Skip to content

Instantly share code, notes, and snippets.

@darrenpmeyer
Last active June 10, 2020 16:24
Show Gist options
  • Save darrenpmeyer/fa427b1ebdd8239bf665 to your computer and use it in GitHub Desktop.
Save darrenpmeyer/fa427b1ebdd8239bf665 to your computer and use it in GitHub Desktop.
Building OpenConnect 7 on Ubuntu 14 (trusty), 15 (vivid), and 16 (xenial)

READ FIRST

This is outdated information, though the concepts are valid. A script implmenting these concepts for OpenConnect 8 on Ubuntu 18 (bionic) and 19 (eoan) is available

Building OpenConnect 7 on Ubuntu 14 (trusty) and 15 (vivid)

The steps in this guide are available as an autobuild shell script

Why?

Because the OpenConnect package from Ubuntu is a bit outdated, and if you have a recent AnyConnect server, you need a newer OpenConnect to play with it.

Why this guide uses OpenSSL instead of GnuTLS

We'll be building OpenConnect mostly with its defaults, but we're going to use OpenSSL rather than GnuTLS. This isn't a philosophical choice: GnuTLS is still maturing, and my testing showed that compilation with GnuTLS leads to a bit of a crapshoot when connecting to AnyConnect endpoints. I haven't debugged this; if you find a good path to compiling with GnuTLS that works reliably, I'm all ears.

Build

Preflight

sudo apt-get install curl vpnc-scripts build-essential libssl-dev libxml2-dev liblz4-dev
curl -O ftp://ftp.infradead.org/pub/openconnect/openconnect-7.08.tar.gz
curl -O ftp://ftp.infradead.org/pub/openconnect/openconnect-7.08.tar.gz.asc
gpg --keyserver pgp.mit.edu --recv-key 67e2f359

Verify

gpg --verify openconnect-7.08.tar.gz.asc

You should see something very much like:

gpg: assuming signed data in `openconnect-7.08.tar.gz'
gpg: Signature made Tue 17 Mar 2015 08:33:15 AM CDT using RSA key ID 67E2F359
gpg: Good signature from "David Woodhouse <dwmw2@infradead.org>"
gpg:                 aka "David Woodhouse <dwmw2@exim.org>"
gpg:                 aka "David Woodhouse <david@woodhou.se>"
gpg:                 aka "David Woodhouse <dwmw2@kernel.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: BE07 D9FD 5480 9AB2 C4B0  FF5F 6376 2CDA 67E2 F359

Build

tar xzf openconnect-7.08.tar.gz
cd openconnect-7.08
./configure --without-gnutls --with-vpnc-script=/usr/share/vpnc-scripts/vpnc-script
make
sudo make install
sudo ldconfig /usr/local/lib

OpenConnect will be at /usr/local/sbin/openconnect

@jussi-ft
Copy link

Working, thanks for advice.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment