openconnect derailed by Pulse pre sign-in notification?

Daniel Lenski dlenski at gmail.com
Tue Jan 23 18:57:20 PST 2018


On Tue, Jan 23, 2018 at 4:45 PM, David Woodhouse <dwmw2 at infradead.org> wrote:
> On Tue, 2018-01-23 at 19:39 -0500, James Ralston wrote:
> It isn't pretty but it can be done. Here's what I do on crappy hotel
> and airport networks, to get around the fact that $EMPLOYER forces me
> to use Ubuntu and Ubuntu never actually fix any bugs, so I have only
> about 15 seconds to log into the VPN...
>
>
>
> #!/bin/sh
>
> HOST="$1"
> if [ -z "$HOST" ]; then
>     HOST=vpn.example.com
> fi
> COOKIE=
> eval `openconnect --csd-wrapper ~dwmw/bin/csd_wrapper --user $LOGNAME \
>         --authgroup example-Ubuntu $HOST --authenticate`
>
> if [ -z "$COOKIE" ]; then
>     exit 1
> fi

I have quite a collection of intricate scripts for the VPNs of
$CLIENT1, $CLIENT2, etc. I'm glad to know I'm not the only one.

If anyone else has to use the loathsome "SecureMatrix image password
pattern" to connect to a Juniper VPN, try this script:
https://github.com/dlenski/smxlogin
It will do an end-run around the Java/ActiveX widget and allow you to
automate the process by inputting the pattern in chessboard
coordinates:

$ smxlogin -v -p a1b3c4d2e1f2g3h2 -u USERNAME https://stupid-url.blah.com/junk
Matrix:
  0145 3784 2553
  8852 9313 8958
  0866 9088 4538
  2857 1041 5986
=> Assembled password: 08523383

COOKIE='DSFirstAccess=1516762274; DSID=deadbeefdeadbeefdeadbeef'
HOST='other-server.blah.com'

-Dan



More information about the openconnect-devel mailing list