Le Mon, Feb 10, 2025 at 09:09:17AM +0200, Divan Santana a écrit :
> Hi Denis,
>
> Denis Fondras <de...@openbsd.org> writes:
>
> > A CLI GlobalProtect VPN client, written in Rust, based on OpenConnect
> > and Tauri, supports SSO with MFA, Yubikey, and client certificate
> > authentication, etc.
> >
> > https://github.com/yuezk/GlobalProtect-openconnect/
> >
> > I disabled the GUI build because it requires nodejs.
>
> This is great - thanks for this. I hope it's in ports for the upcoming
> openbsd release.
>
> I'm compiled this and got it to auth successfully via the browser, but
> after auth completes in the browser chrome prompts to open the vpn
> client and that's as far as it goes.
>
> It doesn't return the cookie on the command line or launch openconnect
> for me.
>
> Perhaps I'm using it wrong.
>
> I'm trying:
>
> gpauth gp.example.com --browser default 2>/dev/null | doas gpclient connect
> gp.example.com --cookie-on-stdin
I don't use Chrome but Firefox. I could not make it pass the cookie to the
gpclient with an handler (even when disabling unveil/pledge). Instead I am
using :
`gpauth vpn.example.com --browser firefox 2>/dev/null | doas gpclient connect
vpn.example.com --cookie-on-stdin`
Once authenticated, I copy the globalprotectcallback:[...] link and do ```echo
-n
"globalprotectcallback:[...]" | nc -w1 127.0.0.1 `cat /tmp/gpcallback.port````
(acually, I have a bash function for this :
globalprotect ()
{
echo -n "$1" | nc -w1 127.0.0.1 `cat /tmp/gpcallback.port`
}
)
This is not ideal but at least it works.
Denis
