On Thu, 2020-04-16 at 22:46 +0200, yesi wrote: > Hi, > > Thank you for your works. > > > I was given a windows laptop with Anyconnect client to connect to > the > VPN server. > > There is an registered unique ID (i suppose > endpoint.anyconnect.deviceuniqueid) that was made when the windows > client was connected for the first time. > > So before that the filter was applied, using Openconnect on Linux to > connect to Cisco/ASA SSL VPN does work. > > > But today, the admin to secure better uses DAP of Cisco/ASA, to > filter > by that unique ID. I have that ID. > > It seems that it uses |%ASA-7-734003|. > > From [1], there are various options that can be given. > > Openconnect does not give some options when connecting into the ASA > logs > : it does not give that ID when logging. i do not see these > informations > into the ASA logs. > > But AnyConnect client on a Windows station give to ASA logs some > endpoint options as : > > - endpoint.anyconnect.deviceuniqueid > > - endpoint.anyconnect.macaddress > > - endpoint.anyconnect.address > > - etc > > > What i would like to use is to give the option of > endpoint.anyconnect.deviceuniqueid when running openconnect. > > I am not it is implemented, isn't it ? > > If yes, which option could i use ? > > If not, do you think that option could later be added ? > > Actually, i can use the 8.05, 8.06 and Git version. > > > Thank you in advance for return. I think you can set at least the unique ID with the openconnect_set_mobile_info() function, which isn't exposed on the command line. Do you want to try using that and let us know if it does what you expect? There was a patch at http://lists.infradead.org/pipermail/openconnect-devel/2016-July/003808.html which attempted to add support for it for non-mobile platforms but it needed a little more work. We should probably revisit that. I note modern AnyConnect also sends a 'unique-id-global' as well as the 'unique-id' field.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
