Re: F31: recommended best way to send postfix traffic through Cisco's AnyConnect VPN

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

On Sat, 21 Mar 2020 09:11:56 -0400 Kevin Becker <kevin@xxxxxxxxxxxxxxx> wrote:

> I use openconnect to connect to my workplace Cisco AnyConnect VPN
> regularly. We don't require 2-factor auth but it looks like openconnect
> supports it.
>
> https://dmoerner.wordpress.com/2015/11/04/howto-openconnect-vpn-with-duo-multifactor-authentication/

Thanks! I used to use NetworkManager-openconnect until the switch about 7 months ago. Unfortunately, unlike most educational institutions, we went with okta which appears to be more used in businesses perhaps. It appears to be possible based on okta's blurbs (the sites are fairly informative but at too technical a level for me and I can not figure it out easily) and no one has recorded it as clearly in the same manner as in the page that you have provided in the link above. One nice thing about the Cisco anyconnect interface is how very rarely it asks for the OTP, however, unlike openconnect previously, it does not prefill the username and password because it is not integrated with the keyring (I guess). Cisco's anyconnect also tries to reconnect immediately after dropping connection.

> I leave our default split-tunnelling configuration enabled.  This
> routes only traffic bound for my workplace subnets through the VPN and
> everything else goes out through my local network.  However, you can do
> a lot of custom config via the command line.  The config and startup
> script are in /etc/vpnc, but I just use the Gnome GUI interface for
> Network Manager to configure mine.  In the GUI there is a checkbox for
> "Use this connection only for resources on its network" that if you
> uncheck should route all traffic through the VPN.

Where do you find this checkbox? I have looked at all the GUI options but can not find it.  Btw, NetworkManager in the Connection Information recognizes both the interfaces.

Thanks,
Ranjan


>
>
> On Fri, 2020-03-20 at 22:46 -0500, Ranjan Maitra wrote:
> > Hi,
> >
> > I am on a fully updated F31 and I would like my traffic (especially
> > postfix) to go through Cisco's AnyConnect VPN when that is up. (I am
> > reduced to having to use this proprietary software because of 2-
> > factor authentication required for VPN at my institution.)
> >
> > Anyway, I came across the following 7-year old example:
> >
> > http://tim.rideyourbike.org/2013/02/force-traffic-through-your-cisco.html
> >
> > and the following 4-year old example:
> >
> > https://sweetcode.io/routing-all-traffic-through-a-vpn-gateway-on-linux/
> >
> > But I was wondering if there is a better option.
> >
> > Alternatively, or perhaps what will meet my needs, is it possible to
> > have the at least postfix traffic go through VPN? If so, how do I do
> > this.
> >
> > I am not knowledgeable about all this, so please also pardon my
> > naivette.
> >
> > Many thanks again for your help, and best wishes,
> > Ranjan
> > _______________________________________________
> > users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
> > To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
> > Fedora Code of Conduct:
> > https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines:
> > https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> > https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
> _______________________________________________
> users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx


--
Important Notice: This mailbox is ignored: e-mails are set to be deleted on receipt. Please respond to the mailing list if appropriate. For those needing to send personal or professional e-mail, please use appropriate addresses.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux