On Thu, Apr 23, 2020 at 10:29 AM yesi <yesi@xxxxxxxxxx> wrote: > The aim is to use OpenConnect and to disguise the Linux as a Windows Client. Why? What is the point of disguising this client as another one? Does the VPN actually *prevent* you from connecting unless you spoof another device? Do the administrators yell at you if they see you are using an “unauthorized” client? I don't fully understand why users want to do this. >From the point of view of developing OpenConnect and getting it to work with as many VPNs as possible, we want VPN admins to *see* that many of their users are using OpenConnect, and to understand that they need to take it seriously and test that it is supported as a client. Indistinguishably spoofing the official clients doesn't help this. > Si, i apply the patch from Raph with the GIT clone repo (SHA of the last > commit : 52bf0e97c8f6de9e057562a83e645075ffb98c2e) and i changed : > - the conditional option from --os=linux-64 to --os=win > - i gave the parameters handly into env.sh : OC_DEVICE_TYPE, > OC_PLATFORM_VERSION, OC_MAC_ADDRESS > > for the ASA attributs : > Session Attribute endpoint.anyconnect.devicetype > Session Attribute endpoint.anyconnect.platformversion > Session Attribute endpoint.anyconnect.deviceuniqueid > Session Attribute endpoint.anyconnect.macaddress["0"] > Session Attribute endpoint.anyconnect.publicmacaddress > > Here are the options given to the CLI : --os=win --local-hostname > --useragent --version-string > > But i got an error after connecting : > "unknown reason 'attempt-reconnect'. Maybe vpnc-script is out of date" > Then i lost my connection to a local server. > > But, the patch does work fine. > It would be nice to add it. :) I would propose that we add a CLI option, something like `--local-attributes` (to go along with `--local-hostname`): - For AnyConnect, you could set, say "--local-attributes devicetype=FOO,platformversion=BAR,deviceuniqueid=BLAHBLAHBLAH" - For Juniper/Pulse, you could set "--local-attributes deviceid=BLAH" - For GP, you could set "--local-attributes hostid=BLAHBLAHBLAHBLAH" … and we'd parse these into lists, and inject them into whatever bits of protocol-specific junk and Trojans demand them. David, I can code this up if it looks reasonable to you. Dan _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
