updated the proxy code to make it work based on other bitrot

- hipreport: updated the client version to match new globalconnect code
- hipreport: update linux kernel version to something more modern
- disable ESP and IPv6 which seem to be working poorly
- change code in ssh wrapper for no ESP

diff --git a/hipreport-modified.sh b/hipreport-modified.sh
index 2253596f2b7d1e9a3f7f630da68f7a7863cd78c2..68be2a589d3e835cfd86ab9d0a4d3f531a80b613 100755 (executable)
--- a/hipreport-modified.sh
+++ b/hipreport-modified.sh
@@ -69,8 +69,8 @@ cat <<EOF
        <generate-time>$NOW</generate-time>
        <categories>
                <entry name="host-info">
-                       <client-version>5.1.0-101</client-version>
-                       <os>Linux 4.19.0-6-amd64</os>
+                       <client-version>6.3.0-33</client-version>
+                       <os>Linux 6.1.0-31-amd64</os>
                        <os-vendor>Linux</os-vendor>
                        <domain>domain.com</domain>
                        <host-name>spes</host-name>
@@ -102,8 +102,8 @@ cat <<EOF
        <hip-report-version>4</hip-report-version>
        <categories>
                <entry name="host-info">
-                       <client-version>5.1.0-101</client-version>
-                       <os>Linux 4.19.0-6-amd64</os>
+                       <client-version>6.3.0-33</client-version>
+                       <os>Linux 6.1.0-31-amd64</os>
                        <os-vendor>Linux</os-vendor>
                        <domain>domain.com</domain>
                        <host-name>spes</host-name>

diff --git a/openconnect_command-general.sh b/openconnect_command-general.sh
index b7df39957214439f2225472dcfccf6d14091ac8d..59f32e92001edaa47cf0e99b23e8d9f147740dfc 100755 (executable)
--- a/openconnect_command-general.sh
+++ b/openconnect_command-general.sh
@@ -6,5 +6,5 @@ cd ~/bin/nu-vpn-proxy
 ## do the authentication
 eval $( ./gp-saml-gui.py -v --gateway --clientos=Linux vpn-connect2.northwestern.edu ) 
 
-echo "$COOKIE" | sudo openconnect --useragent="PAN GlobalConnect" --version-string='5.1.0-101' --protocol=gp -u "$USER" --os="$OS" --passwd-on-stdin "$HOST" --csd-wrapper="hipreport-modified.sh" --reconnect-timeout 60
+echo "$COOKIE" | sudo openconnect --useragent="PAN GlobalConnect" --version-string='6.3.0-33' --protocol=gp -u "$USER" --os="$OS" --passwd-on-stdin "$HOST" --csd-wrapper="hipreport-modified.sh" --reconnect-timeout 60
 

diff --git a/openconnect_command-http.sh b/openconnect_command-http.sh
index e7821b88da21f27e1f42b5cb1e9a79ff4b65e5ee..335fd812c823592c243711873d67d06e1e3b1f30 100755 (executable)
--- a/openconnect_command-http.sh
+++ b/openconnect_command-http.sh
@@ -12,6 +12,6 @@ cd ~/bin/nu-vpn-proxy
 eval $( ./gp-saml-gui.py -v --gateway --clientos=Linux vpn-connect2.northwestern.edu ) 
 
 
-echo "$COOKIE" | /usr/sbin/openconnect --verbose --useragent="PAN GlobalConnect" --version-string='5.1.0-101' --protocol=gp -u "$USER" --os="$OS" --passwd-on-stdin "$HOST" --csd-wrapper="hipreport-modified.sh" --reconnect-timeout 60 --script-tun --script "ocproxy -D 8181 --keepalive 5 --verbose" -b --pid-file "${PID_FILE}"
+echo "$COOKIE" | /usr/sbin/openconnect --verbose --useragent="PAN GlobalConnect" --version-string='6.3.0-33' --protocol=gp -u "$USER" --os="$OS" --passwd-on-stdin "$HOST" --csd-wrapper="hipreport-modified.sh" --reconnect-timeout 60 --script-tun --script "ocproxy -D 8181 --keepalive 5 --verbose" -b --pid-file "${PID_FILE}"
 
 

diff --git a/openconnect_command-ssh.sh b/openconnect_command-ssh.sh
index 2a875ff3370936b1cf62a5111e412273e45bb229..d20f7239dd26b960e2358da7e676da7727d5448f 100755 (executable)
--- a/openconnect_command-ssh.sh
+++ b/openconnect_command-ssh.sh
@@ -12,5 +12,4 @@ cd ~/bin/nu-vpn-proxy
 ## do the authentication
 eval $( ./gp-saml-gui.py -v --gateway --clientos=Linux vpn-connect2.northwestern.edu ) 
 
-echo "$COOKIE" | /usr/sbin/openconnect --useragent="PAN GlobalConnect" --version-string='5.1.0-101' --protocol=gp -u "$USER" --os="$OS" --passwd-on-stdin "$HOST" --csd-wrapper="hipreport-modified.sh" --reconnect-timeout 60 --script-tun --script "ocproxy -D 9052" -b --pid-file "${PID_FILE}"
-
+echo "${COOKIE}" | /usr/sbin/openconnect --protocol=gp '--useragent=PAN GlobalProtect' --user="${USER}" --os="${OS}" --usergroup=gateway:prelogin-cookie --passwd-on-stdin vpn-connect2.northwestern.edu --csd-wrapper="hipreport-modified.sh" --reconnect-timeout 60 --script-tun --script "ocproxy -D 9052" -b --disable-ipv6 --no-dtls --pid-file "${PID_FILE}"

diff --git a/ssh-vpn-proxy b/ssh-vpn-proxy
index 58f847a69eaa0fc52b76686bafc8565e66b1fef1..6f3644c4f4391cc525809d0d74e4ab336ed133fe 100755 (executable)
--- a/ssh-vpn-proxy
+++ b/ssh-vpn-proxy
@@ -2,7 +2,8 @@
 
 export OPENSSL_CONF="${HOME}/bin/nu-vpn-proxy/openssl.conf"
 # this allows for legacy renegotation which seems to be required now
-SEARCH_PATTERN="ESP tunnel connected; exiting HTTPS mainloop."
+# SEARCH_PATTERN="ESP tunnel connected; exiting HTTPS mainloop."
+SEARCH_PATTERN="Continuing in background; pid"
 
 # connects to SSH through openconnect and VPN
 # for use with ProxyCommand in SSH