Access Keys:
Skip to content (Access Key - 0)

Q: How can I connect to the MIT VPN using openconnect on Mac OS X?

This article refers to the Cisco AnyConnect VPN. If you're looking for information on the Prisma Access VPN Beta that uses the GobalConnect app, see: Prisma Access VPN Landing Page.

If you're not sure which service you're using, see: [istcontrib:How do I know if I'm using the Cisco AnyConnect VPN or the Prisma Access VPN?]

Answer

Use Official Cisco Clients
IS&T strongly recommends that you use the Cisco AnyConnect (Secure Mobility Client) to connect to the VPN. They have been tested and should work on all supported operating systems.

System Requirements

  • A modern version of OS X: openconnect is should work on most recent OS X versions. It has been tested and seems to function correctly on 10.9.
  • Mac OS X TUN/TAP driver, which allows for creation of the virtual network interface

Installing openconnect

Install using homebrew or macports

The built openconnect package is available using macports or homebrew. You can install using one of these two programs, then install the TUN/TAP driver. You will need administrative privileges on the machine you are installing this on.

  1. Install homebrew or Macports.
  2. Open Terminal and update the package cache using the command 
     sudo brew update
  3. Install the openconnect package using the command: 
     sudo brew install openconnect
    1. If using macports, you can use the command : 
       sudo port install openconnect
  4. Install the Mac OS X TUN/TAP driver
  5. (optional) If you would like to run openconnect without admin privlidges, you can add a line to your sudoers file to allow this. The line could look something like this: 
       %admin  ALL=(ALL) NOPASSWD: /usr/local/bin/openconnect

Building from source

For advanced users only
Building openconnect from source will not be necessary for most users, as in general the prepackaged version from macports or homebrew will fulfill most needs. If you need the most recent version and it is not available, you can build it yourself.
  1. Ensure you have the dependencies needed for the package.
  2. Install the vpnc script to /etc/vpnc/vpnc-script
  3. Check the source code out from the openconnect Git repository or download a tarball from the openconnect website
  4. Untar the code to a directory and build and install it with 
    ./configure
make
make install


  5. (optional) If you would like to run openconnect without admin privlidges, you can add a line to your sudoers file to allow this. The line could look something like this: 
       %admin  ALL=(ALL) NOPASSWD: /usr/local/bin/openconnect

Running openconnect

  1. From the Terminal, run 
     openconnect -u <kerberos username> vpn.mit.edu
  2. You will be prompted for your Kerberos password, and then the VPN client will connect.
  3. Once connected, you will have an IP address that begins with 18.100. You can verify this using ifconfig, and checking the address for tun0.

To disconnect, simply press Ctrl-C in the terminal window to end the program.

Resources

openconnect Project website
openconnect for OS X Github Gist
openconnect source

Community

Documentation and information provided by the MIT Community

Last Modified:

March 31, 2020

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
vpn vpn Delete
osx osx Delete
mac mac Delete
openconnect openconnect Delete
open open Delete
connect connect Delete
tun/tap tun/tap Delete
homebrew homebrew Delete
macport macport Delete
vpnc vpnc Delete
c-anyconnect c-anyconnect Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use
This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki