No subject
Dimitri Papadopoulos Orfanos
dimitri.papadopoulos at cea.fr
Mon Apr 22 04:42:04 PDT 2024
Hi,
Will you use ocserv as the VPN?
This really sounds like two distinct VPN connections. I cannot think of
a more elegant way to describe this situation.
1. Permanent VPN connection to the management server. Should that VPN
connection be "always" on when i) a specific user starts a session or
ii) when the computer is online? The exact configuration depends on the
answer to the previous question.
2. User-initiated connection.
You might want to avoid tunnelling connection 1 in the tunnel of
connection 2, but that can be part of the ocserv configuration. The
configuration could use a different "group" for either use case and
different "route" and "no-route" options.
Dimitri Papadopoulos
Le 20/04/2024 à 21:35, Peter Tulpen a écrit :
> Hello,we want to use openconnect to connect to our company network and having like 2 modes:
> - always have a connection to our management server based on a client certificate, so the management server can scan him: basic connection
> - when a user needs resources, let him login via 2FA : user connection
>
>
> This could be done with 2 tunnels, but is there a more elegant way, like always having the basic connection switch to the "user connection" on demand (and falling back to the basic connection when the "user connection" is gone)
> I think about either a kind of service or something in networkmanager
>
>
> Best regards, Peter
>
>
>
>
>
> _______________________________________________
> openconnect-devel mailing list
> openconnect-devel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/openconnect-devel
More information about the openconnect-devel
mailing list