I don't know if this should really be a networkmaneger question or not, but this seems the most likely place to ask for a recipe. I've built backported packages for network-manager-openconnect to support use with globalprotect (and Duo 2fa); see below. They work under network-manager-gnome configured to use the GP gateway straightforwardly via the GUI: authenticate with <password>,<otp-code> and connect. However I'd like to use the command line (nmcli), rather than raw openconnect (which works), on remote systems. I'm used to doing that with a less-reliable tcp-over-tcp openvpn service just by doing nmcli --ask c up <config> and authenticating. However, I can't get it working with openconnect/GP. The doc isn't clear to me about the prompts I'm seeing and how to configure out what I don't need -- at least the a certificate. I get this output, assuming the first prompt is for <password>,<code>: Connected to HTTPS on *** Got HTTP response: HTTP/1.1 502 Bad Gateway Unexpected 502 result from server Failed to obtain WebVPN cookie Error: openconnect failed with status 1 A password is required to connect to 'GP'. Gateway (vpn.secrets.gateway): A password is required to connect to 'GP'. Cookie (vpn.secrets.cookie): A password is required to connect to 'GP'. Gateway certificate hash (vpn.secrets.gwcert): Error: Connection activation failed: No valid secrets Can anyone advise? If the backported packages are useful, Debian/Ubuntu is at <https://download.opensuse.org/repositories/home:/fx/> and EL6/EL7 is at <https://copr.fedorainfracloud.org/coprs/loveshack/openconnect/>. (The dwmw2 copr doesn't have recent versions for el6/7; there are many build attempts which are failing after a day, I think just because the tests won't run. The rpms and dpkgs are built with the trojan in the same place for ease of documentation rather than using the dwmw2 PPA, but that make contravene Debian rules which I'm not up-to-date with. The PPA also doesn't have a recent enough network-manager-openconnect.) _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
