Getting connection settings and resources from AnyConnect

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Mar 26, 2018 at 8:38 PM, Colin Williams
<colin.williams.seattle at gmail.com> wrote:
>
> Hi,
>
> I have a mac provided with AnyConnect configured to a vpn, but wish to
> try to connect using OpenConnect. Can anyone describe or point to a
> document which might allow me to infer the connection settings and
> resources such as keys so I can provide them for OpenConnect based on
> the working AnyConnect settings? I looked around at some xml files but
> couldn't figure out the connection settings and resources on my own.

In my experience (5 or 10 different Cisco AnyConnect VPNs), the
following should cover all of the required connection information:

VPN server (there may be more than one possibility in your "AnyConnect
Profile", but you only need one to get connected)
Username
Password and/or 2FA token source
Client certificate (not used with all VPNs)

These should all be straightforward and obvious, with the exception of
the client certificate. In some cases, the client cert may be
accessible to you since you obtained it simply as a an ordinary file
which you can copy to a system running openconnect.

But in other cases, the client certificate will be stored in:

(a) An operating system facility that restricts your ability to export
the certificate. Under Windows, the mimikatz tool
(https://github.com/gentilkiwi/mimikatz) can be used to export
certificates which were marked "unexportable" when imported.
(b) Vendor-specific software that stores the certificate, such as Symantec PKI.
(b) A hardware credential storage container like a TPM
(https://en.wikipedia.org/wiki/Trusted_Platform_Module).

Does that clarify things?

Dan



[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux