OpenConnect and Cisco Firepower AnyConnect

From OISecWiki
Revision as of 14:07, 28 November 2024 by Cliff (talk | contribs)

Since a recent update in Cisco Firepower (7.2.4.1) OpenConnect would no longer connect to a AnyConnect VPN.

This is due to TLS1.3 being announced as a functionality by the Firepower, but when connecting this will generate errors.

A quick work around is the following

mv /usr/sbin/openconnect /usr/sbin/openconnect-bin

Create a new file /usr/sbin/openconnect

#!/bin/sh
 
/usr/sbin/openconnect-bin "$@" --gnutls-priority="NORMAL:-VERS-ALL:+VERS-TLS1.2:+RSA:+AES-128-CBC:+SHA1"
chmod +x /usr/sbin/openconnect

Now it will work again.