===== OpenConnect Debian =====
Examples with openconnect v7.08
==== Normal connection ====
#!/bin/bash
USERNAME="happyuser"
PASSWORD="H4ppyP4ssw0rd*"
URL="https://happyurl.com:4343"
sudo openconnect --passwd-on-stdin $URL -u $USERNAME <<< $PASSWORD
==== Invalid certificate ====
#!/bin/bash
USERNAME="happyuser"
PASSWORD="H4ppyP4ssw0rd*"
URL="https://happyurl.com:4343"
SERVERCERT="sha256:1234567891234567897009feb116dcbe85b394fc0c1385f6ab09e2a123456789"
sudo openconnect --servercert $SERVERCERT --passwd-on-stdin $URL -u $USERNAME <<< $PASSWORD
To get the servercert parameter execute openconnect without parameter and check the output, find:
Certificate from VPN server "vpn-ca.cajadeande.fi.cr" failed verification.
Reason: signer not found
To trust this server in future, perhaps add this to your command line:
--servercert sha256:1234567891234567897009feb116dcbe85b394fc0c1385f6ab09e2a123456789
Enter 'yes' to accept, 'no' to abort; anything else to view: fgets (stdin): Operation now in progress
==== Use vpnc-script ====
I hate that openconnect change my /etc/resolv.conf file, follow this steps:
$ sudo cp /usr/share/vpnc-scripts/vpnc-script /etc/vpnc/
$ sudo vim /etc/vpnc/vpnc-script
Edit the file and comment the lines:
# if [ -n "$INTERNAL_IP4_DNS" ]; then
# $MODIFYRESOLVCONF
# fi
Use this script:
#!/bin/bash
USERNAME="happyuser"
PASSWORD="H4ppyP4ssw0rd*"
URL="https://happyurl.com:4343"
SERVERCERT="sha256:1234567891234567897009feb116dcbe85b394fc0c1385f6ab09e2a123456789"
sudo openconnect --script /etc/vpnc/vpnc-script --servercert $SERVERCERT --passwd-on-stdin $URL -u $USERNAME <<< $PASSWORD
==== Disable change of DNS alternative ====
Create a script vpnc-script-no-dns and put it in /etc/vpnc/vpnc-script:
#!/bin/bash
unset INTERNAL_IP4_DNS
# Replace the path below with the location where the original script is located
exec /usr/share/vpnc-scripts/vpnc-script "$@"
Change the path of script.
==== References ====
* https://packages.debian.org/sid/all/vpnc-scripts/filelist
* http://frodo.looijaard.name/article/openconnect-using-your-own-dns