I previously wrote about avoiding AnyConnect and that approach still works great if you are on a system that will allow you to run the RSA SecurID application. However, there is still a problem if you are using Linux and want to connect to VPN using RSA tokens.
These instructions are written for Debian, but everything here is generally available and most requirements are probably already packaged for your distribution. First, you will need OpenConnect and stoken:
sudo apt install openconnect vpnc-scripts ocserv network-manager-openconnect
sudo apt install libgtk-3-dev libtomcrypt-dev libxml2-dev autoconf automake libtool build-essential wget https://github.com/cernekee/stoken/archive/master.zip unzip master.zip cd stoken-master ./autogen.sh ./configure make make check sudo make install
There are a few ways to set up stoken (see the stoken import documentation on the web or man page), I used an sdtid file.
stoken import --file afile.sdtid
Once you have the token string imported you can use either the command line or gui version of stoken. I will be using the gui version. The rest of the details are in my previous post and in my osx_openconnect GitHub repo. I made one change for Linux that makes life simpler, I modified the start_vpn script to look like:
#!/bin/bash /usr/local/bin/stoken-gui >& /dev/null & sudo /usr/sbin/openconnect -b --config /path/to/config/vpn.conf *your.server.name*
I pipe the stoken-gui output to /dev/null to avoid an irritating warning, it may not be necessary for you.