On Fri, Apr 03, 2009 at 10:18:56PM +0800, Pui Edylie wrote:
> Hi Mikolaj,
>
> Here is the Perl script on F5 Dev Central which is used for *nix system
>
> http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=32
>
> I have used it with great success on Linux but it should very pretty
> straight forward for *BSD
Thanks Pui!
Cool stuff. That's what I was looking for. Works fine with ppp(8). Only
thing which I'm not able to make work is `set authkey' with script.
Fragment from ppp(8):
set [auth]key value
...
If the first character of value is an exclamation mark (`!'), ppp
treats the remainder of the string as a program that must be exe-
cuted to determine the ``authname'' and ``authkey'' values.
...
but that doesn't work for me. Currently I'm copy-pasting authkey from
modified version of perl script[ref#1] output each time I want to
connect to VPN, but that's little bit annoying.
Anybody has cule how to make authname/authkey work with scripts?
$ sysctl -n kern.version
OpenBSD 4.5-current (GENERIC) #14: Fri Mar 27 06:57:10 MDT 2009
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
# /etc/ppp/ppp.conf
firepass:
set device "!/usr/sbin/openssl s_client -quiet -ign_eof -host
VPN-SERVER-DOT-COM -port 443"
set authkey "COOKIE-FROM-HTTP-HEADERS"
set dial "\"\"
GET\\s/myvpn?sess=\\P\\sHTTP/1.0\\r\\nCookie:\\sMRHSession=\\P\\r\\n\\r\\n"
set timeout 0
set dns DNS-SERVER-TAKEN-FROM-WINDOWS
enable dns
accept dns
resolv reload
resolv readonly
add! VPN-SERVER-DOT-COM CURRENT-DEFAULT-GATEWAY
bg ifconfig INTERFACE description "LABEL CONNECTING"
# /etc/ppp/ppp.linkup
firepass:
add! default HISADDR
resolv rewrite
shell ifconfig INTERFACE description "LABEL is UP"
# /etc/ppp/ppp.linkdown
firepass:
shell ifconfig INTERFACE description "LABEL is DOWN"
resolv restore
resolv reload
References
1. http://devcentral.f5.com/SDK/sslvpn.public.pl.txt
2. http://devcentral.f5.com/weblogs/dctv/archive/2006/10/30/fploginscript.aspx
3. http://fuhm.net/software/f5vpn-login/
--
best regards
q#
