Two questions
David Woodhouse
dwmw2 at infradead.org
Fri Aug 3 10:51:22 EDT 2012
On Fri, 2012-08-03 at 10:23 -0400, Steve Ayers wrote:
> Hello,
>
> I am trying to connect to a VPN host at my company using OpenConnect,
> but can't seem to get it working. First, I am trying from the command
> line and when it gives me the '...asked us to download a CSD trojan,
> you should enable it'. Where is the setting to enable that from the
> command line?
The --csd-user option, which specifies the user to run it as. If you
trust them despite their history of making basic security mistakes, then
you can use --csd-user=`whoami`. Or if you're running as root, make an
unprivileged user and run the CSD crap as that user.
> Second, it looks my company doesn't have Linux binaries on the server.
> Is it still possible to use Open Connect or am I on a wild goose
> chase?
You can run it under wine, perhaps. You should be able to set
vpninfo->csd_scriptname to just "csd" and that'll make it fetch the
Windows version, and then use the --csd-wrapper option. That'll invoke a
program or script of your choice, with the downloaded CSD blob as the
first argument.
If you work out what the Windows trojan actually *posts* to the server,
you can probably avoid using Wine to run it, and just run a script that
users 'curl' to post the "right" answers.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120803/0365a76d/attachment-0001.bin>
More information about the openconnect-devel
mailing list