#!/usr/bin/env bash

# Networkmanager override to set no-dtls this is required for
# Overstock Juniper Pulse VPN as they do not have proper UDP set up
# and without that, CPU shoots over 100% and the logs fill up fast.
#
# Found the binary path search order in
# https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/\
# blob/master/src/nm-openconnect-service.c
#
# static const char *openconnect_binary_paths[] =
# {
# 	"/usr/bin/openconnect",
# 	"/usr/sbin/openconnect",
# 	"/usr/local/bin/openconnect",
# 	"/usr/local/sbin/openconnect",
# 	"/opt/bin/openconnect",
# 	"/opt/sbin/openconnect",
# 	NULL
# };
#
# And found the hint of which flag to add on the OpenConnect Wiki
#
# The second phase uses that cookie to connect to a tunnel via HTTPS,
# and data packets can be passed over the resulting connection. When
# possible, a UDP tunnel is also configured: AnyConnect uses DTLS,
# while Juniper and GlobalProtect use UDP-encapsulated ESP. The UDP
# tunnel may be disabled with --no-dtls, but is preferred when
# correctly supported by the server and network for performance
# reasons. (TCP performs poorly and unreliably over TCP-based
# tunnels; see http://sites.inka.de/~W1011/devel/tcp-tcp.html.)
# https://www.infradead.org/openconnect/manual.html
#/usr/sbin/openconnect --no-dtls ${@}

/usr/local/sbin/openconnect