The NoTouch supports both the original Cisco AnyConnect IPSec VPN client for Linux works fine as well as the more modern SSL VPNs.'''Please note that VPN capabilities are only included in NoTouch and some OS the special Enhanced Security images have it included (on x86 thin client). To enable it''' However, a special setOpenConnect (free Cisco VPN client) support is now available on RX-up procedure is used:HDX firmware version 2.40.4306 or later.
# Repurpose one PC with == OpenConnect == For Cisco connectivity, we favor OpenConnect, not only because it is open, but also because it seems to be better maintained than the original Cisco software. The web page of the OpenConnect product is http://www.infradead.org/openconnect/ We do have the latest [http://rx-hdx.ncomputing.com/kb/OpenConnect OpenConnect binary] included (see screenshot). So running openconnect on NoTouch image is not better or worse than on any other Linux system. Of course, we try to have parameters for everything so that our customers do not need to go to the command line, but for openconnect we have only the binary for now. The OpenConnect manual looks relatively simple - http://www.infradead.org/openconnect/connecting.html - There are many parameters if you just run openconnect without any parameter, you will need to check what is necessary for your installation. The OpenConnect manual says that includes you need to have a vpnc-script. Of course is this included in its default location /etc/vpnc/vpnc-script. Our first advice is to just run it from the command line. Log in to the system's configuration page, click on Console, use the su command to get root (same password again) and try to connect, start with openconnect <nowiki>https://mygateway.mycompany.com</nowiki> Running on system startup: Use [[Eventscripts]], use Startup 3 (this happens after networking). Running via a desktop icon: Create a connection as if you would create a VMware Horizon or Citrix connection. However, chose the connection mode "custom command" and set the parameter "Command to be executed" to whatever openconnect command line you want to run. == Cisco SSL == The Cisco VPN clientfor Linux works fine in NoTouch and some OS images have it included. # Create your normal In this guide we assume you have a NoTouch machine with a configured [[connection (View]], be it [[Citrix]], [[VMware Horizon View]], whatever, and you want to add Cisco VPN support in a way that your users can click on an icon to start the VPN connection when they need it. # Open a [[Shell prompt]] and make sure are logged in as root (Use the "su" command with the client admin password to elevate your privileges from normal user to root if necessary)# Configure the Cisco VPN service#* Create the folder where the file will reside:#** mkdir /config/ciscovpn#* Create /edit your ProfileName.pcf connection file#** See here: [http://micro.stanford.edu/wiki/How_to_install_and_configure_the_Cisco_VPN_client_on_a_Linux_computer#Configuring_the_VPN_Client Install Cisco VPN on Linux]#* Save the file to /config/ciscovpn# [[Configure NoTouch OS|In the configuration]], or via NoTouch Center, create a connection named "Start VPN" and with connection mode "Custom command". #* As soon as you have clicked the Change button, Set the parameter "Command to be executed" will appear a bit below. Set this parameter to:
#** vpnclient connect ProfileName
#** (Please note that ProfileName is supposed to come without the .pcf extension!)
# Enable Cisco VPN service (under Services)
# Reboot the machine, do NOT start any of and check the connectionsworkflow # Open a terminal window (Configuration -> Console)# Configure You can of course use [[Connection autostart]] for the CiscoVPN connection to automatically connect to the Cisco VPN service#* This means . We found however that you create/edit your ProfileNamemost end-users like to have some control as they want to decide if they need it or not (think of a worker who sometimes works in the office without VPN and sometimes from home with VPN).pcf connection file#* Save its profile to the standard location /etc/opts/cisco-vpnclient# Execute this command: cp Should you require different connections for in-a /etc/opts/ciscohouse and "on-vpnclient /config# In the local configuration application -road" scenarios, you can of NoTouchcourse create more connections, click on such as "AllCitrix office" and then on vs. "EventscriptsCitrix outside"or similar. Set Notes:* The CiscoVPN client service needs to be restarted before you can reconnect. You might expect that the parameter "Startup command 1" vpnclient does this for, but that is not the case. You need to explicitly call the following valuecommand, e.g. from the session exit-action: #* mkdir -p /etc/opts ; cp -a /etc/opts/cisco-vpnclient /etcinit.d/opts# Save the config as usual, and reboot the machine, check the workflow: ## Boot ## Start the "Start VPN" connection## Start the VMware connectionvpnclient_init restart
[[Category:NoTouch ReceiverOS]]