Raspberry Pi 3 + Cisco AnyConnect VPN

The Problem

I had a need to drop my Raspberry flavored MITMProxy in between a service located behind a Cisco AnyConnect VPN. While Cisco appears to have a linux client, the pre-compiled binary was not compiled for ARM. I also failed to locate a means to compile it myself. There had to be another way…

After some googling, I stumbled upon openconnect. My initial go with this wasn’t straight forward, as I missed the fact that you need a vpnc-script. Luckily, openconnect’s “Getting Started” site provides you one that can be used. From this point it was pretty straight forward. The steps below are what I used in order to get this up and running.

Downloading and Compiling

Step 1: Let’s go get the source.

cd /tmp
wget ftp://ftp.infradead.org/pub/openconnect/openconnect-7.07.tar.gz 

Note: The version that was current at the time of this was 7.07. Be sure to check this site for a later version.

Step 2: Compile openconnect and install it.

tar xzf openconnect-7.07.tar.gz
cd openconnect-7.07
./configure --disable-nls --with-vpnc-script=/etc/vpnc/vpnc-script
make
sudo make install

Download the vpnc-script

Step 1: Let’s get the vpnc-script that we need.

wget http://git.infradead.org/users/dwmw2/vpnc-scripts.git/blob_plain/HEAD:/vpnc-script

Step 2: Move the vpnc-script to where openconnect expects it to live.

sudo mkdir /etc/vpnc && sudo mv vpnc-script /etc/vpnc/vpnc-script

Step 3: Change the permissions so that it is executable by the owner (root).

sudo chmod u+x /etc/vpnc/vpnc-script

Establish the VPN Connection

Step 1: Start up the VPN connection by running the following:

sudo openconnect --script /etc/vpnc/vpnc-script <your_vpn_connection_address>

Note: If you use dnsmasq, you’ll need to restart dnsmasq if your VPN has it’s own DNS servers. To do that, do the following:

sudo systemctl restart dnsmasq

Hopefully this helps you out. Leave any questions or comments below.

Cheers,

–Adam

Adam Engle

Mobile Security Guru | Hunter | Dog Lover | Droid Collector

3 thoughts to “Raspberry Pi 3 + Cisco AnyConnect VPN”

  1. I tried with latest openconnect-7.08.tar.gz and ./configure failed on a Raspberry Pi 3, fully up to date.
    I had to install “libxml2-dev” and “libssl-dev” packages with apt install then run the ./configure with the –without-openssl-version-check modifier.
    “sudo make install” did not work as expected, files couldn’t be found but I’m ok running openconnect form the installation folder directly

    Thanks,

Leave a Reply

Your email address will not be published. Required fields are marked *