Cisco AnyConnect on my OS X box was broken, complaining about not finding FIPS modules in a dynamic library upon start-up. I figured maybe my version didn't work on Lion which I upgraded to a few months back. Can't be that hard, download a new version.
You have to register... which is a fragile process and broke on me three times, after providing enough web form details to make an IRS Auditor happy. After finally confirming the registration, it told me I had to have a support contract to download. Awesome.
I used a colleague's account to connect via web to the HTTPS gateway, where I figured I could download a new copy. Spin, spin, spin, Java NullPointerException. Managed somehow to extract a "vpnsetup.sh" which contained some juicy binary blobs inside, and failed the first couple times I tried it. Eventually tried it with sudo (what's the worst it could do, really??)-: and got it to install. And seemed to work. For now.
But what a pain. Wasn't there an alternative?
I could no longer connect with Apple's built-in VPN client to the datacenter's VPN concentrator -- progress, right? I guess IPsec is only IPsec if it's not Cisco IPsec. In the past I had used "vpnc" on my FreeBSD and Linux boxes to connect but that wasn't working either.
I found "openconnect" and did an install (with a flag):
./configure --disable-nls make sudo make install
When I ran it, it complained about missing "tun" device so install the TunTap package.
Then fire it up and ... It's Work!!!
sudo /usr/local/sbin/openconnect -v --script /etc/vpnc/vpnc-script https://vpn.gateway.ip
I used my old vpnc script which set the DNS and routes, otherwise I couldn't get packets to flow over the VPN.
Oddly, it didn't require the VPN Group name that AnyConnect seemed to want.