Hi,
Will you use ocserv as the VPN?
This really sounds like two distinct VPN connections. I cannot think of
a more elegant way to describe this situation.
1. Permanent VPN connection to the management server. Should that VPN
connection be "always" on when i) a specific user starts a session or
ii) when the computer is online? The exact configuration depends on the
answer to the previous question.
2. User-initiated connection.
You might want to avoid tunnelling connection 1 in the tunnel of
connection 2, but that can be part of the ocserv configuration. The
configuration could use a different "group" for either use case and
different "route" and "no-route" options.
Dimitri Papadopoulos
Le 20/04/2024 à 21:35, Peter Tulpen a écrit :
Hello,we want to use openconnect to connect to our company network and having
like 2 modes:
- always have a connection to our management server based on a client
certificate, so the management server can scan him: basic connection
- when a user needs resources, let him login via 2FA : user connection
This could be done with 2 tunnels, but is there a more elegant way, like always having the basic
connection switch to the "user connection" on demand (and falling back to the basic
connection when the "user connection" is gone)
I think about either a kind of service or something in networkmanager
Best regards, Peter
_______________________________________________
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel
_______________________________________________
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel
