Goodbye Windows

Because of my depressing experiences when trying to connect to our Cisco-based VPN under Linux, I've so far used a virtual Windows XP and the IPSec 'vpnclient' from Cisco. Since the end of Windows XP is nigh, I had to find an alternative.

In the meantime, we have enabled SSL support on our Cisco ASA to allow users running a 64 bit Windows 7 to connect to the VPN using the Cisco 'AnyConnect' SSL client. Of course, acquiring a Windows license just to connect to the VPN was not an option for me. I would either be able using open-source software or not be able to connect at all.

I've quickly found that 'openconnect' is held in high regard in the interwebs, and decided to give it a try on a virtual Debian Jessie:

su -
wajig install openconnect
openconnect -c certificate_bundle.p12 https://gateway.de

Bang, connected, and all services work.

Unbelievable! Finally!

I've found that the direct use of the PKCS#12 certificate bundle works with Debian Jessie, but not with Arch, for which the certificate bundle has to be split into the x509 certificate and the pk8 private key in pem format using openssl. But that's perfectly ok, since I anyway value the convenience of connecting to the VPN with a virtual machine without the necessity to disrupt my standard connection to the internet via QSC.