openconnect derailed by Pulse pre sign-in notification?
David Woodhouse
dwmw2 at infradead.org
Tue Jan 23 16:45:17 PST 2018
On Tue, 2018-01-23 at 19:39 -0500, James Ralston wrote:
>
> The problem with this approach is that it necessitates calling
> openconnect by hand. We'd prefer to avoid that, because adding a new
> VPN connection within NetworkManager is what our users (and most Linux
> users, I suspect) are used to. And unfortunately, NetworkManager
> doesn't know how to configure a VPN interface that calls openconnect
> with a custom authentication piece.
It isn't pretty but it can be done. Here's what I do on crappy hotel
and airport networks, to get around the fact that $EMPLOYER forces me
to use Ubuntu and Ubuntu never actually fix any bugs, so I have only
about 15 seconds to log into the VPN...
#!/bin/sh
HOST="$1"
if [ -z "$HOST" ]; then
HOST=vpn.example.com
fi
COOKIE=
eval `openconnect --csd-wrapper ~dwmw/bin/csd_wrapper --user $LOGNAME \
--authgroup example-Ubuntu $HOST --authenticate`
if [ -z "$COOKIE" ]; then
exit 1
fi
nmcli con up 'Example VPN' passwd-file /proc/self/fd/5 5<<EOF
vpn.secrets.cookie:$COOKIE
vpn.secrets.gwcert:$FINGERPRINT
vpn.secrets.gateway:$HOST
EOF
But yes, manually recognising individual forms is vile, and I'd love to
have a webview thing in the real authentication dialog.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5213 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20180124/05678846/attachment.bin>
More information about the openconnect-devel
mailing list