Re: network-manager-openconnect and --os option
Le jeu. 15 sept. 2016 à 10:45, Dan Williams <d...@redhat.com> a écrit : > On Thu, 2016-09-15 at 00:55 +, Vincent Fortier wrote: > > I've been trying to figure out how to pass the --os option to > > openconnect > > using NM. > > > > I believe it may no be implemented as I didn't saw any reference to > > it in > > the code (I'm not a coder so I may have missed it?). > > > > It seem I'm not the first looking for that: > > http://lists.infradead.org/pipermail/openconnect-devel/2013-September > > /001204.html > > I don't think that's implemented in the VPN plugin at the moment, but > it's not too hard to add new options. Best would be a list of known OS > fingerprints that the user could select, since then we don't have to > deal with sanitizing random user input that then gets passed on the > command-line. > > Dan > This should be fairly easy as only certain values are expected. Here is the man page section: --os=STRING OS type to report to gateway. Recognized values are: linux, linux-64, win, mac-intel, android, apple-ios. Reporting a different OS type may affect the dynamic access policy (DAP) applied to the VPN session. If the gateway requires CSD, it will also cause the corresponding CSD trojan binary to be downloaded, so you may need to use --csd-wrapper if this code is not executable on the local machine. - vin ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
network-manager-openconnect and --os option
I've been trying to figure out how to pass the --os option to openconnect using NM. I believe it may no be implemented as I didn't saw any reference to it in the code (I'm not a coder so I may have missed it?). It seem I'm not the first looking for that: http://lists.infradead.org/pipermail/openconnect-devel/2013-September/001204.html Help much appreciated. Thnx in advance! - vin ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: network-manager-openconnect and csd-wrapper
That may solve all my issues, great! I took a shot at it and it looks like nmcli limits to "some" of the of the values as otherwise I get an error message: $ nmcli connection modify MYVPN vpn.enable_csd_trojan true vpn.csd_wrapper ~/csd/csd.sh Erreur : propriété « enable_csd_trojan » non valide : « enable_csd_trojan » ne fait pas partie de [service-type, user-name, persistent, data, secrets, timeout]. Further looking into it (using nmcli connection edit MYVPN, print vpn) I found that vpn.data can be tailored somewhat "at will" so I was able to get the following into it (presuming I'm at the right spot?): $ nmcli connection modify MYVPN vpn.data "key = ~/key/key.pfx, cert = ~/key/cert.pfx, username = myusername, remote = remoteserver, enable_csd_trojan = 1, csd_wrapper = ~/csd/csd.sh" Now I think all is missing before testing is how can I emulate the "--os win" ? Again, thnx in advance. - vin Le mer. 14 sept. 2016 à 09:03, Thomas Haller <thal...@redhat.com> a écrit : > On Wed, 2016-09-14 at 12:32 +, Vincent Fortier wrote: > > Hi all, > > > > Looking for help to solve a few issues/questions in regards to NM in > > conjunction with openconnect: > > 1) How can we pass --csd-wrapper=script to openconnect using NM? > > 2) The gui currently does not allow selecting ".pfx" files. Is it ok > > to force that by manually editing the relevant > > /etc/NetworkManager/system-connections/XYZ file? > > 3) is it possible to create an extensive openconnect connection > > directly using nmcli? (tried it but seemed to lack quite a few > > options available into the gui) > > > Hi, > > regarding 3): > > A connection is only the set of key-value pairs as you see it > in /etc/NetworkManager/system-connections/XYZ. As such, you can achieve > any supported configuration by editing the file directly (followed by > `nmcli connection reload`). > Similarly, `nmcli connection modify` allows you to modify every > setting. This is at certainly true for VPN, as nmcli is unaware what > the fields mean there. > > So, yes, you can do it via nmcli. But that leaves you with the question > which properties are supported there. > > There is no documentation for that. See the source code: > > > https://git.gnome.org/browse/network-manager-openconnect/tree/shared/nm-service-defines.h?id=0a801fb674aab47bd6b9da53c1d04a0e2f49cdab > > https://git.gnome.org/browse/network-manager-openconnect/tree/src/nm-openconnect-service.c?id=0a801fb674aab47bd6b9da53c1d04a0e2f49cdab#n81 > > > > Thomas ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
network-manager-openconnect and csd-wrapper
Hi all, Looking for help to solve a few issues/questions in regards to NM in conjunction with openconnect: 1) How can we pass --csd-wrapper=script to openconnect using NM? 2) The gui currently does not allow selecting ".pfx" files. Is it ok to force that by manually editing the relevant /etc/NetworkManager/system-connections/XYZ file? 3) is it possible to create an extensive openconnect connection directly using nmcli? (tried it but seemed to lack quite a few options available into the gui) NM version: 1.2.2 (ubuntu 16.10 dev) Thnx a lot in advance! - vin ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
Re: How to create a simple tap0 interface using nmcli
Thnx. So lets say I previously created a bridge interface and linked in my eth0: $ nmcli connection show $ nmcli connection delete <eth0|eth0-UUID> $ nmcli connection add type bridge \ ifname br0 con-name br0 $ nmcli connection add type bridge-slave \ ifname eth0 con-name eth0 master br0 Presumably I create tap0 then add it to my br0 such as the following: $ nmcli connection add type tun \ ifname tap0 con-name tap0 \ mode tap owner `id -u` ip4 0.0.0.0/24 $ nmcli connection add type bridge-slave \ ifname tap0 con-name tap0 master br0 Then I would be good to go with qemu and be all-set "automagically" at every reboot as autoconnect=yes is set by default. NM1.2 not yet available under Ubuntu 16.04 alpha (duno if planned to be included?) so can't test it unless I recompile from source. Therefore in the meantime it's more of a personnal knowledge thing than anything else. Thnx in advance! - vin Le lun. 25 janv. 2016 à 03:22, Beniamino Galvani <bgalv...@redhat.com> a écrit : > On Mon, Jan 25, 2016 at 02:46:54AM +, Vincent Fortier wrote: > > I was wondering how can I create a tap interface using nmcli? Search > again > > and again witouth luck... > > Hi, > > creation of tun/tap devices is supported only in NetworkManager 1.2. > On such version you can create a tap connection using the command: > > $ nmcli connection add type tun ifname tap0 con-name mytap0 \ > mode tap owner `id -u` ip4 x.x.x.x/24 > > The connection will have autoconnect=yes by default and so the device > will be created automatically every time NM starts. You can manually > enable or disable the connection with: > > $ nmcli connection up mytap0 > $ nmcli connection down mytap0 > > Beniamino > ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
How to create a simple tap0 interface using nmcli
I was wondering how can I create a tap interface using nmcli? Search again and again witouth luck... Otherwise I use currently: $ sudo openvpn --mktun --dev tap0 --user `id -un` $ sudo ip addr add 0.0.0.0/24 dev tap0 $ sudo ip link set tap0 up promisc on or simply: $ sudo tunctl -d tap0 Thnx in advance! - vin ___ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list