From: Benjamin Mako Hill Date: Mon, 10 Mar 2025 06:10:39 +0000 (-0700) Subject: updated the proxy code to make it work based on other bitrot X-Git-Url: https://code.communitydata.science/nu-vpn-proxy.git/commitdiff_plain/c3af198d8797d9d03af520f7662e932f26472573?hp=-c updated the proxy code to make it work based on other bitrot - hipreport: updated the client version to match new globalconnect code - hipreport: update linux kernel version to something more modern - disable ESP and IPv6 which seem to be working poorly - change code in ssh wrapper for no ESP --- c3af198d8797d9d03af520f7662e932f26472573 diff --git a/hipreport-modified.sh b/hipreport-modified.sh index 2253596..68be2a5 100755 --- a/hipreport-modified.sh +++ b/hipreport-modified.sh @@ -69,8 +69,8 @@ cat <$NOW - 5.1.0-101 - Linux 4.19.0-6-amd64 + 6.3.0-33 + Linux 6.1.0-31-amd64 Linux domain.com spes @@ -102,8 +102,8 @@ cat <4 - 5.1.0-101 - Linux 4.19.0-6-amd64 + 6.3.0-33 + Linux 6.1.0-31-amd64 Linux domain.com spes diff --git a/openconnect_command-general.sh b/openconnect_command-general.sh index b7df399..59f32e9 100755 --- a/openconnect_command-general.sh +++ b/openconnect_command-general.sh @@ -6,5 +6,5 @@ cd ~/bin/nu-vpn-proxy ## do the authentication eval $( ./gp-saml-gui.py -v --gateway --clientos=Linux vpn-connect2.northwestern.edu ) -echo "$COOKIE" | sudo openconnect --useragent="PAN GlobalConnect" --version-string='5.1.0-101' --protocol=gp -u "$USER" --os="$OS" --passwd-on-stdin "$HOST" --csd-wrapper="hipreport-modified.sh" --reconnect-timeout 60 +echo "$COOKIE" | sudo openconnect --useragent="PAN GlobalConnect" --version-string='6.3.0-33' --protocol=gp -u "$USER" --os="$OS" --passwd-on-stdin "$HOST" --csd-wrapper="hipreport-modified.sh" --reconnect-timeout 60 diff --git a/openconnect_command-http.sh b/openconnect_command-http.sh index e7821b8..335fd81 100755 --- a/openconnect_command-http.sh +++ b/openconnect_command-http.sh @@ -12,6 +12,6 @@ cd ~/bin/nu-vpn-proxy eval $( ./gp-saml-gui.py -v --gateway --clientos=Linux vpn-connect2.northwestern.edu ) -echo "$COOKIE" | /usr/sbin/openconnect --verbose --useragent="PAN GlobalConnect" --version-string='5.1.0-101' --protocol=gp -u "$USER" --os="$OS" --passwd-on-stdin "$HOST" --csd-wrapper="hipreport-modified.sh" --reconnect-timeout 60 --script-tun --script "ocproxy -D 8181 --keepalive 5 --verbose" -b --pid-file "${PID_FILE}" +echo "$COOKIE" | /usr/sbin/openconnect --verbose --useragent="PAN GlobalConnect" --version-string='6.3.0-33' --protocol=gp -u "$USER" --os="$OS" --passwd-on-stdin "$HOST" --csd-wrapper="hipreport-modified.sh" --reconnect-timeout 60 --script-tun --script "ocproxy -D 8181 --keepalive 5 --verbose" -b --pid-file "${PID_FILE}" diff --git a/openconnect_command-ssh.sh b/openconnect_command-ssh.sh index 2a875ff..d20f723 100755 --- a/openconnect_command-ssh.sh +++ b/openconnect_command-ssh.sh @@ -12,5 +12,4 @@ cd ~/bin/nu-vpn-proxy ## do the authentication eval $( ./gp-saml-gui.py -v --gateway --clientos=Linux vpn-connect2.northwestern.edu ) -echo "$COOKIE" | /usr/sbin/openconnect --useragent="PAN GlobalConnect" --version-string='5.1.0-101' --protocol=gp -u "$USER" --os="$OS" --passwd-on-stdin "$HOST" --csd-wrapper="hipreport-modified.sh" --reconnect-timeout 60 --script-tun --script "ocproxy -D 9052" -b --pid-file "${PID_FILE}" - +echo "${COOKIE}" | /usr/sbin/openconnect --protocol=gp '--useragent=PAN GlobalProtect' --user="${USER}" --os="${OS}" --usergroup=gateway:prelogin-cookie --passwd-on-stdin vpn-connect2.northwestern.edu --csd-wrapper="hipreport-modified.sh" --reconnect-timeout 60 --script-tun --script "ocproxy -D 9052" -b --disable-ipv6 --no-dtls --pid-file "${PID_FILE}" diff --git a/ssh-vpn-proxy b/ssh-vpn-proxy index 58f847a..6f3644c 100755 --- a/ssh-vpn-proxy +++ b/ssh-vpn-proxy @@ -2,7 +2,8 @@ export OPENSSL_CONF="${HOME}/bin/nu-vpn-proxy/openssl.conf" # this allows for legacy renegotation which seems to be required now -SEARCH_PATTERN="ESP tunnel connected; exiting HTTPS mainloop." +# SEARCH_PATTERN="ESP tunnel connected; exiting HTTPS mainloop." +SEARCH_PATTERN="Continuing in background; pid" # connects to SSH through openconnect and VPN # for use with ProxyCommand in SSH