thank you for your excellent script, which made it super easy to setup ExpressVPN in Qubes.
All traffic from my corporate AppVMs should go through a VPN-Proxy-VM which connects to our Cisco VPN Router (AnyConnect).
Connecting to our corporate VPN router is easy using openconnect (dnf install openconnect).
Can you made a second Qubes-VPN-Support script which will allow users to connect via openvpn (which includes AnyConnect for corporate users)?
My idea was to have one config file (/rw/config/vpn/openconnect.conf) which includes the basic information:
Then it would be sufficiant to run the following command to establish the connection:
cat openconnect.conf | sed -n '3p' | openconnect --protocol=anyconnect --user=`cat openconnect.conf | sed -n '2p'` --disable-ipv6 --no-dtls --passwd-on-stdin --background `cat openconnect.conf | sed -n '1p'`
or for better readability
cat openconnect.conf | sed -n '3p' | openconnect \
--protocol=anyconnect \
--user=`cat openconnect.conf | sed -n '2p'` \
--disable-ipv6 \
--no-dtls\
--passwd-on-stdin
--background
`cat openconnect.conf | sed -n '1p'`
I had to add the following option after getting a fingerprint warning because the VPN router is not using a public certificate:
--servercert pin-sha256:eG..........8=
I tried to look into your script and make it work myself but didn't succeeded.
If you can take the above commands in consideration, I would love seeing a 2nd qubes-vpn-support-script which is able to use openconnect.
Hello tasket,
thank you for your excellent script, which made it super easy to setup ExpressVPN in Qubes. All traffic from my corporate AppVMs should go through a VPN-Proxy-VM which connects to our Cisco VPN Router (AnyConnect). Connecting to our corporate VPN router is easy using openconnect (dnf install openconnect). Can you made a second Qubes-VPN-Support script which will allow users to connect via openvpn (which includes AnyConnect for corporate users)? My idea was to have one config file (/rw/config/vpn/openconnect.conf) which includes the basic information:
Then it would be sufficiant to run the following command to establish the connection:
or for better readability
I had to add the following option after getting a fingerprint warning because the VPN router is not using a public certificate: --servercert pin-sha256:eG..........8=
I tried to look into your script and make it work myself but didn't succeeded. If you can take the above commands in consideration, I would love seeing a 2nd qubes-vpn-support-script which is able to use openconnect.
one7two99