|
|
|
|
|
|
|
|
|
|
|
#!/usr/bin/env bash |
|
|
|
|
|
|
|
|
|
|
|
# Networkmanager override to set no-dtls this is required for |
|
|
|
|
|
# Overstock Juniper Pulse VPN as they do not have proper UDP set up |
|
|
|
|
|
# and without that, CPU shoots over 100% and the logs fill up fast. |
|
|
|
|
|
# |
|
|
|
|
|
# Found the binary path search order in |
|
|
|
|
|
# https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/\ |
|
|
|
|
|
# blob/master/src/nm-openconnect-service.c |
|
|
|
|
|
# |
|
|
|
|
|
# static const char *openconnect_binary_paths[] = |
|
|
|
|
|
# { |
|
|
|
|
|
# "/usr/bin/openconnect", |
|
|
|
|
|
# "/usr/sbin/openconnect", |
|
|
|
|
|
# "/usr/local/bin/openconnect", |
|
|
|
|
|
# "/usr/local/sbin/openconnect", |
|
|
|
|
|
# "/opt/bin/openconnect", |
|
|
|
|
|
# "/opt/sbin/openconnect", |
|
|
|
|
|
# NULL |
|
|
|
|
|
# }; |
|
|
|
|
|
# |
|
|
|
|
|
# And found the hint of which flag to add on the OpenConnect Wiki |
|
|
|
|
|
# |
|
|
|
|
|
# The second phase uses that cookie to connect to a tunnel via HTTPS, |
|
|
|
|
|
# and data packets can be passed over the resulting connection. When |
|
|
|
|
|
# possible, a UDP tunnel is also configured: AnyConnect uses DTLS, |
|
|
|
|
|
# while Juniper and GlobalProtect use UDP-encapsulated ESP. The UDP |
|
|
|
|
|
# tunnel may be disabled with --no-dtls, but is preferred when |
|
|
|
|
|
# correctly supported by the server and network for performance |
|
|
|
|
|
# reasons. (TCP performs poorly and unreliably over TCP-based |
|
|
|
|
|
# tunnels; see http://sites.inka.de/~W1011/devel/tcp-tcp.html.) |
|
|
|
|
|
# https://www.infradead.org/openconnect/manual.html |
|
|
|
|
|
#/usr/sbin/openconnect --no-dtls ${@} |
|
|
|
|
|
|
|
|
|
|
|
/usr/local/sbin/openconnect |