collective/nu-vpn-proxy
17
0
Fork 0
Code
47 Commits 1 Branch 0 Tags 198 KiB
c3af198d87
Commit Graph

47 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Benjamin Mako Hill
c3af198d87 updated the proxy code to make it work based on other bitrot 
- hipreport: updated the client version to match new globalconnect code
- hipreport: update linux kernel version to something more modern
- disable ESP and IPv6 which seem to be working poorly
- change code in ssh wrapper for no ESP
 2025-03-09 23:13:18 -07:00
Benjamin Mako Hill
5d9f17d8ee updated with the new version of gp-saml-gui (from upstream) 2025-03-09 23:10:06 -07:00
Benjamin Mako Hill
0b6ace2da3 don't run the openconnect script in the background 2023-07-06 17:55:59 -07:00
Benjamin Mako Hill
d3e3348120 update README-CDSC file to make the new openconnect issue clear 2023-06-28 12:42:28 -07:00
Benjamin Mako Hill
2970f2c702 updated to new version fo gp-saml-gui and new api 
Apparently new versions of GP hav changed the SAML API some. The
openconnect command now requires --gateway so this has been added.

I haven't tested the general and http scripts but I assume they
work. Someone else should verify.
 2023-06-28 12:42:28 -07:00
aaronshaw
4bb6708dc1 incorporating a pointer to our wiki page re issues w openconnect v8.2 and above 2023-05-12 13:44:16 -07:00
Benjamin Mako Hill
bd194355a4 Merge branch 'master' of code.communitydata.science:nu-vpn-proxy into cdsc 2023-04-19 10:05:30 -07:00
Benjamin Mako Hill
4b02c05b54 fix issue with openssl 
The scripts seem to be relying on a legacy openssl renegotiation
protocol and this allows it to continue. I don't know if this a
requirement on the NU side or a feature of these scripts but this
works around it in the shorter term.
 2023-04-19 10:03:40 -07:00
Nathan TeBlunthuis
94e337f5c2 Commands to connect / disconnect from NU vpn. 2022-05-11 20:03:51 -07:00
Nathan TeBlunthuis
1bb65fdf5f Merge branch 'master' of code:nu-vpn-proxy 2022-05-10 16:03:08 -07:00
aaronshaw
b7fca54e99 include an IPV6 address 2020-11-20 11:47:06 -06:00
aaronshaw
40750a034c Merge branch 'master' of code.communitydata.science:nu-vpn-proxy 2020-11-20 11:13:04 -06:00
Nathan TeBlunthuis
ee30b5c0ea Merge branch 'master' of code:nu-vpn-proxy into master 2020-11-20 08:53:41 -08:00
Nathan TeBlunthuis
b61f124435 nate's settings 2020-11-20 08:53:38 -08:00
Benjamin Mako Hill
3a52ba3fb9 Merge branch 'master' of code.communitydata.science:nu-vpn-proxy into cdsc 2020-11-19 17:40:23 -08:00
Benjamin Mako Hill
ce4ad0575b disable IPv6 (it doesn't seem to work) 2020-11-19 17:39:48 -08:00
Nathan TeBlunthuis
b7693c957d Minor changes to README. 2020-10-07 23:03:23 -07:00
Jeremy Foote
25c91f73ec Fixing typo in connecting to kibo via SSH 2020-06-10 09:20:11 -04:00
aaronshaw
575dc5e176 noting version requirement for openconnect 2020-06-09 21:08:03 -05:00
aaronshaw
c31fa095ab documentation bug. providing a correct path to the general vpn script in the readme. 2020-06-09 20:13:40 -05:00
Benjamin Mako Hill
60fc49fd8e updated documentation with new material 2020-06-09 16:13:39 -07:00
Benjamin Mako Hill
7e13b54cde initial version of the CDSC version of scripts 2020-06-09 16:04:15 -07:00
Daniel Lenski
47b2c41af7 have test-globalprotect-login.py suggest a new invocation of itself (gateway login) after a successful portal getconfig 
Based on cookies suggested by @yuezk at https://gitlab.com/openconnect/openconnect/-/merge_requests/109
 2020-05-13 13:34:14 -07:00
Daniel Lenski
6133ffeb7a use either PyGObject (import gi, maintained) or pgi (import pgi, old/unmaintained) 
ping #7
 2020-03-29 09:54:24 -07:00
Daniel Lenski
4ee7744d7d need to base64-decode URLs from SAML REDIRECT too 2020-03-29 09:54:24 -07:00
Daniel Lenski
6ee0c49794 I swear I know how to write Python 🤦🏻‍♂ 2020-03-23 15:18:36 -07:00
Daniel Lenski
d8929a47d1 minimal .travis.yml (just verifies that script can be byte-compiled) 2020-03-23 12:58:17 -07:00
Daniel Lenski
f381399b8f we have reports of prelogin-cookie used for portal login; don't do interface switcheroo by default, just mention it 2020-03-23 12:58:17 -07:00
Daniel Lenski
dc4665ee97 make verbose=1 the default, add -q/--quiet to suppress it 2020-03-23 12:58:17 -07:00
Daniel Lenski
66438abc7c include clientos in output command-lines and environment variables 2020-03-23 12:58:17 -07:00
Daniel Lenski
6bbbe47904 fix too-hurried ambiguity warnings, fix b64 encoding for SAML REDIRECT too 2020-03-23 12:32:39 -07:00
Daniel Lenski
2cf05074cc include clientos in prelogin.esp parameters (ping #6) 
Apparently, it affects whether the prelogin.esp response contains SAML tags
in some cases.
(see https://github.com/dlenski/gp-saml-gui/issues/6#issuecomment-599743060)

