AW: AW: How can I specify a realm with "--protocol=pulse"?

Schütz Dominik Dominik.Schuetz at esolutions.de
Wed May 4 04:11:46 PDT 2022 

With the hack and "pulse_realm_choice:realm_choice" it works fine:

dominik at host1:~$  sudo openconnect --script=/root/vpnc-script --protocol=pulse -F pulse_realm_entry:realm=REALM_xxx_Limited_Machine "https://vpn-gateway/linux"
Connected to xxx.xxx.xxx.xxx:443
SSL negotiation with vpn-gateway
Connected to HTTPS on vpn-gateway with ciphersuite TLSv1.2-AES128-GCM-SHA256
Got HTTP response: HTTP/1.1 101 Switching Protocols
EAP-TTLS negotiation with vpn-gateway
Choose Pulse user realm:
lookup 'pulse_realm_choice:realm_choice'
Realm: [REALM_xxx_Productive|REALM_xxx_Limited_Initial_Network|REALM_xxx_Limited_Machine_Network]:^Cfgets (stdin): Interrupted system call
dominik at host1:~$  

dominik at host1:~$  sudo openconnect --script=/root/vpnc-script --protocol=pulse -F pulse_realm_choice:realm_choice=REALM_xxx_Limited_Machine "https://vpn-gateway/linux"
Connected to xxx.xxx.xxx.xxx:443
SSL negotiation with vpn-gateway
Connected to HTTPS on vpn-gateway with ciphersuite TLSv1.2-AES128-GCM-SHA256
Got HTTP response: HTTP/1.1 101 Switching Protocols
EAP-TTLS negotiation with vpn-gateway
Choose Pulse user realm:
lookup 'pulse_realm_choice:realm_choice'
Choose Pulse user realm:
Authentication failure: Client certificate required
Failed to complete authentication
dominik at host1:~$


But now I get a other output, when I authenticate with username + password:
# The two "lookup" messages are new
dominik at host1:~$  sudo openconnect --script=/root/vpnc-script --protocol=pulse "https://vpn-gateway/linux"
Connected to xxx.xxx.xxx.xxx:443
SSL negotiation with vpn-gateway
Connected to HTTPS on vpn-gateway with ciphersuite TLSv1.2-AES128-GCM-SHA256
Got HTTP response: HTTP/1.1 101 Switching Protocols
Enter user credentials:
lookup 'pulse_user:username'
Username:dominik at domain
lookup 'pulse_user:password'
Password:
Unexpected IF-T/TLS packet when expecting configuration.
Configured as xxx.xxx.xxx.xxx, with SSL connected and ESP in progress
Session authentication will expire at Thu May  5 01:08:46 2022

ESP session established with server

-----Ursprüngliche Nachricht-----
Von: David Woodhouse <dwmw2 at infradead.org> 
Gesendet: Mittwoch, 4. Mai 2022 12:46
An: Schütz Dominik <Dominik.Schuetz at esolutions.de>; openconnect-devel at lists.infradead.org
Betreff: Re: AW: How can I specify a realm with "--protocol=pulse"?

On Wed, 2022-05-04 at 11:44 +0100, David Woodhouse wrote:
> On Wed, 2022-05-04 at 10:42 +0000, Schütz Dominik wrote:
> > It does not work with '-F pulse_realm_entry:realm=REALM_xxx_Foo' - 
> > see text below:
> > 
> 
> Hm, please can you try with the hack I put into
> https://gitlab.com/openconnect/openconnect/-/issues/421#note_934005457
> which will make it print the actual key it uses for that lookup?
> 

... which may well be 'pulse_realm_choice:realm_choice'.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6003 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20220504/d1568146/attachment-0001.p7s>

More information about the openconnect-devel mailing list