I can’t get VPN to work on my Manjaro KDE install. More specifically I can’t get CISCO AnyConnect to work.
I installed CISCO AnyConnect from AUR. There are some issues with the install. From the AUR comments it is clear that other Majaro users have run into problems as well.
Firstly the GUI doesn’t work; meaning that the GUI is launching, but it’s all grey and not responsive. However, by running vpnagentd the GUI starts correctly:
/opt/cisco/anyconnect/bin/vpnagentd
Only then can vpnui be launched. However, I get the following error when trying to connect to the university where I’m employed:
Automatic profile updates are disabled and the local VPN profile does not match the secure gateway VPN profile.
This also happens if I run the commands as sudo.
Strangely it works with Linux Manjaro Cinnamon. I have tried CISCO AnyConnect on two different laptops running Linux Manjaro KDE, and it fails. While it runs just fine on my laptop running Linux Manjaro Cinnamon, and here I don’t need to first start vpnagentd, and for that reason I decided to post here.
Running sudo openconnect vpn_address --csd-wrapper /path/to/csd-wrapper.sh gives the following output:
POST vpn_address
Connected to IP_address
SSL negotiation with vpn_address
Connected to HTTPS on vpn_address with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-256-GCM)
XML POST enabled
Trying to run CSD Trojan script ‘…/csd-wrapper.sh’.
curl: (35) error:0A000152:SSL routines::unsafe legacy renegotiation disabled
CSD script ‘…/csd-wrapper.sh’ returned non-zero status: 35
Authentication may fail. If your script is not returning zero, fix it.
Future versions of openconnect will abort on this error.
GET vpn_address/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second…
GET vpn_address/+CSCOE+/sdesktop/wait.html
SSL negotiation with vpn_address
Connected to HTTPS on vpn_address with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-256-GCM)
Refreshing +CSCOE+/sdesktop/wait.html after 1 second…
GET vpn_address/+CSCOE+/sdesktop/wait.html
SSL negotiation with vpn_address
…
That’s alright. I still appreciate the suggestions.
There are nice people working at the IT department. However, they were not able to help. They probably don’t put much effort into this as Linux isn’t supported, and this is only an issue when I’m working from home.