This fits in with a long line of mystifying issues caused by GlobalProtect servers
silently handling different `clientos` values in stupidly different ways.
(see https://gitlab.com/openconnect/openconnect/-/merge_requests/17)
 2020-03-17 15:55:21 -07:00
Daniel Lenski
3e09aecfec clarify ambiguities in destination, slightly better error messages 2020-03-13 10:54:42 -07:00
Daniel Lenski
8ca97e5bdb assume server from which we received SAML results is the right one for final GP authentication 
Should fix https://gitlab.com/openconnect/openconnect/issues/97

In particular: https://gitlab.com/openconnect/openconnect/issues/97#note_276932462
 2020-01-25 17:15:01 -08:00
Daniel Lenski
ef2bfa6b56 extensive cleanup, more logging 2020-01-25 16:55:45 -08:00
Daniel Lenski
b1c36bf95e this script should live here 2020-01-25 16:46:12 -08:00
Daniel Lenski
dae4360c38 better SSL error handling (especially, distinguish cert from non-cert errors) 2020-01-24 00:19:05 -08:00
Daniel Lenski
10e4628f35 should use shlex.quote() instead of repr() 2020-01-24 00:17:02 -08:00
Daniel Lenski
2cbd24046b pass along --no-verify flag to WebKit2 GUI (ping #5) 2019-11-25 13:06:25 -08:00
Dan Lenski
37bfe26183
Merge pull request #4 from jasonaowen/install 
Add installation notes
 2019-10-21 09:43:35 -07:00
Daniel Lenski
32265e4504 add requirements.txt 2019-10-18 21:20:02 -07:00
Jason Owen
70f96b0f2d Add installation notes 
Add some instructions on how to install the dependencies needed to use
this tool.
 2019-10-18 17:06:53 -07:00
Daniel Lenski
f923c1247c SAML auth isn't done until we've gotten the username and cookie headers specifically (ping #2) 2019-09-19 14:02:42 -07:00
Daniel Lenski
ff4d825290 add --external and --uri for convenient debugging/futzing purposes 2019-09-17 10:51:50 -07:00
Daniel Lenski
f429acaa10 log other resources loaded when verbosity > 1 (e.g. -vv flag) 2019-09-16 21:23:40 -07:00
Daniel Lenski
d30ca2c960 persist cookies 2019-09-16 19:57:48 -07:00
Daniel Lenski
4e5cd24588 initial commit 2019-09-16 19:57:48 -07:00