Connecting to the VPN

Once you have installed OpenConnect and checked that you have a vpnc-script which will set up the routing and DNS for it, using OpenConnect is very simple. As root, run the following command:

That should be it, if you have a password-based login. If you use certificates, you'll need to tell OpenConnect where to find the certificate with the -c option.

You can provide the certificate either as the file name of a PKCS#12 or PEM file, or if OpenConnect is built against a suitable version of GnuTLS you can provide the certificate in the form of a PKCS#11 URL:

You might need to steal the certificate from your Windows certificate store using a tool like Jailbreak.

To start with, you can ignore anything you see in the technical page about needing to patch OpenSSL or GnuTLS so that DTLS works — you can survive without it, although DTLS will make your connections much faster if you're experiencing packet loss between you and the VPN server. But you can worry about that later.