I stumbled across this unique problem that I needed to connect to Cisco VPN inside VM and also wanted to use hadoop distribution.
Both of above require a VM because if I connect to VPN I lose internet connection which I did not want, so only option was to use VM for VPN(Windows was preferred choice as Cisco client was readily available)For running hadoop distribution, I had more options(I can install on my laptop, run cloudera VM, run cloudera docker image etc). But cloudera VM looked like the easiest one.
Now the problem was I cannot run 2 VM at the same time as it would too heavy for my laptop.
So I tried running cloudera docker image on native OS and running VM for VPN work. This did not work as docker requires Hyper-V to be enabled and VMWare cannot run with Hyper-V enabled. So basically I was not able to start cloudera docker and VM at the same time.
So the only option was to run VM nested ie run cloudera VM inside VPN VM.
or alternatively, run cloudera docker image inside VPN VM. If you really want to try this, you will have to enable Hyper-V inside VMWare player inside CPU settings on your native OS.
Running cloudera VM inside windows VM would have been too heavy. I did not try this. Docker image looked ok, but that too did not work for me easily, so I left it there.
Finally what looked more promising was installing Cisco VPN inside cloudera VM. This looked reasonable as I needed to do lightweight stuff only(few ssh and browser) after connecting to VPN.
So I started exploring that option. Its simple enough but not very clear as its not official.
Finally here is the recipe for connection to Cisco AnyConnect from CentOS.
Cisco AnyConnect is not officially supported on linux. Neither there is any client available from cisco.
However, there are some tools/libraries already built, so we can still connect. I was on CentOS 5.6 version.
You can check version of your linux system is lsb_release -a command.
here is output for cloudera VM -
[cloudera@quickstart ~]$ lsb_release -a
LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch
Distributor ID: CentOS
Description: CentOS release 6.7 (Final)
Release: 6.7
Codename: Final
https://centos.pkgs.org/7/epel-x86_64/openconnect-7.06-1.el7.x86_64.rpm.html
openconnect-7.06-1.el7.x86_64.rpm
Description
openconnect - Open client for Cisco AnyConnect VPN
This package provides a client for the Cisco AnyConnect VPN protocol, which
is based on HTTPS and DTLS.
This is all you need to do. Download RPM, go to RPM directory and then first install epel and then install openconnect as following -
Install Howto
Download the latest epel-release rpm from
http://dl.fedoraproject.org/pub/epel/7/x86_64/
Install epel-release rpm:
# rpm -Uvh epel-release*rpm
Install openconnect rpm package:
# yum install openconnect
After this you just need to connect like this -
openconnect (your cisco server)Now you are connected to VPN!!(your cisco server)/+webvpn+/index.html
Connected to HTTPS on(your cisco server)
Please enter your username and password.
GROUP: [zzz|yyy|xxx]:(enter logical name from the given options)
Please enter your username and password.
Username:
Password:
POST https://
(your cisco server/or some other IP), using SSL Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 30, Keepalive 20
Connected as
Established DTLS connection (using OpenSSL). Ciphersuite AES256-SHA.
After this keep this terminal open and you are connected to VPN. Established connection is the last message, dont expect done/success message.
References and thanks -
1) This blog really helped and gave me some confidence that this is possible. Though the instructions have changed now and you dont need to do anything else apart from mentioned above. Its just 1 line instruction now.
https://sites.google.com/site/nandydandyoracle/centos7/centos7-desktop/cisco-anyconnect-vpn-centos-7
2) You can see if following helps you. But for me all steps were not clear and that blog is too old. So wont suggest relying on it.
http://people.fas.harvard.edu/~pdurbin/blog/2011/09/15/getting-the-cisco-anyconnect-vpn-client-to-work-on-centos-6-x86_64.html
