[vox-tech] UC Davis VPN using openconnect

T. Mark techmark at tutanota.de
Sun Jan 1 16:20:12 PST 2017


Sad, and typical!  I've moaned on pretty much at length here on the list about UCD's pro-monopoly computing-- indeed ridiculous that there has never been conscientious folk in the CS Dept to enough of a degree to get some FOSS support/adoption going on.  I mean, not even support for wireless printing from a Mac in the library??  You'd think they could wrangle someone who knows BSD (that's what I coded C on when attending there eons ago.)  Inept, yet tuition (& especially housing costs) continue up thru the stratosphere.  (Oh wait-- this is a Linux list.  Bon voyage to Linux Luddites Podcast btw..  I've recently spent more time, anyways, listening to BSDnow which is top-notch, so plenty else to do.)

Best wishes to all..

--
https://twitter.com/linuxusergroup


17. Dec 2016 07:27 by bill at broadley.org:


>> I hit the same error yesterday. Bill said the Library broke it somehow.
>> The 'Official' Pulse client is working on Linux. And someone I chatted
>> with yesterday had an interested SSH port forwarding method of VPN, if
>> you have access to a server on campus.
>
> The first time I tried it, I stopped by the openconnect irc channel and worked
> with (I think) the primary dev.  We tracked it down to a SSL problem, which I
> could even confirm with a browser.
>
> I reported that to the library, and they tweaked the SSL cert (it wasn't
> properly signed).
>
> I lobbied for them to support openconnect since it was compatible, a signed
> binary, 64 bit, and open source.  The pulse client seems like some orphaned
> juniper project that some 3rd party is trying to make some money off of.  They
> haven't even recompiled for 64 bit since.  What's worse is that the binary
> includes an old SSL library with known exploits, turns out that you need a
> fairly new openssl library which actually emulates the broken behavior, but
> doesn't allow the exploit.
>
> Kinda sad that campus is standardizing on an orphaned insecure unsigned binary
> for such a critical piece of security infrastructure.
>
> In any case the #openconnect folks were really helpful, if you want to try to
> get it working again I suggest trying there.
>
>
>
> _______________________________________________
> vox-tech mailing list
> vox-tech at lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lugod.org/pipermail/vox-tech/attachments/20170102/ae2d95aa/attachment.html>


More information about the vox-tech mailing list