OpenConnect, Juniper and NetworkManager
David Woodhouse
dwmw2 at infradead.org
Sun Feb 21 11:52:28 PST 2016
On Sun, 2016-02-21 at 14:08 -0500, Ian Turner wrote:
> I was thinking of putting some work in to get Juniper mode working with
> NetworkManager,
That would be *excellent*. Thanks in anticipation!
> and also fixing some other OpenConnect/NetworkManager
> issues (for example, currently user specified ipv4 configuration is
> ignored).
Hm, do you have a bug number for the that one? I personally run a
NetworkManager configuration which eschews the server-provided IPv4
configuration (a full tunnel with the default route) and sets up a
bunch of explicit routes for a split tunnel. It works fine.
> Before I begin, I thought to ask some questions:
> * Is anyone else working with this feature set?
> * Is there a development branch someplace that I should patch against?
> * Anything else I should know before getting started?
I'd been vaguely intending to work on Juniper, but that's not the same
thing as actually doing so. If you look at the latest commit in the git
tree (9da02cb356ab) it is a *step* in the right direction.
Currently, the OpenConnect handling of Juniper's HTML auth forms is a
horribly limited hack. It has special cases to recognise the simplest
templates that Juniper ships, and turn them into the 'struct
oc_auth_form' that it can pass up to the NetworkManager UI to be filled
in by the user.
We need to kill that, and actually pass up the HTML form to be rendered
by GtkWebKit (or whatever the UI wants to use). I envision a callback
*similar* to process_auth_form() which takes the HTML.
Other than that, enabling Juniper for NM is *relatively* simple.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5691 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160221/1035d74f/attachment.bin>
More information about the openconnect-devel
mailing list