Q: How can I connect to the MIT VPN using openconnect on Mac OS X?
![]() | This article refers to the Cisco AnyConnect VPN. If you're looking for information on the Prisma Access VPN Beta that uses the GobalConnect app, see: Prisma Access VPN Landing Page. If you're not sure which service you're using, see: [istcontrib:How do I know if I'm using the Cisco AnyConnect VPN or the Prisma Access VPN?] |
Answer
![]() | Use Official Cisco Clients IS&T strongly recommends that you use the Cisco AnyConnect (Secure Mobility Client) to connect to the VPN. They have been tested and should work on all supported operating systems. |
System Requirements
- A modern version of OS X: openconnect is should work on most recent OS X versions. It has been tested and seems to function correctly on 10.9.
- Mac OS X TUN/TAP driver, which allows for creation of the virtual network interface
Installing openconnect
Install using homebrew or macports
The built openconnect package is available using macports or homebrew. You can install using one of these two programs, then install the TUN/TAP driver. You will need administrative privileges on the machine you are installing this on.
- Install homebrew or Macports.
- Open Terminal and update the package cache using the command
sudo brew update
- Install the openconnect package using the command:
sudo brew install openconnect
- If using macports, you can use the command :
sudo port install openconnect
- If using macports, you can use the command :
- Install the Mac OS X TUN/TAP driver
- (optional) If you would like to run openconnect without admin privlidges, you can add a line to your sudoers file to allow this. The line could look something like this:
%admin ALL=(ALL) NOPASSWD: /usr/local/bin/openconnect
Building from source
![]() | For advanced users only Building openconnect from source will not be necessary for most users, as in general the prepackaged version from macports or homebrew will fulfill most needs. If you need the most recent version and it is not available, you can build it yourself. |
- Ensure you have the dependencies needed for the package.
- Install the vpnc script to /etc/vpnc/vpnc-script
- Check the source code out from the openconnect Git repository or download a tarball from the openconnect website
- Untar the code to a directory and build and install it with
./configure make make install
- (optional) If you would like to run openconnect without admin privlidges, you can add a line to your sudoers file to allow this. The line could look something like this:
%admin ALL=(ALL) NOPASSWD: /usr/local/bin/openconnect
Running openconnect
- From the Terminal, run
openconnect -u <kerberos username> vpn.mit.edu
- You will be prompted for your Kerberos password, and then the VPN client will connect.
- Once connected, you will have an IP address that begins with 18.100. You can verify this using ifconfig, and checking the address for tun0.
To disconnect, simply press Ctrl-C in the terminal window to end the program.
Resources
openconnect Project website
openconnect for OS X Github Gist
openconnect source