I use OpenConnect on Linux to connect to Cisco VPN devices for work, but on MacOS X I usually have to use the crappy Cisco AnyConnect GUI application. The following is how to set up the same thing on MacOS X and avoid having to use the AnyConnect application:
-
Install OpenConnect via homebrew (install homebrew first if you don't have it already - which you should because it's awesome!):
brew update brew install openconnect
-
Install the necessary MacOS X TUN/TAP driver.
-
Give the 'openconnect' binary SUDO privileges:
sudo visudo -f /etc/sudoers
And add the following line:
%admin ALL=(ALL) NOPASSWD: /usr/local/bin/openconnect
-
Connect:
sudo openconnect --no-cert-check --user=user vpn.host.com
NOTE: I'm connecting w/o a certificate check. If you want to provide a certificate you can - simply go to your vpn.host.com in a browser and export out a .pem version of the root certificate (use the 'Keychain Access' tool on MacOS X to do this). However, if the root certificate is self-signed you may still be interactively prompted by the 'openconnect' tool; thus I went ahead and decided to ignore the certificate check so that I could script my VPN connecting and make life easier.