OpenConnect Debian
Examples with openconnect v7.08
Normal connection
#!/bin/bash USERNAME="happyuser" PASSWORD="H4ppyP4ssw0rd*" URL="https://happyurl.com:4343" sudo openconnect --passwd-on-stdin $URL -u $USERNAME <<< $PASSWORD
Invalid certificate
#!/bin/bash USERNAME="happyuser" PASSWORD="H4ppyP4ssw0rd*" URL="https://happyurl.com:4343" SERVERCERT="sha256:1234567891234567897009feb116dcbe85b394fc0c1385f6ab09e2a123456789" sudo openconnect --servercert $SERVERCERT --passwd-on-stdin $URL -u $USERNAME <<< $PASSWORD
To get the servercert parameter execute openconnect without parameter and check the output, find:
Certificate from VPN server "vpn-ca.cajadeande.fi.cr" failed verification.
Reason: signer not found
To trust this server in future, perhaps add this to your command line:
--servercert sha256:1234567891234567897009feb116dcbe85b394fc0c1385f6ab09e2a123456789
Enter 'yes' to accept, 'no' to abort; anything else to view: fgets (stdin): Operation now in progress
Use vpnc-script
I hate that openconnect change my /etc/resolv.conf file, follow this steps:
$ sudo cp /usr/share/vpnc-scripts/vpnc-script /etc/vpnc/ $ sudo vim /etc/vpnc/vpnc-script
Edit the file and comment the lines:
# if [ -n "$INTERNAL_IP4_DNS" ]; then # $MODIFYRESOLVCONF # fi
Use this script:
#!/bin/bash USERNAME="happyuser" PASSWORD="H4ppyP4ssw0rd*" URL="https://happyurl.com:4343" SERVERCERT="sha256:1234567891234567897009feb116dcbe85b394fc0c1385f6ab09e2a123456789" sudo openconnect --script /etc/vpnc/vpnc-script --servercert $SERVERCERT --passwd-on-stdin $URL -u $USERNAME <<< $PASSWORD
Disable change of DNS alternative
Create a script vpnc-script-no-dns and put it in /etc/vpnc/vpnc-script:
#!/bin/bash unset INTERNAL_IP4_DNS # Replace the path below with the location where the original script is located exec /usr/share/vpnc-scripts/vpnc-script "$@"
Change the path of script.