Connecting to the VPN
- openconnect https://vpn.mycompany.com/
That should be it, if you have a password-based login. If you use certificates, you'll need to tell OpenConnect where to find the certificate with the -c option.
You can provide the certificate either as the file name of a PKCS#12 or PEM file, or if OpenConnect is built against a suitable version of GnuTLS you can provide the certificate in the form of a PKCS#11 URL:
- openconnect -c certificate.pem https://vpn.mycompany.com/
- openconnect -c pkcs11:id=X_%b04%c3%85%d4u%e7%0b%10v%08%c9%0dA%8f%3bl%df https://vpn.mycompany.com/
You might need to steal the certificate from your Windows certificate store using a tool like Jailbreak.
To start with, you can ignore anything you see in the technical page about needing to patch OpenSSL or GnuTLS so that DTLS works — you can survive without it, although DTLS will make your connections much faster if you're experiencing packet loss between you and the VPN server. But you can worry about that later.