RedHat Network (LLNL) Installation Instructions for AnyConnect Persistent Client

Client Downloads and Setup Instructions for RedHat Network


Install
(RHEL5)
[shell prompt] yum -y install llnl-anyconnect-vpn

You will have a README file in a doc directory. To find the contents:

[shell prompt] cat /opt/cisco/vpn/doc-LLNL/README-LLNL

This is a packaged version of the Cisco AnyConnect VPN Client. It differs from the standard installation as follows:

1) The vpnagentd_init script is not started or enabled to start at any runlevel.
2) Scripts (vpn-anyc-cli, vpn-anyc-gui) are supplied that start and stop the vpnagentd_init service and then start the Command Line client or the GUI client. These scripts are located in /usr/bin/
3) A modified desktop application to launch the GUI client is also supplied. It is found in the Internet sub-menu in Gnome and KDE Desktop Applications menu (it should be available for other desktop managers as well).

NOTE: After connecting to the vpn server with the GUI interface will disappear, but the system tray will have an icon where you can control and get status on the VPN client. This works for both Gnome and KDE (and others).

Configure the service
Non-priviledged users can control the service, if not already started by root (the daemon executable has the suid bit set).

The following command will start the service:
[shell prompt] $ /sbin/service vpnagentd_init start

The following command will stop the service:
[shell prompt] /sbin/service vpnagentd_init stop

You may or may not want to have this service always running. Use the chkconfig command to control when or if it gets started. Example:
[shell prompt] sudo /sbin/chkconfig vpnagentd_init on

(this implies users are set up correctly in sudo)

You also may want to give non-root users the ability to control the vpnagentd_init service through chkconfig. An example entry in /etc/sudoers file:

## Services
Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
## Allow certain users to control the vpnagentd_init service username localhost=SERVICE vpnagentd_ini

Configure vpn agent to run on startup (privilege or sudo).
(RHEL5)
[shell prompt] chkconfig vpnagentd_init on
[shell prompt] service vpnagentd_init start


Usage
To connect to LLNL
(Non-interactive/Command line)
[shell prompt] /opt/cisco/vpn/bin/vpn connect vpn.llnl.gov

(Interactive/Command line)
[shell prompt] /opt/cisco/vpn/bin/vpn
>> connect vpn.llnl.gov

(Type "Y" twice to accept certificate)
pick one -- llnl-vpn, llnl-vpnb, llnl-vpnc, or llnl-vpnd

How to operate the Cisco supplied client:
The Cisco supplied clients are located at:
/opt/cisco/vpn/bin/vpn
/opt/cisco/vpn/bin/vpnui
There are links to these executables in /user/bin/

To disconnect
(Non-interactive/Command line)
[shell prompt] /opt/cisco/vpn/bin/vpn disconnect

(Interactive/Command line)
[shell prompt] /opt/cisco/vpn/bin/vpn
>> disconnect


To check the status of connection
(Non-Interactive/Command line)
[shell prompt] /opt/cisco/vpn/bin/vpn status

(Interactive/Command line)
[shell prompt] /opt/cisco/vpn/bin/vpn
>> status