How to properly manage CISCO-anyconnect connections with NetworkManager

sh4k0 · October 30, 2025, 5:45pm

I am attempting to declaratively set up a CISCO-anyconnect VPN connection in NetworkManager. I installed both openconnect and networkmanager-openconnect and enabled the networkmanager module, then proceeded to import a CISCO-anyconnect profile:

cmcli connection add \
         connection.id foobar \
         connection.type vpn \
         vpn.service-type openconnect \
         vpn.data cookie-flags=2,gateway=vpn.foo.bar,protocol=anyconnect vpn.secrets gateway=vpn.foo.bar.ac.at,gwcert=

The connection is imported properly. However, when trying to activate it from nmtui, I get the following error:

Could not activate connectionL The VPN service 'org.freedesktop.NetworkManager.openconnect' was not installed.

I suspect the plugin is not properly detected by NetworkManager.

crdr · October 31, 2025, 3:57am

You probably need this if you didn’t do this
networking.networkmanager.plugins = [ pkgs.networkmanager-openconnect ];

sh4k0 · October 31, 2025, 10:00am

That was it, thanks! Now I can import profiles accordingly. While you’re here, do you know if there’s a way to declare connections including credentials, so that activating the connection would set everything up, without the need of typing username/password every time?

After some digging I tried this:

  networking.openconnect.interfaces = {
    myVPN = {
      gateway = "vpn.foo.bar";
      protocol = "anyconnect";
      user = "me@foo.bar";
      passwordFile = config.sops.secrets."myVPN/mypassword".path;
      autoStart = false;
    };
  };

But it doesn’t seem to do the trick (i.e. it doesn’t appear in NetworkManager).