You can support us by downloading this article as PDF from the Link below. Download the guide as PDF

This is a short guide on how to connect to your VPN Server using Cisco AnyConnect Application from Command Line interface. If you don’t have love for command line interfaces, I recommend you connect from Desktop AnyConnect application as shown in our previous AnyConnect installation guide.

A basic requirement for this setup is installed AnyConnect Client application. Refer to our guide in the link below for the steps required.

Install Cisco AnyConnect on Ubuntu / Debian / Fedora

Connect To VPN Server with Cisco AnyConnect from Linux Terminal

If you used the installation method covered in our guide, the vpn script used to connect, disconnect, and check the status of VPN is located in the directory below.

$ ls /opt/cisco/anyconnect/bin/                         
total 3.7M
-rwxr-xr-x. 1 root root  14K Dec 13 03:26 acinstallhelper
-rwxr-xr-x. 1 root root 783K Dec 13 03:26 acwebhelper
-rwxr-xr-x. 1 root root  688 Dec 13 03:26 anyconnect_uninstall.sh
-rwxr-xr-x. 1 root root  315 Dec 13 03:26 load_tun.sh
-rwxr-xr-x. 1 root root 506K Dec 13 03:26 manifesttool
drwxr-xr-x. 2 root root 4.0K Dec 13 03:26 plugins
-rwxr-xr-x. 1 root root  76K Dec 13 03:26 vpn
-rwxr-xr-x. 1 root root 999K Dec 13 03:26 vpnagentd
-rwxr-xr-x. 1 root root 418K Dec 13 03:26 vpndownloader
-rwxr-xr-x. 1 root root 398K Dec 13 03:26 vpndownloader-cli
-rwxr-xr-x. 1 root root 487K Dec 13 03:26 vpnui
-rwxr-xr-x. 1 root root 9.2K Dec 13 03:26 vpn_uninstall.sh

Check the vpn connection script command options:

$ /opt/cisco/anyconnect/bin/vpn --help

    Usage: vpn [options] | [cmd] [host]

       options:
            -h         Print this usage statement.
            -v         Print version.
            -s         Read commands from response file to work non-interactively.
                       Example: vpn -s < response.txt

       commands: [connect|disconnect|hosts|state|stats]

Here is a connection example

$ /opt/cisco/anyconnect/bin/vpn -s connect 192.168.10.10

Accept untrusted connections when prompted and provide your VPN username and password.

Copyright (c) 2004 - 2019 Cisco Systems, Inc.  All Rights Reserved.


  >> state: Disconnected
  >> state: Disconnected
  >> notice: Ready to connect.
  >> registered with local VPN subsystem.
  >> contacting host (192.168.10.10) for login information...
  >> notice: Contacting 192.168.10.10.
AnyConnect cannot verify server: 192.168.10.10
    - Certificate does not match the server name.
Connecting to this server may result in a severe security compromise!

Most users do not connect to untrusted servers unless the reason for the error condition is known.

Connect Anyway? [y/n]: y
>> Please enter your username and password.

Username: [jmutai] 
Password: 
Second Password: 

The connection should be initiated if correct credentials were provided.

>> state: Connecting
  >> notice: Establishing VPN session...
The AnyConnect Downloader is analyzing this computer. Please wait...
Initializing the AnyConnect Downloader...
The AnyConnect Downloader is performing update checks...
  >> notice: The AnyConnect Downloader is performing update checks...
  >> notice: Checking for profile updates...
  >> notice: Checking for product updates...
The AnyConnect Downloader updates have been completed.
Please wait while the VPN connection is established...
  >> notice: Checking for customization updates...
  >> notice: Performing any required updates...
  >> notice: The AnyConnect Downloader updates have been completed.
  >> state: Connecting
  >> notice: Establishing VPN session...
  >> notice: Establishing VPN - Initiating connection...
  >> notice: Establishing VPN - Examining system...
  >> notice: Establishing VPN - Activating VPN adapter...
  >> notice: Establishing VPN - Configuring system...
  >> notice: Establishing VPN...
  >> state: Connected

Check VPN Connection status:

$ /opt/cisco/anyconnect/bin/vpn state 
Cisco AnyConnect Secure Mobility Client (version 4.7.01076) .

Copyright (c) 2004 - 2019 Cisco Systems, Inc.  All Rights Reserved.


  >> state: Connected
  >> state: Connected
  >> state: Connected
  >> registered with local VPN subsystem.
VPN> 

To pull connection stats, use:

$ /opt/cisco/anyconnect/bin/vpn stats

Disconnecting VPN

To disconnect from VPN, use the command:

$ /opt/cisco/anyconnect/bin/vpn -s disconnect 192.168.10.11

Replace 192.168.10.11 with your VPN server IP address.

Automating VPN connection from CLI

If you want a script to automate the connection, first create credentials file.

$ vim ~/.vpn_creds
username
Password
y

Set VPN username and password in the file. Then create a script file like below.

$ vim vpn_connect.sh
#!/bin/bash

VPN_SERVER="192.168.10.10"

echo "Connecting to VPN.."
/opt/cisco/anyconnect/bin/vpn -s  < ~/.vpn_creds connect ${VPN_SERVER}

Make the script executable.

$ chmod +x vpn_connect.sh

Run the script to connect to your VPN server.

$ ./vpn_connect.sh
Connecting to VPN..
Cisco AnyConnect Secure Mobility Client (version 4.7.01076) .

Copyright (c) 2004 - 2019 Cisco Systems, Inc.  All Rights Reserved.


  >> state: Disconnected
  >> state: Disconnected
  >> notice: Ready to connect.
  >> registered with local VPN subsystem.
  >> contacting host (192.168.10.10) for login information...
  >> notice: Contacting 192.168.10.10.

  >> Please enter your username and password.

Username: [jkmutai] jmutai
Password: 
  >> state: Connecting
  >> notice: Establishing VPN session...
The AnyConnect Downloader is analyzing this computer. Please wait...
Initializing the AnyConnect Downloader...
The AnyConnect Downloader is performing update checks...
  >> notice: The AnyConnect Downloader is performing update checks...
  >> notice: Checking for profile updates...
  >> notice: Checking for product updates...
  >> notice: Checking for customization updates...
The AnyConnect Downloader updates have been completed.
  >> notice: Performing any required updates...
Please wait while the VPN connection is established...
  >> notice: The AnyConnect Downloader updates have been completed.
  >> state: Connecting
  >> notice: Establishing VPN session...
  >> notice: Establishing VPN - Initiating connection...
  >> notice: Establishing VPN - Examining system...
  >> notice: Establishing VPN - Activating VPN adapter...
  >> notice: Establishing VPN - Configuring system...
  >> notice: Establishing VPN...
  >> state: Connected

Now you’re securely connected to corporate network with AnyConnect VPN client.

More guides

Install and Configure OpenVPN Server on RHEL 8 / CentOS 8

Connecting to Algo VPN Server from Linux and Android devices

Algo VPN – Setup a personal IPSEC VPN in the Cloud

How to Setup IPSec VPN server with L2TP and Cisco IPsec on Linux

How To use nmcli to connect to OpenVPN Server on Linux

How to connect to VPN Server with OpenConnect SSL VPN Client on Linux

You can support us by downloading this article as PDF from the Link below. Download the guide as PDF