RedHat Network (LLNL) Installation Instructions for AnyConnect Persistent Client
Client Downloads and Setup Instructions for RedHat Network
Install
(RHEL5)
[shell prompt] yum -y install llnl-anyconnect-vpn
You will have a README file in a doc directory. To find the contents:
[shell prompt] cat /opt/cisco/vpn/doc-LLNL/README-LLNL
This is a packaged version of the Cisco AnyConnect VPN Client. It differs from the standard installation as follows:
1) The vpnagentd_init script is not started or enabled to start at any runlevel.
2) Scripts (vpn-anyc-cli, vpn-anyc-gui) are supplied that start and stop the vpnagentd_init service and then start the Command Line client or the GUI client. These scripts are located in /usr/bin/
3) A modified desktop application to launch the GUI client is also supplied. It is found in the Internet sub-menu in Gnome and KDE Desktop Applications menu (it should be available for other desktop managers as well).
NOTE: After connecting to the vpn server with the GUI interface will disappear, but the system tray will have an icon where you can control and get status on the VPN client. This works for both Gnome and KDE (and others).
Configure the service
Non-priviledged users can control the service, if not already started by root (the daemon executable has the suid bit set).
The following command will start the service:
[shell prompt] $ /sbin/service vpnagentd_init start
The following command will stop the service:
[shell prompt] /sbin/service vpnagentd_init stop
You may or may not want to have this service always running. Use the chkconfig command to control when or if it gets started. Example:
[shell prompt] sudo /sbin/chkconfig vpnagentd_init on
(this implies users are set up correctly in sudo)
You also may want to give non-root users the ability to control the vpnagentd_init service through chkconfig. An example entry in /etc/sudoers file:
## Services
Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
## Allow certain users to control the vpnagentd_init service username localhost=SERVICE vpnagentd_ini
Configure vpn agent to run on startup (privilege or sudo).
(RHEL5)
[shell prompt] chkconfig vpnagentd_init on
[shell prompt] service vpnagentd_init start
Usage
To connect to LLNL
(Non-interactive/Command line)
[shell prompt] /opt/cisco/vpn/bin/vpn connect vpn.llnl.gov
(Interactive/Command line)
[shell prompt] /opt/cisco/vpn/bin/vpn
>> connect vpn.llnl.gov
(Type "Y" twice to accept certificate)
pick one -- llnl-vpn, llnl-vpnb, llnl-vpnc, or llnl-vpnd
How to operate the Cisco supplied client:
The Cisco supplied clients are located at:
/opt/cisco/vpn/bin/vpn
/opt/cisco/vpn/bin/vpnui
There are links to these executables in /user/bin/
To disconnect
(Non-interactive/Command line)
[shell prompt] /opt/cisco/vpn/bin/vpn disconnect
(Interactive/Command line)
[shell prompt] /opt/cisco/vpn/bin/vpn
>> disconnect
To check the status of connection
(Non-Interactive/Command line)
[shell prompt] /opt/cisco/vpn/bin/vpn status
(Interactive/Command line)
[shell prompt] /opt/cisco/vpn/bin/vpn
>> status