VPN to University of Melbourne from Arch Linux

A. Ghitza

2021-01-18

Note: this is ostensibly about connecting to Melbourne Uni VPN, but might apply in other similar cases (YMMV).

Nowadays you need to connect to VPN to get pretty much anything done at Melbourne Uni. Which is really fair enough; universities are quickly becoming a tempting target for malware, ransomware, and all sorts of other unsavoury wares.

The other security measure adopted is 2FA, and the combination seems to mean that openconnect, which I had been using in the past, no longer does the trick. (Unfortunately it fails in a somewhat non-explicit manner, by asking for the username and password again and again, despite them being correct. This does not improve the debugging experience.)

The workaround for the moment is installing Cisco's own VPN software to connect. There's a cisco-anyconnect package in AUR, but it's... complicated since Cisco doesn't like to play nice and doesn't have a public download for the installer. So I had to resort to downloading it from Melbourne Uni (login required).

It's a shell script, so once downloaded

chmod u+x anyconnect-linux64-4.8.03052-core-vpn-webdeploy-k9.sh
sudo ./anyconnect-linux64-4.8.03052-core-vpn-webdeploy-k9.sh

At which point you have no idea where all the stuff went (it's not in the default PATH, for instance). Time to read the actual script! (Ha, should have probably done that before running it as sudo, I guess.)

Anyway, eventually

/opt/cisco/anyconnect/bin/vpnui

opens a window that asks which server you wish to connect to (in my case, remote.unimelb.edu.au/staff) and then opens a further login and 2FA window.