Connecting to Cisco's AnyConnect SSL VPN on MacOS (bypassing the EOL'd Cisco Secure Desktop)

csd-responder-exec.sh

Moved to https://github.com/bmaddy/csd-vpn/blob/master/csd-responder-exec.sh

csd-responder.sh

Moved to https://github.com/bmaddy/csd-vpn/blob/master/csd-responder.sh

I'm making a gist to show how to do this because it took me a while to find a script that worked.

Usage

sudo openconnect -v --csd-wrapper=csd-responder-exec.sh --user <user> <https://vpn.mycompany.com>

Alternatively, on OSX you can store your pwd in your keychain and run it like this (place it in a new, 3rd file):

#!/bin/bash

DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

# Get password from OS X Keychain function
get_pwd () {
  security find-generic-password -wa "<name-in-keychain>"
}

echo "**** Retrieving password from keychain ****"
echo $(get_pwd) | sudo openconnect -v \
  --csd-wrapper=$DIR/<relative-path-to-script>/csd-responder-exec.sh \
  --authgroup=Employee_Access \
  --user <user> \
  --passwd-on-stdin \
  <https://vpn.mycompany.com>

Most of this was copied from here: https://github.com/sourcesimian/vpn-porthole/blob/master/PROFILES.md#cisco-hostscan
which was inspired by this: https://gist.github.com/l0ki000/56845c00fd2a0e76d688#gistcomment-2015122

Resources

openconnect manual: http://www.infradead.org/openconnect/manual.html
Info about using a wrapper script to bypass CSD: http://www.infradead.org/openconnect/csd.html
Cisco Secure Desktop seems to be end-of-life'd: https://www.cisco.com/c/en/us/obsolete/security/cisco-secure-desktop.html
Shimo appears to use openconnect: https://gist.github.com/l0ki000/56845c00fd2a0e76d688#gistcomment-1666416

This has been moved to a repo: https://github.com/bmaddy/csd-vpn