network-manager-openconnect, was Re: Error messages /traceroute
David Woodhouse
dwmw2 at infradead.org
Wed Feb 24 05:59:17 EST 2010
(Sorry for previous empty reply; I think the control key stuck, so it
sent when I hit enter.)
On Wed, 2010-02-24 at 10:53 +0100, Johannes Becker wrote:
> Am Dienstag, 23. Februar 2010 schrieb David Woodhouse:
>
> > I think you may need to reboot (or at least restart NM and dbus-daemon)
> > before the new NetworkManager plugin works.
>
> Because you can't reboot a Live-CD for this purpuse, I checked
> it again with Debian Squeeze. It's too boring to report all the
> different ways of failures with network manager. It just confirms
> my old opinion that network manager makes things not easier.
> It may work with special Linux distributions, but if it fails
> there's no help.
I think the Fedora LiveCD includes the NetworkManager-openconnect
package, so it ought to work out of the box.
I think there's a Ubuntu bug filed but the response was "it's better to
reboot": https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/458595
> So I will tell our users to work with the command line.
If you like, you could abuse the GUI auth-dialog tool so that you at
least get a graphical login with choice of available VPN servers.
You can run a script (like http://david.woodhou.se/make-nm-vpn.sh), note
the UUID it generates, then run
nm-openconnect-auth-dialog -u $UUID -n "$ORG VPN login" -s org.freedesktop.NetworkManager.openconnect
On a successful authentication, it'll spit out the address of the VPN
server to connect to, the authentication cookie, and the SHA1 of the
server's SSL certificate (to prevent MiTM attacks).
Then you can
echo $COOKIE | openconnect --servercert $SHA1 --cookie-on-stdin $HOST
--
David Woodhouse Open Source Technology Centre
David.Woodhouse at intel.com Intel Corporation
More information about the openconnect-devel
mailing list