On Mon, Mar 26, 2018 at 8:38 PM, Colin Williams <colin.williams.seattle at gmail.com> wrote: > > Hi, > > I have a mac provided with AnyConnect configured to a vpn, but wish to > try to connect using OpenConnect. Can anyone describe or point to a > document which might allow me to infer the connection settings and > resources such as keys so I can provide them for OpenConnect based on > the working AnyConnect settings? I looked around at some xml files but > couldn't figure out the connection settings and resources on my own. In my experience (5 or 10 different Cisco AnyConnect VPNs), the following should cover all of the required connection information: VPN server (there may be more than one possibility in your "AnyConnect Profile", but you only need one to get connected) Username Password and/or 2FA token source Client certificate (not used with all VPNs) These should all be straightforward and obvious, with the exception of the client certificate. In some cases, the client cert may be accessible to you since you obtained it simply as a an ordinary file which you can copy to a system running openconnect. But in other cases, the client certificate will be stored in: (a) An operating system facility that restricts your ability to export the certificate. Under Windows, the mimikatz tool (https://github.com/gentilkiwi/mimikatz) can be used to export certificates which were marked "unexportable" when imported. (b) Vendor-specific software that stores the certificate, such as Symantec PKI. (b) A hardware credential storage container like a TPM (https://en.wikipedia.org/wiki/Trusted_Platform_Module). Does that clarify things? Dan
