On Tue, 2018-01-23 at 19:39 -0500, James Ralston wrote: > > The problem with this approach is that it necessitates calling > openconnect by hand. We'd prefer to avoid that, because adding a new > VPN connection within NetworkManager is what our users (and most Linux > users, I suspect) are used to. And unfortunately, NetworkManager > doesn't know how to configure a VPN interface that calls openconnect > with a custom authentication piece.
It isn't pretty but it can be done. Here's what I do on crappy hotel
and airport networks, to get around the fact that $EMPLOYER forces me
to use Ubuntu and Ubuntu never actually fix any bugs, so I have only
about 15 seconds to log into the VPN...
#!/bin/sh
HOST="$1"
if [ -z "$HOST" ]; then
HOST=vpn.example.com
fi
COOKIE=
eval `openconnect --csd-wrapper ~dwmw/bin/csd_wrapper --user $LOGNAME \
--authgroup example-Ubuntu $HOST --authenticate`
if [ -z "$COOKIE" ]; then
exit 1
fi
nmcli con up 'Example VPN' passwd-file /proc/self/fd/5 5<<EOF
vpn.secrets.cookie:$COOKIE
vpn.secrets.gwcert:$FINGERPRINT
vpn.secrets.gateway:$HOST
EOF
But yes, manually recognising individual forms is vile, and I'd love to
have a webview thing in the real authentication dialog.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openconnect-devel mailing list [email protected] http://lists.infradead.org/mailman/listinfo/openconnect-devel
