VPN to University of Melbourne from Arch Linux
2021-01-18
Note: this is ostensibly about connecting to Melbourne Uni VPN, but might apply in other similar cases (YMMV).
Nowadays you need to connect to VPN to get pretty much anything done at Melbourne Uni. Which is really fair enough; universities are quickly becoming a tempting target for malware, ransomware, and all sorts of other unsavoury wares.
The other security measure adopted is 2FA, and the combination seems to mean
that
openconnect
, which I had been
using in the past, no longer does the trick. (Unfortunately it fails in a
somewhat non-explicit manner, by asking for the username and password again
and again, despite them being correct. This does not improve the debugging
experience.)
The workaround for the moment is installing Cisco's own VPN software to connect. There's a cisco-anyconnect package in AUR, but it's... complicated since Cisco doesn't like to play nice and doesn't have a public download for the installer. So I had to resort to downloading it from Melbourne Uni (login required).
It's a shell script, so once downloaded
chmod u+x anyconnect-linux64-4.8.03052-core-vpn-webdeploy-k9.sh
sudo ./anyconnect-linux64-4.8.03052-core-vpn-webdeploy-k9.sh
At which point you have no idea where all the stuff went (it's not in the
default
PATH
, for instance). Time to read
the actual script! (Ha, should have probably done that before running it as
sudo, I guess.)
Anyway, eventually
/opt/cisco/anyconnect/bin/vpnui
opens a window that asks which server you wish to connect to (in my case,
remote.unimelb.edu.au/staff
) and
then opens a further login and 2FA window.