Please allow for configuring options to be passed to openconnect

Bug #1596022 reported by Moritz
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
network-manager-openconnect (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Similar to #1500826 there is an undocumented (?) "-juniper" option in openconnect which allows for connecting to Pulse Secure VPNs using a newer / modified protocol.

Unfortunately, the current Gnome NM GUI does not seem to support passing this specific or any custom arguments to the openconnect binary (I have not checked whether the CLI NM openconnect bridge / connector / wrapper does).

Please allow for specifying, on the Gnome NM openconnect user interface (as well as in the profiles edited from there), custom command line options to be passed to openconnect.

Workarounds will be appreciated, too.

Thank you!

Moritz (moritz-naumann)
description: updated
Revision history for this message
Mike Miller (mtmiller) wrote :

There won't be a way to specify a custom command-line, but there is work in upstream git on adding Juniper support to the NM interface. So this will be fixed with a future NM release (not sure if it will be part of a 1.2.x or a 1.4.0 release).

Revision history for this message
Mike Miller (mtmiller) wrote :
Revision history for this message
Moritz (moritz-naumann) wrote :

Great, thanks for working on Juniper / Pulse SC support upstream, Mike.

Is there a way I can help testing it (if not, yet, please consider pinging me once you reach this point)? I noticed there is a 'daily' build OpenConnect PPA (though it does not (currently) provide Xenial builds), but none for the NM integration.

Is there a way I could convince you to set one up? (I would be happy to provide a VM for this purpose.) I could also try to do it but I'm not really into packaging.

Revision history for this message
Moritz (moritz-naumann) wrote :

Actualyl that's David Woodhouse working on the protocol support upstream, sorry I got this wrong. Still, I'd be interested in getting daily builds + packages done for both openconnect + the NM integration.

Revision history for this message
Mike Miller (mtmiller) wrote :

I have updated the OpenConnect daily build recipe, thanks for the reminder.

I don't know if there are any testing or staging PPAs for NetworkManager on Ubuntu, and that's not something I'm personally likely to get involved in, but others might.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in network-manager-openconnect (Ubuntu):
status: New → Confirmed
Revision history for this message
Moritz (moritz-naumann) wrote :

~mtmiller: Could it be that the Daily PPA at https://launchpad.net/~openconnect/+archive/ubuntu/daily needs another recipe update? It'd be great to have 2.08 builds (openconnect does not currently work here against Pulse SSL-VPN unless compiled from source with http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/4ce9c9241f5707917e87e93a055f757cea5fb84d ).

Revision history for this message
Mike Miller (mtmiller) wrote :

I think this bug can be closed as fixed now that network-manager-openconnect 1.2.4 is released in the latest development versions of Ubuntu. An option is now provided in the dialog to choose between "Cisco AnyConnect" and "Juniper/Pulse Network Connect" protocols.

Revision history for this message
Mike Miller (mtmiller) wrote :

Moritz - the recipe builds git master, which is 7.08 + 22 commits. It happens to be called 7.07 because I haven't manually updated the control file in a while, but it is actually building git master.

I will update the recipe to tag the version correctly and update the build releases. But the code being built is definitely up to date.

Changed in network-manager-openconnect (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.