On Tue, 2018-01-23 at 19:39 -0500, James Ralston wrote: > > The problem with this approach is that it necessitates calling > openconnect by hand.? We'd prefer to avoid that, because adding a new > VPN connection within NetworkManager is what our users (and most Linux > users, I suspect) are used to.? And unfortunately, NetworkManager > doesn't know how to configure a VPN interface that calls openconnect > with a custom authentication piece. It isn't pretty but it can be done. Here's what I do on crappy hotel and airport networks, to get around the fact that $EMPLOYER forces me to use Ubuntu and Ubuntu never actually fix any bugs, so I have only about 15 seconds to log into the VPN... #!/bin/sh HOST="$1" if [ -z "$HOST" ]; then ????HOST=vpn.example.com fi COOKIE= eval `openconnect --csd-wrapper ~dwmw/bin/csd_wrapper --user $LOGNAME \ --authgroup example-Ubuntu $HOST --authenticate` if [ -z "$COOKIE" ]; then ????exit 1 fi nmcli con up 'Example VPN' passwd-file /proc/self/fd/5 5<<EOF vpn.secrets.cookie:$COOKIE vpn.secrets.gwcert:$FINGERPRINT vpn.secrets.gateway:$HOST EOF But yes, manually recognising individual forms is vile, and I'd love to have a webview thing in the real authentication dialog. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5213 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20180124/05678846/attachment.bin>
