====== OpenConnect VPN ====== * http://www.infradead.org/openconnect/index.html * [[linux:network_manager|Linux network-manager]] * OpenSource VPN 클라이언트 * [[https://github.com/openconnect/openconnect-gui|Windows Open Connect Client]] * [[https://wiki.archlinux.org/index.php/OpenConnect|ArchWiki OpenConnect]] * [[network:juniper_network_vpn|Juniper Network VPN]] ''openconnect'' 연결 후 터미널 창을 열고 있어야 한다. ===== 설치 ===== sudo apt-get install openconnect ===== Juniper VPN 연결 명령 생성 ===== * Juniper VPN 인증 웹사이트에 로그인 한 뒤에 아래 Bookmarklet을 실행하여 나온 명령을 명령창에서 실행하면 된다. function readCookie(name) { var nameEQ = name + "="; var ca = document.cookie.split(';'); for(var i=0;i < ca.length;i++) { var c = ca[i]; while (c.charAt(0)==' ') c = c.substring(1,c.length); if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length); } return null; } var dsid = readCookie('DSID'); prompt('OpenConnect VPN connection command', 'sudo openconnect --juniper -C "DSID=' + dsid + '" vpn.example.com') // vpn.example.com 을 VPN 인증 사이트로 지정 * https://mrcoles.com/bookmarklet/ 를 통해 북마클릿으로 변경할 수 있다. javascript:(function()%7Bfunction%20readCookie(name)%20%7Bvar%20nameEQ%20%3D%20name%20%2B%20%22%3D%22%3Bvar%20ca%20%3D%20document.cookie.split('%3B')%3Bfor(var%20i%3D0%3Bi%20%3C%20ca.length%3Bi%2B%2B)%20%7Bvar%20c%20%3D%20ca%5Bi%5D%3Bwhile%20(c.charAt(0)%3D%3D'%20')%20c%20%3D%20c.substring(1%2Cc.length)%3Bif%20(c.indexOf(nameEQ)%20%3D%3D%200)%20return%20c.substring(nameEQ.length%2Cc.length)%3B%7Dreturn%20null%3B%7Dvar%20dsid%20%20%3D%20readCookie('DSID')%3Bprompt('OpenConnect%20VPN%20connection%20command'%2C%20'sudo%20openconnect%20--juniper%20-C%20%22DSID%3D'%20%2B%20dsid%20%2B%20'%22%20vpn.example.comt')%7D)() ===== CISCO AnyConnect ===== * [[http://www.infradead.org/openconnect/anyconnect.html|OpenConnect CISCO AnyConnect]] * CISCO Any Connect는 매우 간단하다. sudo openconnect 인증서버도메인 # GROUP, USERNAME, PASSWORD를 입력하면 끝. * [[https://stackoverflow.com/questions/37348125/cisco-vpn-client-on-ubuntu-16-04-lts|Cisco VPN client on Ubuntu 16.04 LTS - Stack Overflow]] 에 따르면 Network Manager GUI로도 가능하다. sudo apt-get install network-manager-vpnc network-manager-vpnc-gnome \ network-manager-openconnect network-manager-openconnect-gnome * **네트워크 설정**에서 **Cisco AnyConnect 호환 VPN(openconnect)** 추가 * 게이트웨이 : VPN 서버 주소 * VPN Protocol : Cisco AnyConnect ===== Global Protect ===== * ''%%--protocol=gp%%'' * https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/-/merge_requests/6 * [[https://github.com/yuezk/GlobalProtect-openconnect|GlobalProtect-openconnect]] : 별도 GUI 애플리케이션 ===== vpn-slice ===== * 그냥 [[linux:network_manager|Linux network-manager]]의 Routing 설정을 사용하면 된다. 이거 필요없음. * [[https://github.com/dlenski/vpn-slice|vpn-slice]] - ''vpn-script''를 대체해 동적 라우팅 지원 [[https://en.wikipedia.org/wiki/Split_tunneling|Split Tunnuling]] * [[https://gist.github.com/stefancocora/686bbce938f27ef72649a181e7bd0158|Split tunneling with openconnect - A guide on how to use openconnect to establish a vpn connection to an enterprise cisco anyconnect vpn endpoint with client side routing.]] ===== VirtualMachine 기반 proxy를 통한 Routing ===== * https://github.com/hsw0/vpnvm-openconnect * 사용할 필요없은. OpenConnect 는 그 자체가 라우팅을 지원함. * [[linux:network_manager|Linux network-manager]] 참조