Cisco AnyConnect on Bazzite?
Just wondering, should Cisco AnyConnect work on Bazzite (or any of the U Blue packages?) Work wants me to download
anyconnect-linux64-4.10.06079-core-vpn-webdeploy-k9.sh
I'm also more than happy to try openconnect or "Cisco Compatable VPN (vpnc) but I've no idea what to fill in. I've tried using one of our servers with my work user name and password, but I can't even get the "Add" button to enable
65 Replies
man what output do u get when running the script from ur terminal
should look something like this
ok I have a weird feeling about this... because I know when I tried it it was (not surprisingly) complaining about being an immutable os and not having write perms... but
💀 ok this seems scuffed asf, we should try openconnect
dont send the script bc it might have pii on it but check it to see if u can find the gateway
u think I can safely nuke /opt/cisco?
should be an ip or domain
prob
ok - I go to vpn.company.com which gives me a choice of locations... I click on the emea one which gives me a server a bit like
it then asks me to do go through our Microshaft authentication and then I see: the Cisco VPN login page (and clicking through from that takes me to the anyconnect for linux download link)
but we're not doing that of course... however I would assume that my details should have
vpn-nl.company.com for the gateway?I click connect and I get this bit of oddness
💀 can u just send the sh file but redact pii
u mean the anyconnect one that I download?
yeah
I don't know what you mean by "pii" but looking at the anyconnect script it seems fairly generic with no mention of our company servers etc
man i pulled a name, an address, and a company from that 💀
u should prob delete
u should censor ip addresses and stuff
derp - yeah
also can u send the .sh file (remove pii and ips)
Openconnect log in messages - I think censored
man that just looks like a post request, are u sure those are the contents of the .sh file? did u run
cat anyconnect-linux64-4.10.06079-core-vpn-webdeploy-k9.shno - this is the log from connecting to openconnect
I'm going through the anyconnect sh file though I can't see any personal information in the script...
it's the installer - then it goes into the binary crap 😦
but there's no personal info
(that I can see lol)
ok yeah its just the installer
confusion
what fields did u enter to openconnect
and also do u know the exact address of the vpn server
I believe that it's the one I am refering to as company.com
im tweaking 💀
and when I "turn it on" then I get that weird login page I showed https://discordapp.com/channels/1072614816579063828/1358804674978775071/1358830067383537765
which gives us the log file https://discordapp.com/channels/1072614816579063828/1358804674978775071/1358832607898632202
💀 ok so it doesnt like authing u with openconnect at all
try rerunning the thing
sudo /opt/cisco/anyconnect/bin/vpn
then running this once its "installed"
and if it says anything other than command not found, try this: sudo /opt/cisco/anyconnect/bin/vpn connect vpn-NL-COMPANY.com
(btw all this pain and suffering is bc ur work sucks ass)
they didnt use openvpn or wireguard and anyconnect doesnt have any packaging other than tarballs and the .sh file 💀
I will 100% accept the fact that my work sucks ass 🙂
ok good all the complaining is just icons and .desktop files not working but we worry ab that later
sudo /opt/cisco/anyconnect/bin/vpn connect vpn-NL-COMPANY.com
what does this cmd doholy shit it works
try entering ur creds
VPN> [email protected]
I assume
uh
u should have a prompt that asks for ur username and pass
did u run this one
prepare for more ass sucking
real
try
sudo /opt/cisco/anyconnect/bin/vpnuiand of course we have the same doing anconnect.sh conect <server>
/opt/cisco/anyconnect/bin/acwebhelper: error while loading shared libraries: libwebkit2gtk-4.0.so.37: cannot open shared object file: No such file or directory
😭
I am verging back into "fuck this" territory...
What I was 1/2 wondering about was can I do this using Distrobox somehow?
honestly maybe 💀
we are so far down the rabbit hole of making shit more cursed in hopes of getting it to work
i found the package for that but i need a sec
yeah it's a royal pain that open connect wont work 😦
sudo rpm-ostree install webkit2gtk4.0
ok try this cmd and then reboot
or see if sudo rpm-ostree apply-live works
without dying
btw
this would have been over in 5 seconds if they used wireguard or openvpn like normal human beings 💀lol
😭
and of course command line is still being a dick
😭 😭 😭
bro tbh atp bazzite not be for u if u need this shit
u cant properly install bc root installation bypass depends on rpm-ostree
but there is no rpm file to give to rpm-ostree bc cisco sucks
and it seems like ur company doesnt like openconnect authing
yeah this was why I was wondering distrobox, but I don't know anything about it really
problem is that vpns need priv esc to work and it would be really goofy on distrobox
wahh
nah the problem is that company.com's IT dept enjoys sucking ass
real
they have a new #1 opp after today bruh 💀
?
ok so basically the issue here is that because of the immutable nature of bazzite and ublue in general, the way that u install things on ur base system is very hacky and a last resort
however they made all the tweaks to make this better and an actually good experience in rpm-ostree
but that depends on getting an rpm file with ur stuff
cisco didnt package their shit so we get to suffer 💀
basically without technical yap
get on a traditional distro like nobara or something
ublue is too based for bad technology
yeah the main reason Im looking at doing this is "for fun"
it's my own machine, but sometimes I might do work dev on it
but fuck them
you can probably create custom image for this :thonk:
It's really not worth it
yeah its kinda overkill but imo its not that bad
if I had had to, I could make an ubuntu or something VM
I mean my work laptop is only 1 ft to my right
and I already have things with a KVM
💀
if thats the case u could prob set up ur laptop as a router to the vpn server but that would be so cursed
No
Vpn needs a full system access
I could have sworn some ppl said there "was a way" but chuff knows what it is / was