anyconnect 外部控制管理vpn连接


iOS可以使用Apple Configurator生成mobileconfig文件来配置AnyConnect。最早使用这份配置的时候,发现如果使用密码认证,即便配置文件里写了用户名和密码,iOS的AnyConnect还是会需要用户再输入一次密码。所以一直以来用AnyConnect做的各种解决方案都是使用证书的方式,将用户证书和CA证书一并集成到mobileconfig文件里。



研究了cisco的文档,发现可以用 anyconnect://connect 直接呼起客户端的连接操作,而这个链接iOS和Android都可用。


在设置中改为提示 或者 启用。

而,之前dns不生效的功能,现在只能开启 split-dns 了。

anyconnect 外部控制管理vpn连接 by @sskaje:

Ocserv IPv6

I’m using AnyConnect both on iOS and OS X, you can read previously posted article on my blog: anyconnect, openconnect, ocserv.

You can find ipv6-network and ipv6-prefix in ocserv’s sample.config:

which means ocserv should be compatible with IPv6.
And, in AnyConnect for iOS, ipv6 can be found somewhere, seems ipv6 is also compatible here.

My VPN is hosted on Linode VPS. Linode provides free IPv6 address pool. Open a ticket and ask for an address pool, you’ll get your own pool routed to your VPS’s ipv6 address.
After that, set the ipv6-network and ipv6-prefix.

Ocserv 0.8.9 does not send correct headers to AnyConnect for iOS, but 0.9.0-dev does.
I can now get a correct ipv6 address on my iPhone but with no connectivity. As it’s said, X-CSTP-Split-Include/Exclude is not well handled by AnyConnect for IPv6 addresses.
After that, I tried the latest AnyConnect for OSX, you can download it here:

IPv6 is also assigned to my MBP, also with route, but still not working.

Ocserv IPv6 by @sskaje:

Incoming search terms:

OCServ with AnyConnect on OSX

I tried a lot to make Cisco Anyconnect Secure Mobility Client work with OCServ, on OSX, on Windows, all failed.
But the AnyConnect for iOS works fine.
You can download the latest clients from: Cisco AnyConnect Clients 3.1.05170 download, 3.1.05182 is also provided.

AnyConnect for OSX always says:

In /var/log/system.log:

I read the chapter ‘False Captive Portal Detection‘ from Cisco’s official documentation, nothing useful.

I saw someone said that AnyConnect 3.1 added extra certificate verification than 3.0, which makes 3.1 not compatible with ocserv.
The latest version of AnyConnect for iOS is 3.0.12119, but for PC/Mac 3.1.05182.
I tried to find clients of AnyConnect 3.0.11042/3.0.11046, only two can be found, and MD5 checksum are same no matter where I downloaded.

You can find files here:

I tested the OSX one, the PKG file requires me change security level of application installing, it really works, the bad news is, there’s nowhere to choose client certificate but clicking allow/decline of private key usage.




OCServ with AnyConnect on OSX by @sskaje:

Incoming search terms:

OpenConnect DNS Only + Google Only

I’m using 4G by China Mobile, but the DNS it provides really sucks. Changing DNS from Cellular Data on a not-jailbroken iPhone is impossible so far as I know (I tried mobileconfig but can find any working options).

The first idea is pushing DNS from a PPTP server, which I wrote: Notes: PPTP/L2TP Server on Ubuntu.
I can create two connections on my iOS, one set default route, one not. All users share a same setting from PPTPd, it’s almost impossible if I want to use a different DNS in these two connections, changing default pptp port from 1723 to others is not as easy as it is on windows.
Don’t forget that PPTP is what GF*W likes.
Continue reading “OpenConnect DNS Only + Google Only” »

OpenConnect DNS Only + Google Only by @sskaje:

Incoming search terms:

Cisco AnyConnect Clients 3.1.05170 download

Available for OS X, Windows, Linux, but unfortunately I didn’t figure out how to use it with OpenConnect when using public key authentication.
OpenConnect Public Key Authentication
Open Connect Server Configuration (Working for iOS)
OpenConnect on Ubuntu

OCServ with AnyConnect on OSX


Continue reading “Cisco AnyConnect Clients 3.1.05170 download” »

Cisco AnyConnect Clients 3.1.05170 download by @sskaje:

Incoming search terms: