Connecting to WWU VPN from Linux
- Chris Miller
WWU’s VPN service is powered by Cisco AnyConnect and supports the use of Azure Multifactor Authentication. The AnyConnect VPN Client is available for Windows and MacOS from https://remotevpn.wwu.edu. A GUI-only client for Red Hat Linux and Ubuntu (LTS) is also available at https:/remotevpn.wwu.edu.
The client for iOS is available in the Apple App Store, and the client for Android and ChromeOS is available in the Google Play Store.
For other Linux operating systems, or CLI-only Linux use, a script solution called openconnect-sso leverages the open-source compatible client OpenConnect to provide VPN connectivity to the WWU network. This document details how to install and use OpenConnect with the openconnect-sso script.
Instructions
Install OpenConnect:
The OpenConnect client is not usually pre-installed on most Linux distributions nor many other Unix-like operating systems. The exact package names can vary from distribution to distribution, but here are some common ones, along with their easy copy/paste install lines:Debian / Ubuntu and derivatives
sudo apt install openconnectFedora
sudo dnf install openconnectArch and derivatives
sudo pacman -S openconnectpkgsrc (NetBSD / Multiple operating systems)
cd /usr/pkgsrc/net/openconnect && sudo make install clean clean-dependspkgin (NetBSD / Multiple operating systems)
sudo pkgin install openconnectOpenBSD
doas pkg_add openconnectFreeBSD
sudo pkg install openconnectUsing your distribution’s package manager, install the package and proceed to Connect to the VPN.
Set up openconnect-sso
Directions shown in this section are for Debian / Ubuntu and derivatives.First update your packages and install the pre-requisites.
sudo apt-get update sudo apt-get install python3-pip python3-venv -y pip3 install --user pipxNow ensure that
pipxis in your path.which pipxIf there is no output from the command then continue to the next step. If you do get output skip to appending the correct entry into your path.
Find pipx in your local path.
user@host:~$ find ./ -iname \*pipx\* find: ‘./.dbus’: Permission denied find: ‘./.cache/dconf’: Permission denied find: ‘./.cache/doc’: Permission denied ./.local/lib/python3.6/site-packages/pipx-0.16.4.dist-info ./.local/lib/python3.6/site-packages/pipx ./.local/lib/python3.6/site-packages/pipx/pipx_metadata_file.py ./.local/lib/python3.6/site-packages/pipx/__pycache__/pipx_metadata_file.cpython-36.pyc ./.local/bin/pipxNotice the last entry which is a file named
pipx. If you found the entry from thefindyou can proceed to append the correct entry into your path. If no entry existed you would need to append this into your.bashrcfile (or whatever editor you use).user@host:~$ echo 'export PATH=${PATH}:~/.local/bin' >> ~/.bashrcNext you must proceed append the correct entry into your path. For this example the entry we want is
./.local/bin/pipx.Now install openconnect-sso.
pipx install "openconnect-sso[full]"Connect to the VPN with openconnect-sso:
When you are ready to establish a connection you have to choose whether you want all traffic to go over your VPN (Full Tunnel) or only traffic destined for WWU address space (Split Tunnel).For
Full Tunneluse:openconnect-sso --server remotevpn.wwu.edu/fullmfa --user $USERNAME@wwu.eduFor
Split Tunneluse:openconnect-sso --server remotevpn.wwu.edu/splitmfa --user $USERNAME@wwu.eduYou will be prompted for your password. After this a window will pop up to request your second factor of authentication.
$USERNAMEis your WWU Universal Account username.Please be aware that this window will need to remain open for the tunnel to remain connected. Unfortunately
openconnect-ssodoes not have a background flag the wayOpenConnectdoes
The $VARIABLE syntax above means you need to replace the $VARIABLE (including the $) with what you want the value to be.
The content for this article was researched by the IT staff for the WWU Department of Computer Science, and appears here with their consent. You can access the original article here: Linux/BSD - OpenConnect — CS Support documentation (wwu.edu)