On Thu, Apr 23, 2020 at 10:29 AM yesi <y...@posteo.net> wrote: > The aim is to use OpenConnect and to disguise the Linux as a Windows Client.
Why? What is the point of disguising this client as another one? Does the VPN actually *prevent* you from connecting unless you spoof another device? Do the administrators yell at you if they see you are using an “unauthorized” client? I don't fully understand why users want to do this. From the point of view of developing OpenConnect and getting it to work with as many VPNs as possible, we want VPN admins to *see* that many of their users are using OpenConnect, and to understand that they need to take it seriously and test that it is supported as a client. Indistinguishably spoofing the official clients doesn't help this. > Si, i apply the patch from Raph with the GIT clone repo (SHA of the last > commit : 52bf0e97c8f6de9e057562a83e645075ffb98c2e) and i changed : > - the conditional option from --os=linux-64 to --os=win > - i gave the parameters handly into env.sh : OC_DEVICE_TYPE, > OC_PLATFORM_VERSION, OC_MAC_ADDRESS > > for the ASA attributs : > Session Attribute endpoint.anyconnect.devicetype > Session Attribute endpoint.anyconnect.platformversion > Session Attribute endpoint.anyconnect.deviceuniqueid > Session Attribute endpoint.anyconnect.macaddress["0"] > Session Attribute endpoint.anyconnect.publicmacaddress > > Here are the options given to the CLI : --os=win --local-hostname > --useragent --version-string > > But i got an error after connecting : > "unknown reason 'attempt-reconnect'. Maybe vpnc-script is out of date" > Then i lost my connection to a local server. > > But, the patch does work fine. > It would be nice to add it. :) I would propose that we add a CLI option, something like `--local-attributes` (to go along with `--local-hostname`): - For AnyConnect, you could set, say "--local-attributes devicetype=FOO,platformversion=BAR,deviceuniqueid=BLAHBLAHBLAH" - For Juniper/Pulse, you could set "--local-attributes deviceid=BLAH" - For GP, you could set "--local-attributes hostid=BLAHBLAHBLAHBLAH" … and we'd parse these into lists, and inject them into whatever bits of protocol-specific junk and Trojans demand them. David, I can code this up if it looks reasonable to you. Dan _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
