mirror of
https://git.openwrt.org/feed/packages.git
synced 2024-06-14 03:13:54 +02:00
5d85f5af63
When specifying a secondary password script, the output should be appended to the temporary password file and shouldn't overwrite it. If you refer to the case where there is a static secondary password, you can see that the secondary password is appended. Without this fix, only the secondary password is passed to the `openconnect` session. Signed-off-by: Frederick Morlock <FrederickGeek8@gmail.com> |
||
|---|---|---|
| .. | ||
| files | ||
| Config.in | ||
| Makefile | ||
| README | ||
The openconnect client expects to be configured using the uci interface. To setup a VPN connection, add the following to /etc/config/network: config interface 'MYVPN' option proto 'openconnect' option interface 'wan' option server 'vpn.example.com' option port '4443' option username 'test' option password 'secret' option serverhash 'AE7FF6A0426F0A0CD0A02EB9EC3C5066FAEB0B25' option defaultroute '0' option authgroup 'DEFAULT' # usergroup option, if required by some servers # option usergroup 'USERGROUP' # For second factor auth: # when a fixed 2FA password can be used #option password2 'my-fixed-2fa-password' # RSA tokens, must be built with stoken support #option token_mode 'rsa' #option token_secret 'secret' # HOTP/TOTP tokens #option token_mode 'hotp' #option token_secret '00' # tokens from script #option token_mode 'script' #option token_script '/lib/custom/getocpass.sh' # For non-anyconnect vpn protocols # Cisco AnyConnect (default) #option vpn_protocol 'anyconnect' # Juniper Network Connect #option vpn_protocol 'nc' # Palo Alto Networks GlobalProtect #option vpn_protocol 'gp' # Pulse Connect Secure #option vpn_protocol 'pulse' # Authentication form responses #list form_entry FORM:OPT=VAL The additional files are also used: /etc/openconnect/user-cert-vpn-MYVPN.pem: The user certificate /etc/openconnect/user-key-vpn-MYVPN.pem: The user private key /etc/openconnect/ca-vpn-MYVPN.pem: The CA certificate (instead of serverhash) After these are setup you can initiate the VPN using "ifup MYVPN", and deinitialize it using ifdown. You may also use the luci web interface (Network -> Interfaces -> MYVPN Connect). Note that you need to configure the firewall to allow communication between the MYVPN interface and lan. There is a luci plugin to allow configuring an openconnect interface from the web environment; see the luci-proto-openconnect package.