Avoiding Cisco AnyConnect on the Mac

I haven’t had much luck with Cisco VPN software on the Mac in the past.  Unfortunately, the Cisco AnyConnect software that we use at Towson doesn’t accept connections from the built-in Apple VPN client.

Luckily (and predictably), the open-source community has a solution to this problem.  OpenConnect is an open source replacement for AnyConnect.  It was a pretty easy install as these things go.  I use homebrew for packages on Mac OS X, so if you use something else your mileage may vary, but here’s the steps I used:

  1. brew install openconnect
  2. download and install TunTap virtual network drivers
  3. startup drivers manually, or reboot.
  4. test out your vpn connection.
In my case, I had a few other small things to do, I needed to extract and install the root certificate for Towson, and allow access to openconnect in /etc/sudoers.

For the record, uninstalling should be pretty simple, just:

  1. Re-edit /etc/sudoers
  2. delete the cert in ~/Library/Certificates
  3. brew uninstall openconnect
  4. rm  -r /Library/Extensions/tun.kext /Library/Extensions/tap.kext /Library/StartupItems/tun /Library/StartupItems/tap