-------- Forwarded Message -------- From: Riku Meskanen <riku.h.meska...@jyu.fi> To: Dan Williams <d...@redhat.com>, David Zeuthen <dav...@redhat.com>, David Woodhouse <dw...@infradead.org> Subject: RFP: NetworkManager-openconnect - A Feature Request setting group in vpn config Date: Sun, 20 Dec 2015 22:48:51 +0200
Hello, [ Let me first apologise contacting you directly as your contacts are in AUTHORS file of the NetworkManager-openconnect-1.0.8 package. And I did not find a more appropriate place where to post this question and request. Let me know if there is an address for this kind of message for this piece of software, please. ] OK, there’s a very useful feature in Cisco Anyconnect client I'm wishing would be a very useful feature to add in NetworkManager -openconnect too. The feature in question is being able to specify the vpn group in connection config instead using drop-down list while in login window. It may not be first hand obvious why, sure, but let me explain bit more. It is possible to have some groups that are not published (visible in dropdown) and are still perfectly work with Anyconnect Client. The trick is to simply appending group name to the vpn server URL ie. https://vpn-server/group-name :) The openconnect CLI does have a bit different syntax, it uses -g switch but it works also as advertised which is great. But a bit more about the feature. That is a very useful feature indeed. It let’s us share one/single/same vpn-service with users that are given right to access public groups, but also lets us have also non public vpn groups for more limited use. Cisco’s documentation and examples about the matter are bit candid about the matter, but following config snippet may explain it better. ... tunnel-group student webvpn-attributes group-alias student enable group-url https://vpn.domain.org/student enable ... And the Cisco’s documentation about those directives. http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/v pn/asa_91_vpn_config/vpn_groups.html#pgfId-1042120 It’s the "group-alias student enable” above which publishes the group so that it appears on dropdown list to choose from, but incase we don’t want to publish for example sysadmin group then we drop that group -alias line ... ... tunnel-group sysadmin webvpn-attributes group-url https://vpn.domain.org/sysadmin enable ... That will let sysadmins log in knowing that they connect https://vpn.domain.org/sysadmin using Anyconnect or they can of course instead use openconnect using command line or some tiny script like below #!/bin/sh # # URL=https://vpn.domain.org/ GROUP=vpn-group-here USER=login-name PASSWD='password' echo "$PASSWD" | sudo openconnect -s /etc/vpnc/vpnc-script \ -g $GROUP -u $USER --passwd-on-stdin $URL # eof So the group select feature is there already in CLI version, but in GUI there is no way setting that group. Thus my humble request is. Would it be possible to add that feature in upcoming versions ? It would have been great if I had been able to provide you patches, but the fact is that I haven’t my self developed GUI code to Gnome or any of these new desktops and I’m far too busy with networking and other tasks that I would have time to delve in this kind of venture in foreseeable future. Cheers, :-) riku -- Riku Meskanen University of Jyväskylä IT Services email: riku.meska...@jyu.fi _______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list