Command-Line Usage of OpenConnect

Check the version number

    $ openconnect --version

It must be v9.0 or higher. If not, then you can either build the lastest version of openconnect from source, or use the Ivanti-Secure client.

Inspect your Routing Table

In another terminal, inspect your routing table with:

    $ ip route

Don't worry if you don't understand it. The point is to compare it with your routing table after a VPN connection has been made.

Connecting

Initiate a VPN connection with:

    $ sudo openconnect -u USERNAME@triumf.ca --protocol=nc vpn.triumf.ca

where USERNAME is your TRIDENT username.

You will be prompted for your password and verification-code (TOTP six-digit code). If you enter both of those successfully, you will see some status output with the last line ending in "ESP in progress".

It will take up to 30 seconds to complete the connection, after which you will see "ESP session established with server".

Change focus to the terminal in which you inspected the routing table and inspect your routing table again. If everything has gone according to plan, the output will be about 33 lines longer than before making the VPN connection.

Disconnecting

Use ctrl-C in the terminal in which openconnect is running. If your regular prompt does not return immediately, then use ctrl-C again.

The second ctrl-C is necessary if your connection hung because of an interrupted network conection, such as suspending a laptop by closing the lid. In that case, you would usually see a message about a "dead peer".

After disconnecting, inspect your routing table again.