===== OpenConnect Debian =====

Examples with openconnect v7.08

==== Normal connection ====

<code>
#!/bin/bash

USERNAME="happyuser"
PASSWORD="H4ppyP4ssw0rd*"
URL="https://happyurl.com:4343"

sudo openconnect --passwd-on-stdin $URL -u $USERNAME <<< $PASSWORD
</code>

==== Invalid certificate ====

<code>
#!/bin/bash

USERNAME="happyuser"
PASSWORD="H4ppyP4ssw0rd*"
URL="https://happyurl.com:4343"
SERVERCERT="sha256:1234567891234567897009feb116dcbe85b394fc0c1385f6ab09e2a123456789"

sudo openconnect --servercert $SERVERCERT --passwd-on-stdin $URL -u $USERNAME <<< $PASSWORD
</code>

To get the servercert parameter execute openconnect without parameter and check the output, find:
<code>
Certificate from VPN server "vpn-ca.cajadeande.fi.cr" failed verification.
Reason: signer not found
To trust this server in future, perhaps add this to your command line:
    --servercert sha256:1234567891234567897009feb116dcbe85b394fc0c1385f6ab09e2a123456789
Enter 'yes' to accept, 'no' to abort; anything else to view: fgets (stdin): Operation now in progress
</code>

==== Use vpnc-script ====
I hate that openconnect change my /etc/resolv.conf file, follow this steps:

<code>
$ sudo cp /usr/share/vpnc-scripts/vpnc-script /etc/vpnc/
$ sudo vim /etc/vpnc/vpnc-script
</code>

Edit the file and comment the lines:

<code>
#	if [ -n "$INTERNAL_IP4_DNS" ]; then
#		$MODIFYRESOLVCONF
#	fi
</code>

Use this script:
<code>
#!/bin/bash

USERNAME="happyuser"
PASSWORD="H4ppyP4ssw0rd*"
URL="https://happyurl.com:4343"
SERVERCERT="sha256:1234567891234567897009feb116dcbe85b394fc0c1385f6ab09e2a123456789"

sudo openconnect --script /etc/vpnc/vpnc-script --servercert $SERVERCERT  --passwd-on-stdin $URL -u $USERNAME <<< $PASSWORD
</code>

==== Disable change of DNS alternative ====
Create a script vpnc-script-no-dns and put it in /etc/vpnc/vpnc-script:

<code>
#!/bin/bash
unset INTERNAL_IP4_DNS
# Replace the path below with the location where the original script is located
exec /usr/share/vpnc-scripts/vpnc-script "$@"
</code>

Change the path of script.

==== References ====
  * https://packages.debian.org/sid/all/vpnc-scripts/filelist
  * http://frodo.looijaard.name/article/openconnect-using-your-own-dns