Support for Symantec VIP Access.

Fung Chai Lim fungchai.lim at kaisquare.com
Thu Jan 14 00:34:25 EST 2021 

Hi Dan, thank you for your help.

I ran openconnect-gui on my laptop without success.  The logs show
connection to the server but in the end, this message:
        Error: Running the 'Cisco Secure Desktop' trojan on this
platform is not yet implemented.
I admit I didn't build the openconnect-gui myself.  I used the Windows
binary that I downloaded from the openconnect-gui project; this binary
may be ancient.

I decided to test openconnect-gui on the same laptop where I can
successfully use anyconnect to login.  My final goal is to run
openconnect on Linux, ultimately in a Docker container.  I am thinking
a shell script inside this container, but I don't know what options to
use.  I spent a lot of time trying to find out what technology VIP
Access is (OTP, PKCS#11, TPM) but had no success with google.  Thank
you for your links.

I am also wondering if I need to extract the Windows certificates from
my laptop so that I can get openconnect to work on the Linux
container.  I know only the username and password; there may be some
extra data that was installed by the IT Dept on my laptop.

I admit OTP, PKCS#11, TPM, X.509. etc are greek to me, treat me as a
babe in the woods on these areas.

Earlier I was thinking of using chrome's ARChon to run the VIP Access
app in my Linux container.  Thanks to you, I now think
python-vipaccess is a better path.

Best regards,

On Thu, Jan 14, 2021 at 10:06 AM Daniel Lenski <dlenski at gmail.com> wrote:
>
> On Tue, Jan 12, 2021 at 6:14 PM Fung Chai Lim
> <fungchai.lim at kaisquare.com> wrote:
> > Does openconnect support Symantec VIP Access?  If the answer is yes,
> > how do I enter the security code that is generated by the app?
>
> You enter your code in the exact same place that you enter the code
> when connecting from Windows. Some VPNs make you enter it in a
> separate form field, some make you append it to your "regular"
> password, etc.
>
> OpenConnect changes nothing here.
>
> > Furthermore, I understand each user can install VIP Access on more
> > than one device; each installation is assigned a unique Symantec
> > Credential ID.  Beside the security code, is the credential id
> > required when authenticating with the server?
>
> This question suggests that you haven't actually TRIED what you're
> asking about. Have you?
>
> If not, try it first and then ask us more specific questions if
> something doesn't work.
>
> As an aside, VIP Access is nothing but standard TOTP
> (https://en.wikipedia.org/wiki/Time-based_One-Time_Password) with an
> obfuscated protocol for token provisioning. See
> https://github.com/dlenski/python-vipaccess
>
> -Dan

More information about the openconnect-devel mailing list