Pulse Secure Connect VPN client (aka Ivanti Secure Access Client)

[raj-magesh]

Project description

A commercial VPN client.

Metadata

• homepage URL: https://www.pulsesecure.net/
• source URL: https://aur.archlinux.org/packages/pulse-secure (wraps this https://webdev.web3.technion.ac.il/docs/cis/public/ssl-vpn/v.22.2R1.0/ps-pulse-linux-22.2r1.0-b1295-64bit-installer.rpm)
• license: custom (proprietary)
• platforms: Linux

[MMachado05]

I second this! I need it to access lab computers in my university, so without it NixOS would be a bit too difficult to use, unfortunately.

[raj-magesh]

You could try using this little Python package I wrote: https://codeberg.org/raj-magesh/pulse-cookie

It worked a few months ago but I realized I could SSH into my lab machines by ProxyJumping from our supercomputing cluster (Rockfish). If you're at Hopkins, let me know and I can describe an easier way without using the VPN.

[nixos-discourse]

This issue has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/build-package-module-for-closed-source-binary-package-pulse-secure-vpn/29628/23

[dmadisetti]

@raj-magesh it would have been nice if you packaged it for nix too, but thanks. Does this still work?

Edit: Actually nvm. I didn't realize rockfish had access to the internal network (is this a misconfiguration I wonder?), proxy jumping makes this much nicer. Thanks for the suggestion

[erahhal]

I put this together:

https://github.com/erahhal/openconnect-pulse-launcher/

[raj-magesh]

@dmadisetti

is this a misconfiguration I wonder?

Shhh, I really don't want them to patch it if it is (:D) It's so convenient to just ProxyJump in.

I'm not a Nix expert but someone suggested this on a Discourse thread and I see it in my dotfiles (though I haven't used it in a long while), so:

``` { pkgs, lib, ... }: let pulse-cookie = pkgs.python3.pkgs.buildPythonApplication rec { pname = "pulse-cookie"; version = "1.0"; src = pkgs.fetchPypi { inherit pname version; sha256 = "sha256-ZURSXfChq2k8ktKO6nc6AuVaAMS3eOcFkiKahpq4ebU="; }; propagatedBuildInputs = [ pkgs.python3.pkgs.pyqt6 pkgs.python3.pkgs.pyqt6-webengine pkgs.python3.pkgs.setuptools pkgs.python3.pkgs.setuptools_scm ]; preBuild = '' cat > setup.py << EOF from setuptools import setup # with open('requirements.txt') as f: # install_requires = f.read().splitlines() setup( name='pulse-cookie', packages=['pulse_cookie'], package_dir={"": 'src'}, version='1.0', author='Raj Magesh Gauthaman', description='wrapper around openconnect allowing user to log in through a webkit window for mfa', install_requires=[ 'PyQt6-WebEngine', ], entry_points={ 'console_scripts': ['get-pulse-cookie=pulse_cookie._cli:main'] }, ) EOF ''; meta = with lib; { homepage = "https://pypi.org/project/pulse-cookie/"; description = "wrapper around openconnect allowing user to log in through a webkit window for mfa"; license = licenses.gpl3; }; }; start-pulse-vpn = pkgs.writeShellScriptBin "start-pulse-vpn" '' HOST=https://vpn.jh.edu/Linux DSID=$(${pulse-cookie}/bin/get-pulse-cookie -n DSID $HOST) sudo ${pkgs.openconnect}/bin/openconnect --protocol nc -C DSID=$DSID $HOST ''; in { environment.systemPackages = with pkgs; [ openconnect start-pulse-vpn qt6.qtwebengine qt6.qtwayland ]; } ```