Unless you need to test the very latest version, you should not need to build OpenConnect for yourself. Your operating system should have a prepackaged version which you can install; if it does not then file a bug or enhancement request asking for one.
To build OpenConnect from its source code, you will need the following libraries and tools installed:
- Either OpenSSL or GnuTLS
- p11-kit (for PKCS#11 support)
- libp11 (also needed for PKCS#11 support if using OpenSSL)
- trousers (for TPM support if using GnuTLS)
- libstoken (for SecurID software token support)
- liboath (for software HOTP/TOTP support)
- libpcsclite (for Yubikey hardware HOTP/HOTP support)
OpenConnect supports the use of HTTP and SOCKS proxies to connect to the AnyConnect service, even without using libproxy. You may wish to use libproxy if you want OpenConnect to automatically use the appropriate proxies for your environment, without having to manually give it the --proxy argument on the command line.
Since version 3.17, The vpnc-script that OpenConnect uses to configure the network is no longer optional, so it needs to be told at compile time where to find that script.
The configure script will check whether /etc/vpnc/vpnc-script exists and can be executed, and will fail if not. If you don't already have a copy then you should install one. It might be in a separate vpnc-script package for your operating system, it might be part of their vpnc package, and there's one linked from from the vpnc-script page, if you need to download it manually. Install it as /etc/vpnc/vpnc-script.
If you do not want to use the standard location, you can configure OpenConnect to use a different location by default. When running the ./configure script in the instructions below, you can append an argument such as --with-vpnc-script=/where/I/put/vpnc-script to its command line. Note that the path you give will not be checked; the script doesn't have to be present when you build OpenConnect. But of course OpenConnect won't work very well without it, so you'll still have to install it later.
If you checked the source code out from git rather from a release tarball then run this command first to prepare the build system:
Then to build it, run the following commands:
- make install (If you want to install it)
Note that OpenConnect will attempt to use the GnuTLS library by default. If you want it to use OpenSSL instead, then add --without-gnutls to the ./configure command above.
If compilation fails, please make sure you have a working compiler and the development packages for all the required libraries mentioned above. If it still doesn't build, please send the full output in a plain-text mail to the mailing list.
Mac OS X users with OS X 10.6 or older, or using OpenConnect 6.00 or older, will also need to install the Mac OS X tun/tap driver. Newer versions of OpenConnect will use the utun device on OS X which does not require additional kernel modules to be installed.
Solaris/OpenIndiana users will need the Solaris TAP driver. Note that for IPv6 support, the Solaris tun/tap driver from 16th Nov 2009 or newer is required.
On Windows, version 9.9 or later of the TAP-Windows driver from the OpenVPN project is required. The easiest way to install the driver is to use the Windows installer from the Community Downloads page. The 64-bit installer contains signed drivers suitable for use on Windows 7 and later versions.