Getting connection settings and resources from AnyConnect
Daniel Lenski
dlenski at gmail.com
Mon Mar 26 21:16:24 PDT 2018
On Mon, Mar 26, 2018 at 8:38 PM, Colin Williams
<colin.williams.seattle at gmail.com> wrote:
>
> Hi,
>
> I have a mac provided with AnyConnect configured to a vpn, but wish to
> try to connect using OpenConnect. Can anyone describe or point to a
> document which might allow me to infer the connection settings and
> resources such as keys so I can provide them for OpenConnect based on
> the working AnyConnect settings? I looked around at some xml files but
> couldn't figure out the connection settings and resources on my own.
In my experience (5 or 10 different Cisco AnyConnect VPNs), the
following should cover all of the required connection information:
VPN server (there may be more than one possibility in your "AnyConnect
Profile", but you only need one to get connected)
Username
Password and/or 2FA token source
Client certificate (not used with all VPNs)
These should all be straightforward and obvious, with the exception of
the client certificate. In some cases, the client cert may be
accessible to you since you obtained it simply as a an ordinary file
which you can copy to a system running openconnect.
But in other cases, the client certificate will be stored in:
(a) An operating system facility that restricts your ability to export
the certificate. Under Windows, the mimikatz tool
(https://github.com/gentilkiwi/mimikatz) can be used to export
certificates which were marked "unexportable" when imported.
(b) Vendor-specific software that stores the certificate, such as Symantec PKI.
(b) A hardware credential storage container like a TPM
(https://en.wikipedia.org/wiki/Trusted_Platform_Module).
Does that clarify things?
Dan
More information about the openconnect-devel
mailing list