Raw Record Source

{
  "$type": "site.standard.document",
  "content": "---\ntitle: \"openconnect setup for institutional VPN access\"\ndescription: \"Using openconnect as a reliable alternative to the GlobalProtect client for\n  connecting to an institutional VPN on macOS.\"\ntags:\n  - dev\n---\n\nMy [institution's](https://www.anu.edu.au) IT policies have recently changed and\nport 22 is now blocked from off-campus. That's a real pain if you use ssh to\npush/pull from our on-prem GitLab servers (which I need to do _all the time_).\n\nThe recommended solution is to come in via a VPN---which is not a terrible idea\nin principle. However, the institution's recommended setup requires some janky\nGlobalProtect client, which (for me at least) was pretty crashy. As an\nalternative, [openconnect](https://www.infradead.org/openconnect/) is just a\n`brew install openconnect` away (on macOS, at least), and after a bit of setting\nup, it works seamlessly.\n\nIf you're in a similar situation, here's a terminal command you can use to\naccess the campus network via the VPN:\n\n```\nsudo openconnect \\\n  --user=uXXXXXXX \\ ## replace with your uid\n  --protocol=gp \\   ## because it's a GlobalProtect VPN\n  https://staff-access.anu.edu.au\n```\n\nThe above command will prompt for your usual password, which you enter in the\nterminal. Since I already have that info in an encrypted file, I have a slightly\nmodified setup (this is in a script called `vpn.sh`):\n\n```\n#!/usr/bin/env zsh\n\n# pull ANU password out of encrypted authinfo file, pipe it to stdin\ngpg -q --for-your-eyes-only --no-tty -d ~/.authinfo.gpg | \\\n    awk '/machine smtp.office365.com login uXXXXXXX@anu.edu.au/ {print $NF}' | \\\n    # start the VPN\n    sudo openconnect --user=uXXXXXXX --protocol=gp --passwd-on-stdin https://staff-access.anu.edu.au\n```\n\nHappy VPN-ing.\n\n<div class=\"hl-para\" markdown=\"1\">\n\n**Update September 2022**: I recently had a nasty issue with this where\nopenconnect didn't shut down cleanly and had left my DNS server IPs pointing to\nthe wrong place. This meant that DNS resolution didn't work across my whole\ncomputer: websites weren't showing up, git was borked, even ping. What a bummer.\n\nThere may be a better fix, but I just deleted the DNS settings (in _System\nPreferences > Network > Advanced > DNS_ on macOS) and it all started working\nagain.\n\n</div>\n",
  "createdAt": "2026-05-13T23:14:50.374Z",
  "description": "Using openconnect as a reliable alternative to the GlobalProtect client for connecting to an institutional VPN on macOS.",
  "path": "/blog/2021/10/18/openconnect-setup-for-institutional-vpn-access",
  "publishedAt": "2021-10-18T00:00:00.000Z",
  "site": "at://did:plc:tevykrhi4kibtsipzci76d76/site.standard.publication/self",
  "tags": [
    "dev"
  ],
  "textContent": "Using openconnect as a reliable alternative to the GlobalProtect client for connecting to an institutional VPN on macOS.",
  "title": "openconnect setup for institutional VPN access"
}