dlenski
commented
2 years ago We could do that, but with some VPNs there seems to be a logic to how the gateways are sorted (e.g. closest/best first). Does your VPN have an enormous number of gateways?
Closed UlrichEckhardt closed 2 years ago
dlenski
commented
2 years ago We could do that, but with some VPNs there seems to be a logic to how the gateways are sorted (e.g. closest/best first). Does your VPN have an enormous number of gateways?
UlrichEckhardt
commented
2 years ago The company I work for has 67 gateways. The sorting is utterly useless: I'm in northern Germany, it just gave me the following top five:
The output differs though, just retrying will often give you a different order.
BTW:
--gateway flag to select a gateway, just to make things easier to use. Currently, I cut'n'paste the output into the terminal, editing the gateway to use.test-globalprotect-login.py, which gives me a second test-globalprotect-login.py invocation in its output. That one then gives me the final openconnect invocation. Do you see any way to simplify that?dlenski
commented
2 years ago Maybe you have an idea concerning the actual issue: First call does the user interaction. Then, I run
test-globalprotect-login.py, which gives me a secondtest-globalprotect-login.pyinvocation in its output. That one then gives me the finalopenconnectinvocation. Do you see any way to simplify that?
test-globalprotect-login.py isn't meant to be used to connect to real VPNs.
It's just a tool for me and other developers to quickly figure out how the authentication process works in Python, so that we can then code the findings into OpenConnect itself, or other tools.
With recent versions of OpenConnect (e.g. v8.20), you should be able to simply do openconnect --authgroup "GatewayName" --protocol=gp vpn.portal.com, and it should handle all of the authentication and connection flow from portal onward, handling everything that test-globalprotect-login.py does.
Does it work for you? If you have a non-SAML authentication scenario which isn't supported by OpenConnect v8.20 on its own, please report it at https://gitlab.com/openconnect/openconnect/issues/new.
UlrichEckhardt
commented
2 years ago I have 8.10 here at the moment. I'll download 8.20 and try that one. I know that at some point, the VPN was adjusted by the company in some way so that it ceased to work for Linux users (it's a very Windows-centric company) and using the test-globalprotect-login.py script is more a hack just to get it to work. A proper solution would be welcome though.
All this isn't really helped by the fact that I don't have much of a clue what's going on there. ;)
UlrichEckhardt
commented
2 years ago Dan, sorry for the silence, too much work and end of the contract make it impossible for me to test this. I think we can just close this...
dlenski
commented
2 years ago Thanks for checking back in @UlrichEckhardt. If you ever start using this VPN again, happy to work on improving the gateway selection process. (I've never seen a VPN with 67 gateways :scream:)
https://github.com/dlenski/gp-saml-gui/blob/451cdf83c85a3ca7e493b5ac193c7a76948e1494/test-globalprotect-login.py#L143
Can you wrap this assignment like
gateways = sorted(...)? That would make the output so much easier to read!