kris
/
juniper-vpn-py
1
0
Bifurcation 0
Code Tickets 0 Demandes d'ajout 0 Versions 0 Wiki Activité
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
6 Révisions
2 Branches
44 KiB
Aborescence: 9f39124015
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de '9f39124015'
${ noResults }
juniper-vpn-py/README

README 3.1 KiB
Brut Vue normale Historique

initial commit
il y a 9 ans
Adds support for two factor authentication with password composed of fixed prefix and variable postfix
il y a 9 ans
initial commit
il y a 9 ans
Adds support for two factor authentication with password composed of fixed prefix and variable postfix
il y a 9 ans
initial commit
il y a 9 ans
 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 
  1. Juniper VPN Authenticator:

  2. 

  3. This script authenticates with a Juniper VPN server to generate a session

  4. cookie (DSID), and then passes that cookie to a VPN client.

  5. 

  6. Example usage with openconnect:

  7. 

  8. ./juniper-vpn.py --host vpn.example.com --username joeuser --stdin DSID=%DSID% \

  9. 	openconnect --juniper %HOST% --cookie-on-stdin

  10. 

  11. This will connect to vpn.example.com and prompt the user for a authentication

  12. password. Once authenticated, the session cookie will be passed to openconnect

  13. which will connect to the VPN. Note that because the DSID provides full access

  14. to the VPN, it can be easily passed via stdin to avoid having it show up

  15. in the process list.

  16. 

  17. Juniper Networks Host Checker:

  18. 

  19. A python module, tncc.py, is integrated with juniper-vpn.py and provides

  20. support for VPN sites which require a host checker step. It is currently only

  21. tested on a subset of sites and does not yet support sites that require

  22. periodic host checker updates.

  23. 

  24. Command line options:

  25. 

  26. juniper-vpn.py [-h HOST] [-u USERNAME] [-o OATH] [-c CONFIG] [-s STDIN] \

  27. 	<external program> <external program arguments...>

  28. 

  29. -h --host

  30. 	VPN server to access. This option is required.

  31. 

  32. -u --username

  33. 	Username to authenticate with. This option is required.

  34. 

  35. -p --pass_prefix

  36.     Optional, used for passwords composed of fixed prefix and variable postfix.

  37.     This is fixed prefix part.

  38. 

  39. -o --oath

  40. 	OATH key to use for OTP generation if required for authentication.

  41. 	Key should be in hex format.

  42. 

  43. -c --config

  44. 	Config file. Rather than passing arguments on the command line,

  45. 	they can be contained within a config file. Command line arguments

  46. 	override config file options. See sample.cfg for documentation.

  47. 

  48. -s --stdin

  49. 	Provide input to external program. This allows the cookie to be passed

  50. 	on stdin, avoiding having it appear in the process list. The string

  51. 	%DSID% will be replaced with the DSID cookie value. The string %HOST%

  52. 	will be replaced with the server hostname.

  53. 

  54. <external program> <external program arguments...>

  55. 	Runs the external program with the supplied arguments when a cookie

  56. 	is generated. %DSID% in any argument is replaced with the DSID cookie

  57. 	value. %HOST% in any argument is replaced with the server hostname.

  58. 	If the external program returns a positive return code, it is assumed

  59. 	that a fatal error has occurred (such as bad command line arguments)

  60. 	and the script exits. If the external program returns -EPERM, it is

  61. 	assumed that the DSID is no longer valid and a new one is generated.

  62. 	For all other return codes, the external program is simply called again.

  63. 	An external program is required.

  64. 

  65. Running without root or tun access:

  66. 

  67. openconnect provides two options for running without any special permissions.

  68. The first option is to create a tun device in advance and configure permissions

  69. for user access.

  70. 

  71. The second is to redirect the traffic for the tun device to an external program.

  72. This external program can then configure a user-level SOCKS proxy:

  73. 

  74. ./juniper-vpn.py -c example.cfg -s DSID=%DSID% \

  75. 	openconnect --juniper %HOST% --cookie-on-stdin --script-tun \

  76. 	--script "tunsocks -D 1080"

  77. 

  78. Both tunsocks and ocproxy can perform this role:

  79. 

  80. http://github.com/russdill/tunsocks

  81. http://repo.or.cz/w/ocproxy.git

  82.