.2 MB 00:00:01

Loading mirror speeds from cached hostfile

* base: centos.mirrors.tds.net

* epel: ca.mirror.babylon.network

* extras: mirror.cisp.com

* updates: mirror.beyondhosting.net

Resolving Dependencies

--> Running transaction check

---> Package openconnect.x86_64 0:7.06-1.el7 will be installed

--> Processing Dependency: vpnc-script for package: openconnect-7.06-1.el7.x86_64

--> Processing Dependency: libstoken.so.1(STOKEN_1.0)(64bit) for package: openconnect-7.06-1.el7.x86_64

--> Processing Dependency: libstoken.so.1()(64bit) for package: openconnect-7.06-1.el7.x86_64

--> Processing Dependency: libpcsclite.so.1()(64bit) for package: openconnect-7.06-1.el7.x86_64

--> Processing Dependency: liblz4.so.1()(64bit) for package: openconnect-7.06-1.el7.x86_64

--> Running transaction check

---> Package lz4.x86_64 0:r131-1.el7 will be installed

---> Package pcsc-lite-libs.x86_64 0:1.8.8-6.el7 will be installed

---> Package stoken-libs.x86_64 0:0.6-1.el7 will be installed

--> Processing Dependency: libtomcrypt.so.0()(64bit) for package: stoken-libs-0.6-1.el7.x86_64

---> Package vpnc-script.noarch 0:0.5.3-22.svn457.el7 will be installed

--> Running transaction check

---> Package libtomcrypt.x86_64 0:1.17-23.el7 will be installed

--> Processing Dependency: libtommath >= 0.42.0 for package: libtomcrypt-1.17-23.el7.x86_64

--> Processing Dependency: libtommath.so.0()(64bit) for package: libtomcrypt-1.17-23.el7.x86_64

--> Running transaction check

---> Package libtommath.x86_64 0:0.42.0-4.el7 will be installed

--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================================================================================================================================

Package Arch Version Repository Size

===================================================================================================================================================================================================================

Installing:

openconnect x86_64 7.06-1.el7 epel 459 k

Installing for dependencies:

libtomcrypt x86_64 1.17-23.el7 epel 224 k

libtommath x86_64 0.42.0-4.el7 epel 35 k

lz4 x86_64 r131-1.el7 epel 70 k

pcsc-lite-libs x86_64 1.8.8-6.el7 base 34 k

stoken-libs x86_64 0.6-1.el7 epel 36 k

vpnc-script noarch 0.5.3-22.svn457.el7 epel 14 k

Transaction Summary

===================================================================================================================================================================================================================

Install 1 Package (+6 Dependent packages)

Total download size: 874 k

Installed size: 2.7 M

Is this ok [y/d/N]: y

Downloading packages:

warning: /var/cache/yum/x86_64/7/epel/packages/libtomcrypt-1.17-23.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY

Public key for libtomcrypt-1.17-23.el7.x86_64.rpm is not installed

(1/7): libtomcrypt-1.17-23.el7.x86_64.rpm | 224 kB 00:00:00

(2/7): libtommath-0.42.0-4.el7.x86_64.rpm | 35 kB 00:00:00

(3/7): lz4-r131-1.el7.x86_64.rpm | 70 kB 00:00:00

(4/7): pcsc-lite-libs-1.8.8-6.el7.x86_64.rpm | 34 kB 00:00:00

(5/7): openconnect-7.06-1.el7.x86_64.rpm | 459 kB 00:00:00

(6/7): stoken-libs-0.6-1.el7.x86_64.rpm | 36 kB 00:00:00

(7/7): vpnc-script-0.5.3-22.svn457.el7.noarch.rpm | 14 kB 00:00:00

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Total 927 kB/s | 874 kB 00:00:00

Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

Importing GPG key 0x352C64E5:

Userid : "Fedora EPEL (7) <epel@fedoraproject.org>"

Fingerprint: 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5

Package : epel-release-7-6.noarch (@extras)

From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

Is this ok [y/N]: y

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

Installing : pcsc-lite-libs-1.8.8-6.el7.x86_64 1/7

Installing : libtommath-0.42.0-4.el7.x86_64 2/7

Installing : libtomcrypt-1.17-23.el7.x86_64 3/7

Installing : stoken-libs-0.6-1.el7.x86_64 4/7

Installing : vpnc-script-0.5.3-22.svn457.el7.noarch 5/7

Installing : lz4-r131-1.el7.x86_64 6/7

Installing : openconnect-7.06-1.el7.x86_64 7/7

Verifying : openconnect-7.06-1.el7.x86_64 1/7

Verifying : lz4-r131-1.el7.x86_64 2/7

Verifying : libtomcrypt-1.17-23.el7.x86_64 3/7

Verifying : stoken-libs-0.6-1.el7.x86_64 4/7

Verifying : vpnc-script-0.5.3-22.svn457.el7.noarch 5/7

Verifying : libtommath-0.42.0-4.el7.x86_64 6/7

Verifying : pcsc-lite-libs-1.8.8-6.el7.x86_64 7/7

Installed:

openconnect.x86_64 0:7.06-1.el7

Dependency Installed:

libtomcrypt.x86_64 0:1.17-23.el7 libtommath.x86_64 0:0.42.0-4.el7 lz4.x86_64 0:r131-1.el7 pcsc-lite-libs.x86_64 0:1.8.8-6.el7 stoken-libs.x86_64 0:0.6-1.el7 vpnc-script.noarch 0:0.5.3-22.svn457.el7

Complete!

[root@cl7 yum.repos.d]# openconnect https://vpn.xxxxxxxxxxxx.com

POST https://vpn.xxxxxxxxxxxx.com/

Attempting to connect to server xx.xx.xxx.x:xxx

SSL negotiation with vpn.xxxxxxxxxxxx.com

Server certificate verify failed: signer not found

Certificate from VPN server "vpn.xxxxxxxxxxxx.com" failed verification.

Reason: signer not found

Enter 'yes' to accept, 'no' to abort; anything else to view: yes

Connected to HTTPS on vpn.xxxxxxxxxxxx.com

XML POST enabled

Please enter your username and password.

GROUP: [datacenter|dmz|poc-mgmt|poc1|poc2|poc3|poc5|selfservice]:datacenter

POST https://vpn.xxxxxxxxxxxx.com/

XML POST enabled

Please enter your username and password.

Username: xxxxx

Password: xxxxx

POST https://vpn.xxxxxxxxxxxx.com/

Got CONNECT response: HTTP/1.1 200 OK

CSTP connected. DPD 30, Keepalive 20

Connected tun0 as xx.xx.xxx.xxxx, using SSL

Established DTLS connection (using GnuTLS). Ciphersuite (DTLS0.9)-(RSA)-(AES-128-CBC)-(SHA1).