Available for support for F5 + MFA
David Woodhouse
dwmw2 at infradead.org
Wed Aug 4 09:48:10 PDT 2021
On 4 August 2021 17:44:07 BST, Antonio Petrelli <antonio.petrelli at gmail.com> wrote:
>Il giorno mer 4 ago 2021 alle ore 18:08 Daniel Lenski
><dlenski at gmail.com> ha scritto:
>>
>> Since you've already arrived at the "webtop" interface, you've already
>> completed the login process and you already have the credential (the
>> cookie named 'MRHSession') which OpenConnect requires to be able to
>> actually configure and connect to the VPN tunnel.
>>
>> I believe you should be able to simply capture the value of
>> <MRHSession-Cookie> (using the browser dev tools), and then run
>> OpenConnect as follows:
>>
>> openconnect --dump -vvvv --prot=f5 \
>> --cookie "MRHSession=<MRHSession-Cookie>" \
>> <corporate-vpn-host-name>
>>
>> (Important: do NOT close the browser window before running this
>> command; that may cause it to logoff the session and invalidate the
>> cookie)
>>
>> I'll wager 70% odds that this Just Works. If that doesn't work, then I
>> guess we'll have to figure out what the "token" and
>> "access-session-token" values mean, and how they get used by the f5vpn
>> binary.
>
>OK thanks, the part that I missed is how to send this cookie.
>About testing I have a few questions because the site is confusing to me:
>1. Are there any nightly pre-built binaries of the source code?
>2. If not, what is the repository, the one at infradead.org or the one
>at GitLab?
>3. What branch should I use, master?
>
>In the meantime I am cloning the GitLab repository at master, since it
>seems the most updated, but correct me if I am wrong!
>
>I will let you know about the tests, thanks again!
There are automatic builds for Fedora (and cross-builds for Windows in MinGW RPM packages) at https://copr.fedorainfracloud.org/coprs/dwmw2/openconnect/
Yes, the master branch is correct. Usually git.infradead.org and gitlab are in sync but not today.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
More information about the openconnect-devel
mailing list