openconnect
rsa_ct_kip
openconnect | rsa_ct_kip | |
---|---|---|
13 | 1 | |
- | 42 | |
- | - | |
- | 3.7 | |
- | 12 days ago | |
Python | ||
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
openconnect
-
Backdoor in upstream xz/liblzma leading to SSH server compromise
A lot of software (including https://gitlab.com/openconnect/openconnect of which I'm a maintainer) uses libxml2, which in turn transitively links to libzma, using it to load and store compressed XML.
I'm not *too* worried about OpenConnect given that we use `libxml2` only to read and parse uncompressed XML…
But I am wondering if there has been any statement from libxml2 devs (they're under the GNOME umbrella) about potential risks to libxml2 and its users.
-
Actual SSH over HTTPS
From the article:
> Ubiquitous presence of HTTPS allows you to pass your data through very restrictive middle boxes!
This is, in fact, why all — or nearly all — proprietary VPN protocols (so-called "SSL VPNs") implement a mode that initiates a tunnel via HTTPS, at least as a fallback if not as the primary mode of operation: precisely in order to have a mode of operation that works with almost any connection to the global Internet.
I'm one of the main developers of https://gitlab.com/openconnect/openconnect, which implements many such protocols, and wrote https://github.com/dlenski/what-vpn, which sniffs or identifies even more flavors of TLS-based VPN servers.
-
OpenConnect stopped working: Unexpected 404 result from server
Found the solution: It's as simple, as changing the user agent with --useragent=AnyConnect. This is ridiculous. https://gitlab.com/openconnect/openconnect/-/issues/544
-
Work from home (WFH) while travelling internationally?
Source: I am one of the lead developers of OpenConnect, a popular open-source client for many corporate VPNs, and have done all of the above.
-
How to vet an untrusted open-source project?
Be careful you're not using an illicit fork. https://gitlab.com/openconnect/openconnect
-
Which SLT package is better if I want the best consistent speed? would they reduce the speed in the unlimited package?
I personally have an openconnect server, and I patched their client to let me specify the SNI, (it's set to the server's hostname by default (https://gitlab.com/openconnect/openconnect/-/blob/master/gnutls.c#L2366), but it's optional in the anyconnect protocol spec)
-
GlobalProtect from PaloAlto: "Cannot connect to local gpd service."
Thank you, trying openconnect for multiple hours, but cannot auth, created issue about that https://gitlab.com/openconnect/openconnect/-/issues/446
-
Overriding a minimum EC2 sizing from a vendor
If this is for anything other than AnyConnect I feel like you're better off with a t4g.nano running OpenVPN. If it's AnyConnect, you can run OpenConnect.
- Linux user has to migrate to Windows or Mac
-
Create second MacOS VM within MacOS install
I had similar issue with Fortinet VPN. Try using something like https://gitlab.com/openconnect/openconnect. Run this from terminal to connect to VPN when needed. If this doesn't work search for global protect open source and there are other options.
rsa_ct_kip
-
Can't connect to Anyconnect vpn server using Openconnect.
Right, none of these are necessary for your use case. Since you have to read the value from the token and input it manually, OpenConnect can't help you automate it in this case. (Although see https://github.com/dlenski/rsa_ct_kip for a tool to convert a phone/app-based RSA token into something that you can automate.)
What are some alternatives?
GlobalProtect-openconnect - A GlobalProtect VPN client for Linux, written in Rust, based on OpenConnect and Tauri, supports SSO with MFA, Yubikey, etc.
totp-cli - A cli-based pass-backed TOTP app.
macos-virtualbox-vm - Instructions and script to help you create a VirtualBox VM running macOS.
privacyIDEA - :closed_lock_with_key: multi factor authentication system (2FA, MFA, OTP Server)
openconnect - OpenConnect client extended to support Palo Alto Networks' GlobalProtect VPN
Ciphey - ⚡ Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes ⚡
gp-saml-gui - Interactively authenticate to GlobalProtect VPNs that require SAML
extract_otp_secrets - Extract one time password (OTP) secrets from QR codes exported by two-factor authentication (2FA) apps such as "Google Authenticator". The exported QR codes from authentication apps can be captured by camera, read from images, or read from text files. The secrets can be exported to JSON or CSV, or printed as QR codes to console.
stencil-golang - Template repository for Golang applications
android-otp-extractor - Extracts OTP tokens from rooted Android devices
ligolo-ng - An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
totp-cli - Authy/Google Authenticator like TOTP CLI tool written in Go.