Re: network-manager-openconnect, was Re: Error messages /traceroute
- From: David Woodhouse <dwmw2 infradead org>
- To: Johannes Becker <Johannes Becker hrz uni-giessen de>
- Cc: networkmanager-list gnome org, openconnect-devel lists infradead org
- Subject: Re: network-manager-openconnect, was Re: Error messages /traceroute
- Date: Wed, 24 Feb 2010 10:59:17 +0000
(Sorry for previous empty reply; I think the control key stuck, so it
sent when I hit enter.)
On Wed, 2010-02-24 at 10:53 +0100, Johannes Becker wrote:
> Am Dienstag, 23. Februar 2010 schrieb David Woodhouse:
> > I think you may need to reboot (or at least restart NM and dbus-daemon)
> > before the new NetworkManager plugin works.
> Because you can't reboot a Live-CD for this purpuse, I checked
> it again with Debian Squeeze. It's too boring to report all the
> different ways of failures with network manager. It just confirms
> my old opinion that network manager makes things not easier.
> It may work with special Linux distributions, but if it fails
> there's no help.
I think the Fedora LiveCD includes the NetworkManager-openconnect
package, so it ought to work out of the box.
I think there's a Ubuntu bug filed but the response was "it's better to
> So I will tell our users to work with the command line.
If you like, you could abuse the GUI auth-dialog tool so that you at
least get a graphical login with choice of available VPN servers.
You can run a script (like http://david.woodhou.se/make-nm-vpn.sh), note
the UUID it generates, then run
nm-openconnect-auth-dialog -u $UUID -n "$ORG VPN login" -s org.freedesktop.NetworkManager.openconnect
On a successful authentication, it'll spit out the address of the VPN
server to connect to, the authentication cookie, and the SHA1 of the
server's SSL certificate (to prevent MiTM attacks).
Then you can
echo $COOKIE | openconnect --servercert $SHA1 --cookie-on-stdin $HOST
David Woodhouse Open Source Technology Centre
David Woodhouse intel com Intel Corporation
] [Thread Prev