Install on Linux¶
On Linux openconnect-sso does the whole job — it runs the SAML auth and
launches openconnect via passwordless sudo. So there's no scheduled-task /
elevation dance: the app is just a small system-tray.
Tested on EndeavourOS (Arch). Should work on any modern desktop Linux.
1. Prerequisites¶
Install the two engines and set a passwordless-sudo rule so the tray can bring the tunnel up/down:
Then the sudoers rule (so sudo openconnect / sudo killall openconnect run
without a password prompt):
2. Install the app¶
git clone https://github.com/saiko-psych/automatic-openconnect.git
cd automatic-openconnect
uv venv && source .venv/bin/activate
uv pip install -e ".[gui,qr]" # [gui] = PyQt6 + the tray; [qr] adds QR-image import
Headless server? Skip [gui]
pip install -e . (no extras) installs just the library (keyring +
pyotp, no Qt). Use it from code — with auto_vpn_session(cfg): … — or
from the shell: python -m automatic_openconnect up | down | status
(no tray/Qt needed). Only the tray needs [gui].
Download automatic-vpn-linux-x86_64 from the
latest release:
Note
The binary is built on a recent glibc and is unsigned. If it won't start, use the source install (the verified path).
3. First run¶
Start it detached, so your terminal stays free:
A tray icon appears. On first run the setup dialog opens — enter your email, server, auth group, and (if not already in your keyring) password + TOTP (typed or imported from a QR-code image → details). Click the icon to connect/disconnect.
4. Autostart at login¶
Tray menu → “Autostart beim Login”. After the next login the tray starts on
its own — no terminal needed. It writes
~/.config/autostart/automatic-openconnect.desktop.
Using an older standalone tray?
If you previously ran a hand-rolled tray, remove its autostart so you don't
get two icons: rm ~/.config/autostart/vpn-tray.desktop