Engineering-Tech Wiki

User Tools

Site Tools

You are here: start » auth » howto » linux » vpnclient
Trace:
auth:howto:linux:vpnclient

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
auth:howto:linux:vpnclient [2021/04/29 08:31] – [Instructions for Linux using openconnect Client (recommended)] kohoferauth:howto:linux:vpnclient [2022/05/06 16:22] – [Install openconnect-sso macOS with SAML] kohofer
Line 381: Line 381:
 Per-user configuration is stored in your home directory in a file called .anyconnect Per-user configuration is stored in your home directory in a file called .anyconnect
  
 +====== Install openconnect-sso macOS with SAML ======
 +
 +If you don't want to use Cisco Anyconnect on the Apple Mac, you can install openconnect
 +and openconnect-sso for using SAML!
 +
 +**Requirements**: Python3
 +
 +Install brew
 +  /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
 +
 +Install openconnect and pipx
 +  brew install openconnect pipx
 +  pipx ensurepath
 +
 +Install pipx
 +  pip install --user pipx
 +
 +Install openconnect-sso
 +  pipx install "openconnect-sso[full]"
 +  pipx ensurepath
 +
 +Launch openconnect-sso
 +  /Users/user/.local/bin/openconnect-sso --server vpn.scientificnet.org/saml
 +
 +<code>
 +...
 +...
 +[info     ] Loading page                   [webengine] url=https://vpn.scientificnet.org/+CSCOE+/saml/sp/login?tgname=ScientificNetworkSouthTyrol-SAML&acsamlcap=v2
 +[info     ] Terminate requested.           [webengine] 
 +[info     ] Exiting browser                [webengine] 
 +[info     ] Browser exited                 [openconnect_sso.browser.browser] 
 +[info     ] Response received              [openconnect_sso.authenticator] id=success message=
 +[sudo] password for <local-username>:
 +
 +Connected to 193.106.xxx.xxx:443
 +SSL negotiation with vpn.scientificnet.org
 +Server certificate verify failed: signer not found
 +Connected to HTTPS on vpn.scientificnet.org
 +Got CONNECT response: HTTP/1.1 200 OK
 +CSTP connected. DPD 30, Keepalive 20
 +Connected as 172.xx.xx.xx + 2a02:27e8:10:741:0:dacc:0:2/64, using SSL, with DTLS in progress
 +Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(ECDHE-RSA)-(AES-256-GCM).
 +Error: any valid prefix is expected rather than "dev".
 +
 +</code>
 +
 +A browser-window will ask for your username and password, next it will ask for the PIN which you need
 +to generate with an Authenticator!
 +
 +Last thing to enter is the sudo password to enable the network interface.
  
/data/www/wiki.inf.unibz.it/data/pages/auth/howto/linux/vpnclient.txt · Last modified: 2022/06/20 11:40 by kohofer