How to properly manage CISCO-anyconnect connections with NetworkManager

sh4k0 · October 30, 2025, 5:45pm

I am attempting to declaratively set up a CISCO-anyconnect VPN connection in NetworkManager. I installed both openconnect and networkmanager-openconnect and enabled the networkmanager module, then proceeded to import a CISCO-anyconnect profile:

cmcli connection add \
         connection.id foobar \
         connection.type vpn \
         vpn.service-type openconnect \
         vpn.data cookie-flags=2,gateway=vpn.foo.bar,protocol=anyconnect vpn.secrets gateway=vpn.foo.bar.ac.at,gwcert=

The connection is imported properly. However, when trying to activate it from nmtui, I get the following error:

Could not activate connectionL The VPN service 'org.freedesktop.NetworkManager.openconnect' was not installed.

I suspect the plugin is not properly detected by NetworkManager.

crdr · October 31, 2025, 3:57am

You probably need this if you didn’t do this
networking.networkmanager.plugins = [ pkgs.networkmanager-openconnect ];

sh4k0 · October 31, 2025, 10:00am

That was it, thanks! Now I can import profiles accordingly. While you’re here, do you know if there’s a way to declare connections including credentials, so that activating the connection would set everything up, without the need of typing username/password every time?

After some digging I tried this:

  networking.openconnect.interfaces = {
    myVPN = {
      gateway = "vpn.foo.bar";
      protocol = "anyconnect";
      user = "me@foo.bar";
      passwordFile = config.sops.secrets."myVPN/mypassword".path;
      autoStart = false;
    };
  };

But it doesn’t seem to do the trick (i.e. it doesn’t appear in NetworkManager).

Drazhar · December 13, 2025, 1:33pm

I think it should look more like this:

  networking.networkmanager = {
    enable = true;
    plugins = with pkgs; [
      networkmanager-openconnect
    ];
    ensureProfiles = {
      profiles.myVpn = {
        connection = {
          id = "Name in the NM";
          type = "vpn";
        };
        vpn = rec {
          # set these to your params
          gateway = "vpn.url";
          remote = gateway;
          username = "username";

          service-type = "org.freedesktop.NetworkManager.openconnect";
          protocol = "anyconnect";
          useragent = "AnyConnect";
          authtype = "password";
        };
      };
    };
  };

This let’s the connection show up in the network manager.

This will show the login window of openconnect. For an automatic login, you need to set the cookie flag and provide the password.

Hope this helps

Redhawk18 · December 21, 2025, 7:50pm

Does your anyconnect require a web popup? Mine does, I just wanted to ask.

Drazhar · February 5, 2026, 9:27am

Yes it does, but it worked out of the box for my setup. I’m using i3+xfce.

The only issue I have is if I disconnect and try to reconnect again. This doesn’t work and I‘m not sure if it’s an issue on my side or the VPN provider of my company