natrinicle
/
schnippets
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
It's a type of Planche
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
36 Commits
1 Branch
Tree: 04a80c11f3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '04a80c11f3'
${ noResults }
schnippets/openconnect.usr.bin

openconnect.usr.bin 1.3KB
Raw Normal View History

Adding OpenConnect Override Scripts Adding OpenConnect no-dtls override scripts which are necessary for the broken VPN servers at Overstock.
5 years ago
 1234567891011121314151617181920212223242526272829303132333435 
  1. #!/usr/bin/env bash

  2. 

  3. # Networkmanager override to set no-dtls this is required for

  4. # Overstock Juniper Pulse VPN as they do not have proper UDP set up

  5. # and without that, CPU shoots over 100% and the logs fill up fast.

  6. #

  7. # Found the binary path search order in

  8. # https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/\

  9. # blob/master/src/nm-openconnect-service.c

  10. #

  11. # static const char *openconnect_binary_paths[] =

  12. # {

  13. # 	"/usr/bin/openconnect",

  14. # 	"/usr/sbin/openconnect",

  15. # 	"/usr/local/bin/openconnect",

  16. # 	"/usr/local/sbin/openconnect",

  17. # 	"/opt/bin/openconnect",

  18. # 	"/opt/sbin/openconnect",

  19. # 	NULL

  20. # };

  21. #

  22. # And found the hint of which flag to add on the OpenConnect Wiki

  23. #

  24. # The second phase uses that cookie to connect to a tunnel via HTTPS,

  25. # and data packets can be passed over the resulting connection. When

  26. # possible, a UDP tunnel is also configured: AnyConnect uses DTLS,

  27. # while Juniper and GlobalProtect use UDP-encapsulated ESP. The UDP

  28. # tunnel may be disabled with --no-dtls, but is preferred when

  29. # correctly supported by the server and network for performance

  30. # reasons. (TCP performs poorly and unreliably over TCP-based

  31. # tunnels; see http://sites.inka.de/~W1011/devel/tcp-tcp.html.)

  32. # https://www.infradead.org/openconnect/manual.html

  33. #/usr/sbin/openconnect --no-dtls ${@}

  34. 

  35. /usr/local/sbin/openconnect