Connecting to a Cisco AnyConnect VPN on Guix System

Introduction

Yesterday, I got access to a virtual machine from my university for a school project. Great! The only catch: it was only accessible in the internal network via an obscure VPN protocol.

As soon as I heard the name Cisco, I knew I was up for some bad surprises. And so when the instructions to connect started with “Download the Cisco Secure Client” I was already prepared to look for a good free software implementation instead.

And so I found a very nice project called “openconnect”, and its GNOME frontend called “networkmanager-openconnect”. Setting it up on Guix was very simple, and I was surprised by how well it interacted with the rest of the system!

In this post, I present a short tutorial for future me and others to do the same.

Tutorial

The first step is to install the software of course! For the CLI users, just do guix shell openconnect. For the NetworkManager users (part of %desktop-services, you can unlock the GUI integration with a slight modification to the network-manager service:

    
(modify-services %desktop-services
                 (network-manager-service-type
                  config =>
                  (network-manager-configuration
                   (inherit config)
                   (vpn-plugins (list (with-openconnect-master network-manager-openconnect))))))

After this, you can connect to the VPN using the openconnect command or, even better, the GNOME settings application (as a NetworkManager interface). In my case, there were two pitfalls:

1. Setting “AnyConnect” as user agent to avoid a 404 error.
2. Using a package transformation to use the latest master commit of openconnect, where the SSO was working correctly. Otherwise getting “Cookie was rejected by server; exiting.” error in the NetworkManager logs.

And that’s all it took! I can now connect to the virtual machine from anywhere through the VPN. A browser tab is automatically opened every time I connect to login through SSO. Free software wins yet again!