“VPN Green” by Infosec Images is licensed under CC BY 2.0

Use OpenConnect as a replacement for Cisco AnyConnect VPN client in Mac

Updated guide (2020)

If you have been using Cisco AnyConnect VPN client in Mac for a while probably you have the impression that is not the best tool (and you are not alone). OpenConnect is a command-line client for Cisco’s AnyConnect SSL VPN, that can be used as an alternative to Cisco AnyConnect client.

The following guide to install and setup OpenConnect in Mac is based on this good guide prepared by Michael Klett and the feedback it has received over time.

1. Install OpenConnect via Homebrew

brew update
brew install openconnect

2. (Optional) Running OpenConnect requires sudo. So, let’s add password-less sudo ability for the openconnect command.

sudo sh -c \
'echo "%admin ALL=(ALL) NOPASSWD: /usr/local/bin/openconnect" > /etc/sudoers.d/foo'

3. Connect!

sudo openconnect --user=<VPN username> <VPN host>

The only thing you should be prompted for is your VPN password.

4. To disconnect, just Ctrl-C in the window where you started the VPN connection.

Note: Newer versions of OpenConnect will use the utun device on OS X which does not require the TUN/TAP driver or…