<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<br /><br />Just wondering if you're still looking for a solution.. you might consider a 3rd party VPN. (And just use their "ucd-guest" unencrypted connection to get to it.) Quite awhile back when I didnt want creepy strangers even seeing the fact that I was connecting to my stockbroker (over public hotspots which was all I had access to) I resorted to a provider stated as trustworthy by a long, longtime radio show. (I'll refrain from naming them in case doing so might result in a demand spike with resulting price increase, as I might one day be able to afford it again.) Something like $5/mo for the most minimal service, SSH tunnelling, which I'd use via<br /><br /> ssh -L 5000:127.0.0.1:1080 <a href="mailto:account@assignedsshserver.io" target="_blank" rel="noopener noreferrer">account@assignedsshserver.io</a><br /><br />or so.. the full-fledged VPN service is a bit more. Hit me up off-list for their url, and if anyone else has thoughts on good services (good call on digitalocean btw-- used by at least a couple podcasts I know of) let me/us know, by all means.<br /><br />--<br /><a href="https://twitter.com/linuxusergroup" target="_blank" rel="noopener noreferrer">https://twitter.com/linuxusergroup</a><br /><br />20. Dec 2016 21:43 by <a href="mailto:mmstigler@ucdavis.edu" target="_blank" rel="noopener noreferrer">mmstigler@ucdavis.edu</a>:<br /><br /><blockquote class="tutanota_quote" style="border-left: 1px solid #93A3B8; padding-left: 10px; margin-left: 5px;"><div><div><div><div><div>Hi <br /><br /></div>Thanks Bill for the explanation! But I am not sure I fully understood your answer: is the issue coming from openconnect, or from how the library guys did setup the certificate? What is weird is that it used to work for a while, and then not anymore. In the latter case, will asking the #openconnect people help resolve the situation?<br /></div><br /></div>Thanks!!<br /><br /></div>Matthieu<br /></div><div class="gmail_extra"><br /><div class="gmail_quote">On Sat, Dec 17, 2016 at 12:27 AM, Bill Broadley <<a rel="noopener noreferrer" target="_blank" href="mailto:bill@broadley.org">bill@broadley.org</a>> wrote:<br /><blockquote class="gmail_quote" style="margin: 0 0 0 0.8ex ; border-left: 1px #ccc solid ; padding-left: 1ex"><br />
> I hit the same error yesterday. Bill said the Library broke it somehow.<br />
> The 'Official' Pulse client is working on Linux. And someone I chatted<br />
> with yesterday had an interested SSH port forwarding method of VPN, if<br />
> you have access to a server on campus.<br />
<br />
The first time I tried it, I stopped by the openconnect irc channel and worked<br />
with (I think) the primary dev. We tracked it down to a SSL problem, which I<br />
could even confirm with a browser.<br />
<br />
I reported that to the library, and they tweaked the SSL cert (it wasn't<br />
properly signed).<br />
<br />
I lobbied for them to support openconnect since it was compatible, a signed<br />
binary, 64 bit, and open source. The pulse client seems like some orphaned<br />
juniper project that some 3rd party is trying to make some money off of. They<br />
haven't even recompiled for 64 bit since. What's worse is that the binary<br />
includes an old SSL library with known exploits, turns out that you need a<br />
fairly new openssl library which actually emulates the broken behavior, but<br />
doesn't allow the exploit.<br />
<br />
Kinda sad that campus is standardizing on an orphaned insecure unsigned binary<br />
for such a critical piece of security infrastructure.<br />
<br />
In any case the #openconnect folks were really helpful, if you want to try to<br />
get it working again I suggest trying there.<br />
<div class="HOEnZb"><div class="h5"><br />
<br />
<br />
_______________________________________________<br />
vox-tech mailing list<br />
<a rel="noopener noreferrer" target="_blank" href="mailto:vox-tech@lists.lugod.org">vox-tech@lists.lugod.org</a><br />
<a rel="noopener noreferrer" target="_blank" href="http://lists.lugod.org/mailman/listinfo/vox-tech">http://lists.lugod.org/mailman/listinfo/vox-tech</a><br />
</div></div></blockquote></div><br /></div></blockquote> </body>
</html>