Re: NetworkManager-openconnect multiple VPN Hosts

Grant Williamson <traxtopel@xxxxxxxxx> · Thu, 2 Apr 2020 17:50:22 +0200

That makes sense, thank you for the explanation.

On Thu, Apr 2, 2020 at 3:50 PM David Woodhouse <dwmw2@xxxxxxxxxxxxx> wrote:
>
> On Thu, 2020-04-02 at 15:20 +0200, Grant Williamson wrote:
> > Is there a way to specify multiple VPN hosts in the
> > NetworkManager-openconnect system-connections profile?
> >
> > I can see there is a drop down menu option in the connection dialog,
> > wondering how to add multiple hosts(if possible)?
>
> It gets them out of the XML profile which is provided from the
> AnyConnect server.
>
> The xmlconfig key in the VPN date contains that XML, base64-encoded.
> Make it look like an AnyConnect profile file. So something like...
>
> <AnyConnectProfile>
>   <ServerList>
>     <HostEntry>
>       <HostName>My First Server</HostName>
>       <HostAddress>vpn1.example.com</HostAddress>
>     </HostEntry>
>     <HostEntry>
>       <HostName>My Second Server</HostName>
>       <HostAddress>vpn2.example.com</HostAddress>
>     </HostEntry>
>   </ServerList>
> </AnyConnectProfile>
>
> ...would base64-encode to:
>
> PEFueUNvbm5lY3RQcm9maWxlPgogIDxTZXJ2ZXJMaXN0PgogICAgPEhvc3RFbnRyeT4KICAgICAg
> PEhvc3ROYW1lPk15IEZpcnN0IFNlcnZlcjwvSG9zdE5hbWU+CiAgICAgIDxIb3N0QWRkcmVzcz52
> cG4xLmV4YW1wbGUuY29tPC9Ib3N0QWRkcmVzcz4KICAgIDwvSG9zdEVudHJ5PgogICAgPEhvc3RF
> bnRyeT4KICAgICAgPEhvc3ROYW1lPk15IFNlY29uZCBTZXJ2ZXI8L0hvc3ROYW1lPgogICAgICA8
> SG9zdEFkZHJlc3M+dnBuMi5leGFtcGxlLmNvbTwvSG9zdEFkZHJlc3M+CiAgICA8L0hvc3RFbnRy
> eT4KICA8L1NlcnZlckxpc3Q+CjwvQW55Q29ubmVjdFByb2ZpbGU+Cg==
>
> So if I change one of my test connections...
>
> nmcli con modify 'Pulse' vpn.secrets "xmlconfig=PEFueUNvbm5lY3RQcm9maWxlPgogIDxTZXJ2ZXJMaXN0PgogICAgPEhvc3RFbnRyeT4KICAgICAgPEhvc3ROYW1lPk15IEZpcnN0IFNlcnZlcjwvSG9zdE5hbWU+CiAgICAgIDxIb3N0QWRkcmVzcz52cG4xLmV4YW1wbGUuY29tPC9Ib3N0QWRkcmVzcz4KICAgIDwvSG9zdEVudHJ5PgogICAgPEhvc3RFbnRyeT4KICAgICAgPEhvc3ROYW1lPk15IFNlY29uZCBTZXJ2ZXI8L0hvc3ROYW1lPgogICAgICA8SG9zdEFkZHJlc3M+dnBuMi5leGFtcGxlLmNvbTwvSG9zdEFkZHJlc3M+CiAgICA8L0hvc3RFbnRyeT4KICA8L1NlcnZlckxpc3Q+CjwvQW55Q29ubmVjdFByb2ZpbGU+Cg=="
>
>
> ... and try to connect it it...
>
> Yep, that works.
>

_______________________________________________
openconnect-devel mailing list
openconnect-devel@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/openconnect-devel