--- /dev/null
+===========================
+== INSTALLATION ===========
+===========================
+
+1.
+
+Install prerequisites. This will include:
+
+sudo apt install python3-gi gir1.2-gtk-3.0 gir1.2-webkit2-4.0
+
+2.
+
+Install this directory into: ~/bin/nu-vpn-proxy
+
+3.
+
+Change your System UUID. You can get this with command:
+
+ sudo dmidecode|grep UUID
+
+You should see a line like:
+
+ UUID: deadbeef-dead-beef-dead-beefdeadbeef
+
+Edit the file hipreport-modified.sh to change the variable HOSTID so that it is
+equal to this number. Change the line that says
+"deadbeef-dead-beef-dead-beefdeadbeaf" so that it lists your UUID.
+
+4. [optional]
+
+Change bmh1867 to your username and add the following stanza text to your
+~/.ssh/config:
+
+Host kibo kibo.soc.northwestern.edu
+ Hostname kibo.soc.northwestern.edu
+ User bmh1867
+ ProxyCommand ~/bin/nu-vpn-proxy/ssh-vpn-proxy %h %p
+ ForwardAgent yes
+ ServerAliveInterval 120
+
+===========================
+== USAGE ==================
+===========================
+
+There are two ways to use this.
+
+1. *Only* for SSH connections to kibo.
+
+This should be just as simple as running:
+
+ ssh-kibo
+
+You can run the command mulptiple time and it should work. When you close the
+first connection though, it will disconnect all of your connections.
+
+2. Your entire connection.
+
+Run the following command:
+
+ ~/bin/openconnect_command-general.sh
+
+While this command is running, you should be connected through the VPN. Run
+Ctrl-C to disconnect.
+
--- /dev/null
+#!/bin/sh
+
+# openconnect will call this script with the follow command-line
+# arguments, which are needed to populate the contents of the
+# HIP report:
+#
+# --cookie: a URL-encoded string, as output by openconnect
+# --authenticate --protocol=gp, which includes parameters
+# from the /ssl-vpn/login.esp response
+#
+# --client-ip{,v6}: IPv4/6 addresses allocated by the GlobalProtect
+# VPN for this client (included in
+# /ssl-vpn/getconfig.esp response)
+#
+# --md5: The md5 digest to encode into this HIP report. I'm not sure
+# exactly what this is the md5 digest *of*, but all that
+# really matters is that the value in the HIP report
+# submission should match the value in the HIP report check.
+#
+# This hipreport.sh does not work as-is on Android. The large here-doc
+# (cat <<EOF) does not appear to work with Android's /system/bin/sh,
+# likely due to an insufficient read buffer size.
+# Try hipreport-android.sh instead.
+
+# Read command line arguments into variables
+COOKIE=
+IP=
+IPv6=
+MD5=
+
+while [ "$1" ]; do
+ if [ "$1" = "--cookie" ]; then shift; COOKIE="$1"; fi
+ if [ "$1" = "--client-ip" ]; then shift; IP="$1"; fi
+ if [ "$1" = "--client-ipv6" ]; then shift; IPV6="$1"; fi
+ if [ "$1" = "--md5" ]; then shift; MD5="$1"; fi
+ shift
+done
+
+if [ -z "$COOKIE" -o -z "$MD5" -o -z "$IP$IPV6" ]; then
+ echo "Parameters --cookie, --md5, and --client-ip and/or --client-ipv6 are required" >&2
+ exit 1;
+fi
+
+# Extract username and domain and computer from cookie
+USER=$(echo "$COOKIE" | sed -rn 's/(.+&|^)user=([^&]+)(&.+|$)/\2/p')
+DOMAIN=$(echo "$COOKIE" | sed -rn 's/(.+&|^)domain=([^&]+)(&.+|$)/\2/p')
+COMPUTER=$(echo "$COOKIE" | sed -rn 's/(.+&|^)computer=([^&]+)(&.+|$)/\2/p')
+
+# Timestamp in the format expected by GlobalProtect server
+NOW=$(date +'%m/%d/%Y %H:%M:%S')
+DAY=$(date +'%d')
+MONTH=$(date +'%m')
+YEAR=$(date +'%Y')
+
+# This value may need to be extracted from the official HIP report, if a made-up value is not accepted.
+HOSTID="deadbeef-dead-beef-dead-beefdeadbeef"
+
+cat <<EOF
+
+<?xml version="1.0" encoding="UTF-8"?>
+<hip-report>
+ <md5-sum>$MD5</md5-sum>
+ <user-name>$USER</user-name>
+ <domain>$USER</domain>
+ <host-name>$COMPUTER</host-name>
+ <host-id>$HOSTID</host-id>
+ <ip-address>$IP</ip-address>
+ <ipv6-address>$IPV6</ipv6-address>
+ <generate-time>$NOW</generate-time>
+ <categories>
+ <entry name="host-info">
+ <client-version>5.1.0-101</client-version>
+ <os>Linux 4.19.0-6-amd64</os>
+ <os-vendor>Linux</os-vendor>
+ <domain>domain.com</domain>
+ <host-name>spes</host-name>
+ <host-id>d6f838cc-2b6f-11b2-a85c-d7bcda6b231e</host-id>
+ <network-interface>
+ <entry name="pan1">
+ <description>pan1</description>
+ <mac-address>42:4e:62:fe:ef:87</mac-address>
+ <ip-address>
+ <entry name="$IP"/>
+ </ip-address>
+ <ipv6-address>
+ <entry name="$IPV6"/>
+ </ipv6-address>
+ </entry>
+ </network-interface>
+ </entry>
+ </categories>
+</hip-report><?xml version="1.0" encoding="UTF-8"?>
+<hip-report>
+ <md5-sum>$MD5</md5-sum>
+ <user-name>$USER</user-name>
+ <domain>$USER</domain>
+ <host-name>$COMPUTER</host-name>
+ <host-id>$HOSTID</host-id>
+ <ip-address>$IP</ip-address>
+ <ipv6-address>$IPV6</ipv6-address>
+ <generate-time>$NOW</generate-time>
+ <hip-report-version>4</hip-report-version>
+ <categories>
+ <entry name="host-info">
+ <client-version>5.1.0-101</client-version>
+ <os>Linux 4.19.0-6-amd64</os>
+ <os-vendor>Linux</os-vendor>
+ <domain>domain.com</domain>
+ <host-name>spes</host-name>
+ <host-id>d6f838cc-2b6f-11b2-a85c-d7bcda6b231e</host-id>
+ <network-interface>
+ <entry name="pan1">
+ <description>pan1</description>
+ <mac-address>42:4e:62:fe:ef:87</mac-address>
+ <ip-address>
+ <entry name="$IP"/>
+ </ip-address>
+ <ipv6-address>
+ <entry name="$IPV6"/>
+ </ipv6-address>
+ </entry>
+ </network-interface>
+ </entry>
+ <entry name="anti-malware">
+ <list>
+ </list>
+ </entry>
+ <entry name="disk-backup">
+ <list>
+ </list>
+ </entry>
+ <entry name="disk-encryption">
+ <list>
+ </list>
+ </entry>
+ <entry name="firewall">
+ <list>
+ </list>
+ </entry>
+ <entry name="patch-management">
+ <list>
+ </list>
+ </entry>
+ <entry name="data-loss-prevention">
+ <list>
+ </list>
+ </entry>
+ </categories>
+</hip-report>
+EOF
projects / nu-vpn-proxy.git / commitdiff