Cisco Anyconnect VPN failing to reconnect - Manjaro-specific issue


I have a weird issue with Manjaro and with the Cisco Anyconnect Secure VPN Client application we are using at work. When I connect to the VPN, the vpnagentd daemon fails to reconnect every 29-29:45 minutes and needs to be killed. I need to reconnect the main connection too, or the connection will 'fail' in less than 5 minutes the next time. But the twist is that with the exact same configuration everything works fine with Debian 10, Ubuntu 18.04 and 19.10 and with CentOS 7. I tried this with 4 different PCs(intel, broadcom, realtek, ralink chips) and the results were the same - Ubuntu is fine but Manjaro isn't. My colleagues also don't experience any issue but none of them are using Manjaro.

Now, the vpnagentd process doesn't tell us anything, not even in debug mode so I'm not sure what's the issue. What's up with Manjaro's network settings? What is different in it compared to Debian?

The Cisco AnyConnect Secure Mobility Client is proprietary software only available for Cisco customers. Please ask Cisco directly for support.

However with openconnect you might have even more problems. There is even one that sounds very similar, but it is about openconnect.

Hello xabbu! Cisco doesn't officially support Manjaro. I would like to try the connection without this "DTLS" - is there a way I can set it with network manager?

No and keep in mind that this option is form openconnect. Which is a opensource implementation of the AnyConnect SSL VPN protocol. The Cisco AnyConnect Secure Mobility Client probably uses different options or it has not option for this at all.

Unfortunately, openconnect doesn't work for me. But I found these

iptables -I OUTPUT -d <remote vpn gateway> -p udp --dport 443 -j REJECT

I'm coming back in 30 minutes :slight_smile:

It didn't work.

This was kind of expected.

One of the many downsides of proprietary software is that you are dependent on the company to help you.

It's not like people have a choice. The software works fine on other distros so I wonder how does Manjaro's network stack can create such an issue.

You can start to compare the different versions of the libraries and Network software Cisco Anyconnect uses. And don't forget that the packages often heavily patched in the Debian (and the Rhel) world. You also need to check the patches.

The best thing you can do is to use a OS that is supported by Cisco Anyconnect. For example Rhel 6, it was also just a little bit outdated at release time nearly 10 years ago. :wink:

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Forum kindly sponsored by