Browse Source

Adding OpenConnect Override Scripts

Adding OpenConnect no-dtls override scripts which are necessary for
the broken VPN servers at Overstock.
master
Nate Bohman 6 years ago
parent
commit
60f59d4469
2 changed files with 38 additions and 0 deletions
  1. +35
    -0
      openconnect.usr.bin
  2. +3
    -0
      openconnect.usr.local.sbin

+ 35
- 0
openconnect.usr.bin View File

@@ -0,0 +1,35 @@
#!/usr/bin/env bash

# Networkmanager override to set no-dtls this is required for
# Overstock Juniper Pulse VPN as they do not have proper UDP set up
# and without that, CPU shoots over 100% and the logs fill up fast.
#
# Found the binary path search order in
# https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/\
# blob/master/src/nm-openconnect-service.c
#
# static const char *openconnect_binary_paths[] =
# {
# "/usr/bin/openconnect",
# "/usr/sbin/openconnect",
# "/usr/local/bin/openconnect",
# "/usr/local/sbin/openconnect",
# "/opt/bin/openconnect",
# "/opt/sbin/openconnect",
# NULL
# };
#
# And found the hint of which flag to add on the OpenConnect Wiki
#
# The second phase uses that cookie to connect to a tunnel via HTTPS,
# and data packets can be passed over the resulting connection. When
# possible, a UDP tunnel is also configured: AnyConnect uses DTLS,
# while Juniper and GlobalProtect use UDP-encapsulated ESP. The UDP
# tunnel may be disabled with --no-dtls, but is preferred when
# correctly supported by the server and network for performance
# reasons. (TCP performs poorly and unreliably over TCP-based
# tunnels; see http://sites.inka.de/~W1011/devel/tcp-tcp.html.)
# https://www.infradead.org/openconnect/manual.html
#/usr/sbin/openconnect --no-dtls ${@}

/usr/local/sbin/openconnect

+ 3
- 0
openconnect.usr.local.sbin View File

@@ -0,0 +1,3 @@
#!/usr/bin/env bash

/usr/sbin/openconnect --no-dtls "${@}"

Loading…
Cancel
Save