Re: Cisco AnyConnect Secure Mobility Client Alternatives with MFA?
On 2021-01-31, Predrag Punosevac wrote: >> On Sun, 2021-01-31 at 21:41 +0300, somebody from mother Russia wrote: >> > Hello, >> > Our employer decided that AnyConnect Secure Mobility Client with >> > multifactor Azure authentication is the only secure option to connect >> > to >> > work. No alternatives, no discussions. >> > There are packages for Windows and Linux only. >> > Did anybody succeed in running vpn clients compatible with all that >> > funny stuff? >> > >> >> Hi, >> >> have you tried your luck with Openconnect? It's in packages. I've had >> luck with that at least on Linux side on my work laptop. If openconnect doesn't work directly with Azure MFA there's a fair chance someone else has done it, so worth searching around for clues. > I have been using Openconnect for a while and with exception of the 6.8 > release cycle it worked perfectly. At the beggining of the 6.8 release > cycle OpenBSD package was "broken". I am not sure if it was OpenBSD SSL > stack or the server side (Cisco black box) but I just tried again today > and there was no error. openconnect uses gnutls not libressl so I would guess at more likely an issue on the server side.
Re: Cisco AnyConnect Secure Mobility Client Alternatives with MFA?
> On Sun, 2021-01-31 at 21:41 +0300, somebody from mother Russia wrote: > > Hello, > > Our employer decided that AnyConnect Secure Mobility Client with > > multifactor Azure authentication is the only secure option to connect > > to > > work. No alternatives, no discussions. > > There are packages for Windows and Linux only. > > Did anybody succeed in running vpn clients compatible with all that > > funny stuff? > > > > Hi, > > have you tried your luck with Openconnect? It's in packages. I've had > luck with that at least on Linux side on my work laptop. I have been using Openconnect for a while and with exception of the 6.8 release cycle it worked perfectly. At the beggining of the 6.8 release cycle OpenBSD package was "broken". I am not sure if it was OpenBSD SSL stack or the server side (Cisco black box) but I just tried again today and there was no error. oko# openconnect https://nrec.vpn.cmu.edu POST https://nrec.vpn.cmu.edu/ Connected to 128.2.5.164:443 SSL negotiation with nrec.vpn.cmu.edu Connected to HTTPS on nrec.vpn.cmu.edu with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-256-GCM) oko# uname -a OpenBSD oko.int.bagdala2.net 6.8 GENERIC.MP#4 amd64 oko# syspatch -l 001_bgpd 002_icmp6 003_tmux 004_wg 005_unwind 006_rpki 007_xmaplen 008_asn1 009_exit 010_smtpd 011_nd6 012_carp > > -- > Kind regards, > Ville
Re: Cisco AnyConnect Secure Mobility Client Alternatives with MFA?
On Sun, 2021-01-31 at 21:41 +0300, Родин Максим wrote: > Hello, > Our employer decided that AnyConnect Secure Mobility Client with > multifactor Azure authentication is the only secure option to connect > to > work. No alternatives, no discussions. > There are packages for Windows and Linux only. > Did anybody succeed in running vpn clients compatible with all that > funny stuff? > Hi, have you tried your luck with Openconnect? It's in packages. I've had luck with that at least on Linux side on my work laptop. -- Kind regards, Ville
Cisco AnyConnect Secure Mobility Client Alternatives with MFA?
Hello, Our employer decided that AnyConnect Secure Mobility Client with multifactor Azure authentication is the only secure option to connect to work. No alternatives, no discussions. There are packages for Windows and Linux only. Did anybody succeed in running vpn clients compatible with all that funny stuff? -- Best regards Maksim Rodin