Hey, I am trying to connect to a Cisco AnyConnect VPN on Fedora KDE. I entered everything as they should have (I have done this before); however, the connection type is listed as “Cisoc AnyConnect“ which I do not how it was possible. It gives an error about not being able to connect to vpn server; but, I think the error is connected to this. Is this a Fedora, openconnect or KDE thing? Can Fedora fix this?
Where is it listed as “Cisoc”?
You don’t say whether you’re using Workstation or KDE, but if it’s KDE you can likely change the name listed by opening “Networks”, right-clicking the connection and changing the name at the top of the dialogue box.
Gnome - no idea, but it will be something similar, assuming the Gnome Devs don’t think this is something that one needs to install an extension for.
It is not a text box entry, its the “VPN Protocol“ field. The weird thing is I have switched to English lang to take a screenshot for it; but, its listed correctly there, in the Turkish Language, the protocol name is listed wrong; but, it connects now (probably due to the update I installed last night). Is the locale issue about fedora, kde or openconnect?
This is why I was asking if it’s in the application or in the Network connection display. If the former, it’s due to Anyconnect. If the latter, it’s your Desktop environment - KDE or Gnome.
did you install and using the Anyconnect client software also known as cisco secure client?
Also if you are running a firewall on the computer, make sure you have ports UDP 500. UDP 4500, and TCP 8305 outbound enabled.
I am currently in the same situation. A few key points for me so far
- you dont want to install some random software by cisco, and try to make it work with plasma-nm-openconnect
- it is important to separate between the 2 Cisco VPNs out there, you want the “AnyConnect” Openconnect based one, which probably causes less issues
I found this guide on Github which I am following right now.
Findings
If your network provider mentions TOTP (time based 2FA codes), you will need to follow the above guide from Github and add your TOTP secret in the “Token authentication” field in the VPN configuration in the settings. The secret can be exported from apps like Aegis or KeepassDX, but not from others like Google Authenticator or even KeepassXC.
Then if the openconnect plugin is correctly installed (it needs to be installed as a plugin for networkmanager, on fedora it is simple, on NixOS I needed to add it as a plugin for networkmanager which ofc makes sense), a popup should appear when connecting.
This is the first time where you enter your credentials.
Clicking on the “connect” icon will load the required fields. In theory, you enter the correct username and password, best choose to save the password, and it should work.
There might be quirks and it doesnt yet work for me.
3rd party tools
There is this really cool tool for the job:
It is open source and supposed to implement the needed things, without being crappy software with barely any Linux support. I will try it next, if the native solution doesnt do it for me.
I got it to work with the new (worse) method