updated the proxy code to make it work based on other bitrot

- hipreport: updated the client version to match new globalconnect code - hipreport: update linux kernel version to something more modern - disable ESP and IPv6 which seem to be working poorly - change code in ssh wrapper for no ESP
2025-03-09 23:10:39 -07:00 · 2025-03-09 23:10:39 -07:00 · c3af198d87
commit c3af198d87
parent 5d9f17d8ee
5 changed files with 9 additions and 9 deletions
--- a/hipreport-modified.sh
+++ b/hipreport-modified.sh
@ -69,8 +69,8 @@ cat <<EOF
 	<generate-time>$NOW</generate-time>
 	<categories>
 		<entry name="host-info">
-			<client-version>5.1.0-101</client-version>
-			<os>Linux 4.19.0-6-amd64</os>
+			<client-version>6.3.0-33</client-version>
+			<os>Linux 6.1.0-31-amd64</os>
 			<os-vendor>Linux</os-vendor>
 			<domain>domain.com</domain>
 			<host-name>spes</host-name>
@ -102,8 +102,8 @@ cat <<EOF
 	<hip-report-version>4</hip-report-version>
 	<categories>
 		<entry name="host-info">
-			<client-version>5.1.0-101</client-version>
-			<os>Linux 4.19.0-6-amd64</os>
+			<client-version>6.3.0-33</client-version>
+			<os>Linux 6.1.0-31-amd64</os>
 			<os-vendor>Linux</os-vendor>
 			<domain>domain.com</domain>
 			<host-name>spes</host-name>
--- a/openconnect_command-general.sh
+++ b/openconnect_command-general.sh
@ -6,5 +6,5 @@ cd ~/bin/nu-vpn-proxy
 ## do the authentication
 eval $( ./gp-saml-gui.py -v --gateway --clientos=Linux vpn-connect2.northwestern.edu ) 

-echo "$COOKIE" | sudo openconnect --useragent="PAN GlobalConnect" --version-string='5.1.0-101' --protocol=gp -u "$USER" --os="$OS" --passwd-on-stdin "$HOST" --csd-wrapper="hipreport-modified.sh" --reconnect-timeout 60
+echo "$COOKIE" | sudo openconnect --useragent="PAN GlobalConnect" --version-string='6.3.0-33' --protocol=gp -u "$USER" --os="$OS" --passwd-on-stdin "$HOST" --csd-wrapper="hipreport-modified.sh" --reconnect-timeout 60

--- a/openconnect_command-http.sh
+++ b/openconnect_command-http.sh
@ -12,6 +12,6 @@ cd ~/bin/nu-vpn-proxy
 eval $( ./gp-saml-gui.py -v --gateway --clientos=Linux vpn-connect2.northwestern.edu ) 


-echo "$COOKIE" | /usr/sbin/openconnect --verbose --useragent="PAN GlobalConnect" --version-string='5.1.0-101' --protocol=gp -u "$USER" --os="$OS" --passwd-on-stdin "$HOST" --csd-wrapper="hipreport-modified.sh" --reconnect-timeout 60 --script-tun --script "ocproxy -D 8181 --keepalive 5 --verbose" -b --pid-file "${PID_FILE}"
+echo "$COOKIE" | /usr/sbin/openconnect --verbose --useragent="PAN GlobalConnect" --version-string='6.3.0-33' --protocol=gp -u "$USER" --os="$OS" --passwd-on-stdin "$HOST" --csd-wrapper="hipreport-modified.sh" --reconnect-timeout 60 --script-tun --script "ocproxy -D 8181 --keepalive 5 --verbose" -b --pid-file "${PID_FILE}"


--- a/openconnect_command-ssh.sh
+++ b/openconnect_command-ssh.sh
@ -12,5 +12,4 @@ cd ~/bin/nu-vpn-proxy
 ## do the authentication
 eval $( ./gp-saml-gui.py -v --gateway --clientos=Linux vpn-connect2.northwestern.edu ) 

-echo "$COOKIE" | /usr/sbin/openconnect --useragent="PAN GlobalConnect" --version-string='5.1.0-101' --protocol=gp -u "$USER" --os="$OS" --passwd-on-stdin "$HOST" --csd-wrapper="hipreport-modified.sh" --reconnect-timeout 60 --script-tun --script "ocproxy -D 9052" -b --pid-file "${PID_FILE}"
-
+echo "${COOKIE}" | /usr/sbin/openconnect --protocol=gp '--useragent=PAN GlobalProtect' --user="${USER}" --os="${OS}" --usergroup=gateway:prelogin-cookie --passwd-on-stdin vpn-connect2.northwestern.edu --csd-wrapper="hipreport-modified.sh" --reconnect-timeout 60 --script-tun --script "ocproxy -D 9052" -b --disable-ipv6 --no-dtls --pid-file "${PID_FILE}"
--- a/3
+++ b/3
@ -2,7 +2,8 @@

 export OPENSSL_CONF="${HOME}/bin/nu-vpn-proxy/openssl.conf"
 # this allows for legacy renegotation which seems to be required now
-SEARCH_PATTERN="ESP tunnel connected; exiting HTTPS mainloop."
+# SEARCH_PATTERN="ESP tunnel connected; exiting HTTPS mainloop."
+SEARCH_PATTERN="Continuing in background; pid"

 # connects to SSH through openconnect and VPN
 # for use with ProxyCommand in SSH