Building for OpenWrt
lobbia
lobbia at 163.com
Wed Apr 12 23:29:00 PDT 2023
Rebase this on latest master is good idea but I'm good to use current latest commit which is close to release v8.20. In my case, v9.01+ doesn't work for my openwrt. My company's Cisco ASA server prefers Azure SSO over user/pass sign-in. When using openconnect v9.01 to connect, it propsed SSO in capacilities list and then got suck due to lack of sufficient support e.g. GUI, TPM, Azure etc. But when using v8.20, it could negotiate and agree on user/pass sign-in with ASA so I can connect successfully.
Another question is, based on analysis, I see 2 more local_ids in my HTTP POST request xml form for device-id attributes: computer-name, and uniqu-id-global, from my client app Cisco AnyConnect v4.9.06037. Below is the example. I don't know how difficult to extend support to these 2 new items in code, can I just add 2 new items in auth.c and cstp.c like what you did in the commit f73a8268 "Add CLI option --local-id, generic id_options structure, and API function openconnect_set_id_option"? Or it's indeed much more complicated, and have you saw this requirement also from other users and will have a plan to support later?
HTTP POST XML example:
<?xml version="1.0" encoding="UTF-8"?>
<config-auth client="vpn" type="init"><version who="vpn">4.9.06037</version><device-id unique-id="xxxxxxxxxxCF7963BA42EF2701DCC3C9E20007E1E30DAC9169940D8888888888" unique-id-global="xxxxxxxxxx4C9A04F98E4FC47BD4698888888888" computer-name="xxx-xxx" platform-version="10.0.22000" device_type="xxxxxx xxxxxx">win</device-id><mac-address-list><mac-address>xx-xx-xx-xx-xx-xx</mac-address></mac-address-list><group-access>https://xxx.com/</group-access></config-auth>
在 2023-04-13 03:39:14,"Daniel Lenski" <dlenski at gmail.com> 写道:
>On Wed, Apr 12, 2023 at 4:43 AM lobbia <lobbia at 163.com> wrote:
>>
>> Code branch to be built: add_local_id_option
>> https://gitlab.com/openconnect/openconnect/-/tree/add_local_id_option
>
>(It would be a good idea to rebase this on the latest `master`, rather
>than just build it as-is.)
>
>I'm the author of the changes on this branch. I've had a "WIP" MR for
>it for about 2 years
>(https://gitlab.com/openconnect/openconnect/-/merge_requests/103) and
>have been periodically rebasing it on top of `master`.
>
>It's clearly useful/necessary to a lot of people, including another
>thread and couple issue reports from the past week where users needed
>it. However, I haven't gotten any clear feedback on the API design,
>which is fairly sprawling and open-ended, so I still consider it
>"WIP".
>
>dwmw2, would you be able to take a look at the API in your "copious
>spare time" and let me know if you want to try to merge it in
>essentially its current form?
More information about the openconnect-devel
mailing list