On Fri, 2012-08-03 at 10:23 -0400, Steve Ayers wrote: > Hello, > > I am trying to connect to a VPN host at my company using OpenConnect, > but can't seem to get it working. First, I am trying from the command > line and when it gives me the '...asked us to download a CSD trojan, > you should enable it'. Where is the setting to enable that from the > command line? The --csd-user option, which specifies the user to run it as. If you trust them despite their history of making basic security mistakes, then you can use --csd-user=`whoami`. Or if you're running as root, make an unprivileged user and run the CSD crap as that user. > Second, it looks my company doesn't have Linux binaries on the server. > Is it still possible to use Open Connect or am I on a wild goose > chase? You can run it under wine, perhaps. You should be able to set vpninfo->csd_scriptname to just "csd" and that'll make it fetch the Windows version, and then use the --csd-wrapper option. That'll invoke a program or script of your choice, with the downloaded CSD blob as the first argument. If you work out what the Windows trojan actually *posts* to the server, you can probably avoid using Wine to run it, and just run a script that users 'curl' to post the "right" answers. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 6171 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120803/0365a76d/attachment-0001.bin>
