Installing and Using OpenConnect in Linux

OpenConnect

Recent versions of the OpenConnect VPN client for Linux support connecting to Pulse Secure VPN servers such as the one at TRIUMF. This tool makes connecting to the VPN quite a bit simpler than with the ncLinux.jar download that was traditionally used for VPN access.

Installing

Fedora or CentOS+EPEL:

On RedHat clones (CentOS, ScientificLinux), the configuration for the EPEL YUM repository must be installed.

$ sudo yum -y install epel-release

Install openconnect and optionally NetworkManager-openconnect

$ sudo yum -y install openconnect NetworkManager-openconnect

Debian/Ubuntu

Install openconnect and optionally network-manager-openconnect

$ sudo apt-get -y install openconnect network-manager-openconnect 

Download the CA certificate

The TLS certificate of the TRIUMF VPN service is signed by a commercial certificate-authority (CA).

CA-certificate file

Save the file in a convenient location.  Note that it is valid for only two years from the time of issue to you will have to repeat this step when the certificate is placed on the server.

Alternately, you can ignore this step and omit option --cafile in the openconnect command of the next step.   In that case, you will be prompted to accept the server certificate.

Connecting to VPN

You can run openconnect from the command line as root.  Provide the correct path to the CA-cert file that was download in the previous step.

$ sudo openconnect --juniper --cafile PATH_TO_CACERT_FILE.pem vpn.triumf.ca

Provide your TRIDENT username and password to authenticate.

Document Actions