Avoiding SecurID and AnyConnect

Avoiding SecurID and AnyConnect

I previously wrote about avoiding AnyConnect and that approach still works great if you are on a system that will allow you to run the RSA SecurID application.  However, there is still a problem if you are using Linux and want to connect to VPN using RSA tokens.

These instructions are written for Debian, but everything here is generally available and most requirements are probably already packaged for your distribution.  First, you will need OpenConnect and stoken:

OpenConnect

sudo apt install openconnect vpnc-scripts ocserv network-manager-openconnect

stoken

sudo apt install libgtk-3-dev libtomcrypt-dev libxml2-dev autoconf automake libtool build-essential
wget https://github.com/cernekee/stoken/archive/master.zip
unzip master.zip
cd stoken-master
./autogen.sh
./configure
make
make check
sudo make install

There are a few ways to set up stoken (see the stoken import documentation on the web or man page), I used an sdtid file.

stoken import --file afile.sdtid

Once you have the token string imported you can use either the command line or gui version of stoken.  I will be using the gui version. The rest of the details are in my previous post and in my osx_openconnect GitHub repo.  I made one change for Linux that makes life simpler, I modified the start_vpn script to look like:

#!/bin/bash

/usr/local/bin/stoken-gui >& /dev/null &
sudo /usr/sbin/openconnect -b --config /path/to/config/vpn.conf *your.server.name*

I pipe the stoken-gui output to /dev/null to avoid an irritating warning, it may not be necessary for you.

Doyle  Young

Doyle Young

View Comments