The scripts seem to be relying on a legacy openssl renegotiation
protocol and this allows it to continue. I don't know if this a
requirement on the NU side or a feature of these scripts but this
works around it in the shorter term.
--- /dev/null
+openssl_conf = openssl_init
+
+[openssl_init]
+ssl_conf = ssl_sect
+
+[ssl_sect]
+system_default = system_default_sect
+
+[system_default_sect]
+Options = UnsafeLegacyRenegotiation
+
#!/bin/bash
+export OPENSSL_CONF="${HOME}/bin/nu-vpn-proxy/openssl.conf"
+# this allows for legacy renegotation which seems to be required now
SEARCH_PATTERN="ESP tunnel connected; exiting HTTPS mainloop."
# connects to SSH through openconnect and VPN
# first run openconnect
-/sbin/start-stop-daemon --pidfile /tmp/nu-vpn-openconnect.pid -S --startas "$HOME/bin/nu-vpn-proxy/openconnect_command-ssh.sh" &
+/sbin/start-stop-daemon --pidfile /tmp/nu-vpn-openconnect.pid -S --startas "${HOME}/bin/nu-vpn-proxy/openconnect_command-ssh.sh" &
sleep 2
# kill connection on exit