====== OpenConnect VPN ======
* http://www.infradead.org/openconnect/index.html
* [[linux:network_manager|Linux network-manager]]
* OpenSource VPN 클라이언트
* [[https://github.com/openconnect/openconnect-gui|Windows Open Connect Client]]
* [[https://wiki.archlinux.org/index.php/OpenConnect|ArchWiki OpenConnect]]
* [[network:juniper_network_vpn|Juniper Network VPN]]
''openconnect'' 연결 후 터미널 창을 열고 있어야 한다.
===== 설치 =====
sudo apt-get install openconnect
===== Juniper VPN 연결 명령 생성 =====
* Juniper VPN 인증 웹사이트에 로그인 한 뒤에 아래 Bookmarklet을 실행하여 나온 명령을 명령창에서 실행하면 된다.
function readCookie(name) {
var nameEQ = name + "=";
var ca = document.cookie.split(';');
for(var i=0;i < ca.length;i++) {
var c = ca[i];
while (c.charAt(0)==' ') c = c.substring(1,c.length);
if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
}
return null;
}
var dsid = readCookie('DSID');
prompt('OpenConnect VPN connection command', 'sudo openconnect --juniper -C "DSID=' + dsid + '" vpn.example.com')
// vpn.example.com 을 VPN 인증 사이트로 지정
* https://mrcoles.com/bookmarklet/ 를 통해 북마클릿으로 변경할 수 있다.
javascript:(function()%7Bfunction%20readCookie(name)%20%7Bvar%20nameEQ%20%3D%20name%20%2B%20%22%3D%22%3Bvar%20ca%20%3D%20document.cookie.split('%3B')%3Bfor(var%20i%3D0%3Bi%20%3C%20ca.length%3Bi%2B%2B)%20%7Bvar%20c%20%3D%20ca%5Bi%5D%3Bwhile%20(c.charAt(0)%3D%3D'%20')%20c%20%3D%20c.substring(1%2Cc.length)%3Bif%20(c.indexOf(nameEQ)%20%3D%3D%200)%20return%20c.substring(nameEQ.length%2Cc.length)%3B%7Dreturn%20null%3B%7Dvar%20dsid%20%20%3D%20readCookie('DSID')%3Bprompt('OpenConnect%20VPN%20connection%20command'%2C%20'sudo%20openconnect%20--juniper%20-C%20%22DSID%3D'%20%2B%20dsid%20%2B%20'%22%20vpn.example.comt')%7D)()
===== CISCO AnyConnect =====
* [[http://www.infradead.org/openconnect/anyconnect.html|OpenConnect CISCO AnyConnect]]
* CISCO Any Connect는 매우 간단하다.
sudo openconnect 인증서버도메인
# GROUP, USERNAME, PASSWORD를 입력하면 끝.
* [[https://stackoverflow.com/questions/37348125/cisco-vpn-client-on-ubuntu-16-04-lts|Cisco VPN client on Ubuntu 16.04 LTS - Stack Overflow]] 에 따르면 Network Manager GUI로도 가능하다.
sudo apt-get install network-manager-vpnc network-manager-vpnc-gnome \
network-manager-openconnect network-manager-openconnect-gnome
* **네트워크 설정**에서 **Cisco AnyConnect 호환 VPN(openconnect)** 추가
* 게이트웨이 : VPN 서버 주소
* VPN Protocol : Cisco AnyConnect
===== Global Protect =====
* ''%%--protocol=gp%%''
* https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/-/merge_requests/6
* [[https://github.com/yuezk/GlobalProtect-openconnect|GlobalProtect-openconnect]] : 별도 GUI 애플리케이션
===== vpn-slice =====
* 그냥 [[linux:network_manager|Linux network-manager]]의 Routing 설정을 사용하면 된다. 이거 필요없음.
* [[https://github.com/dlenski/vpn-slice|vpn-slice]] - ''vpn-script''를 대체해 동적 라우팅 지원 [[https://en.wikipedia.org/wiki/Split_tunneling|Split Tunnuling]]
* [[https://gist.github.com/stefancocora/686bbce938f27ef72649a181e7bd0158|Split tunneling with openconnect - A guide on how to use openconnect to establish a vpn connection to an enterprise cisco anyconnect vpn endpoint with client side routing.]]
===== VirtualMachine 기반 proxy를 통한 Routing =====
* https://github.com/hsw0/vpnvm-openconnect
* 사용할 필요없은. OpenConnect 는 그 자체가 라우팅을 지원함.
* [[linux:network_manager|Linux network-manager]] 참조