openconnect is a client for Cisco’s AnyConnect SSL VPN. Here’s how to get it running on OpenWRT. (You can probably do most of the setup using the web interface, but I prefer the command line.)
OpenWRT version differences
On OpenWRT 10 (backfire), the openconnect package comes with only the executable, so you will need to create an init script to launch it and a vpnc script to set up routing and firewall rules; on OpenWRT 12 (attitude adjustment), it already includes a netifd script and basic vpnc-script.
OpenWRT 12 has a package for openconnect 3.18. OpenWRT 10.03.1 has openconnect 2.25. And OpenWRT 10.03 only has 2.01, which did not work for me; I edited the source packages URL in /etc/opkg.conf
to use the 10.03.1 packages.
Installing the package
- Get your list of available packages up to date:
opkg update
- Install the package:
opkg install openconnect
- Wait for it to download and install the package and its dependencies. Then take a look at the files that were installed for the package:
opkg files openconnect
- Check out the available parameters for openconnect:
openconnect --help
Getting it configured
I had previously been running vpnc, so I already had a vpnc-script ready to go; I just had to make an init script. I copied pieces of an existing one:
#!/bin/sh /etc/rc.common
START=77
start() {
echo "password" | /usr/bin/openconnect --user=Username --passwd-on-stdin --background --syslog --no-dtls --script=/etc/vpnc/vpnc-script --servercert=cde32ba30fb81ddc95ccce45b46ad61992ca0eeb https://vpn.example.com/
}
stop() {
killall openconnect
}
restart() {
trap '' TERM
stop
sleep 5
start
}