4b02c05b54
The scripts seem to be relying on a legacy openssl renegotiation protocol and this allows it to continue. I don't know if this a requirement on the NU side or a feature of these scripts but this works around it in the shorter term.
31 lines
860 B
Bash
Executable File
31 lines
860 B
Bash
Executable File
#!/bin/bash
|
|
|
|
export OPENSSL_CONF="${HOME}/bin/nu-vpn-proxy/openssl.conf"
|
|
# this allows for legacy renegotation which seems to be required now
|
|
SEARCH_PATTERN="ESP tunnel connected; exiting HTTPS mainloop."
|
|
|
|
# connects to SSH through openconnect and VPN
|
|
# for use with ProxyCommand in SSH
|
|
|
|
|
|
# first run openconnect
|
|
/sbin/start-stop-daemon --pidfile /tmp/nu-vpn-openconnect.pid -S --startas "${HOME}/bin/nu-vpn-proxy/openconnect_command-ssh.sh" &
|
|
sleep 2
|
|
|
|
# kill connection on exit
|
|
function cleanup {
|
|
/sbin/start-stop-daemon --stop --pidfile /tmp/nu-vpn-openconnect.pid
|
|
}
|
|
trap cleanup EXIT
|
|
|
|
tail -f /tmp/nu-globalprotect-saml.log | grep -qe "${SEARCH_PATTERN}"
|
|
|
|
if [ $? == 1 ]; then
|
|
echo "Search terminated without finding the pattern"
|
|
exit
|
|
fi
|
|
|
|
# redirect traffic (standard input and output) through VPN
|
|
/bin/nc.openbsd -X 5 -x 127.0.0.1:9052 $1 $2
|
|
|