<div dir="ltr"><div><br></div>Sorry for the late reply. It's a shame that using it on openconnect doesn't work, but I was able to get the Pulse client working. My problem is that I'm using Arch Linux but was unable to get it working even after I converted the .deb file. But finally tweaked the script and it seems to be working now...<div><br></div><div>Thank you for the help and insight! Hopefully, openconnect will work on it at some point... seems a bit sad that we have to use something inferior, especially in the security department, which Linux (with my very limited knowledge of it) is supposed to be stellar at.</div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, Jan 17, 2017 at 8:17 PM T. Mark <<a href="mailto:techmark@tutanota.de">techmark@tutanota.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="gmail_msg">
<br class="gmail_msg"><br class="gmail_msg">Just wondering if you're still looking for a solution.. you might consider a 3rd party VPN. (And just use their "ucd-guest" unencrypted connection to get to it.) Quite awhile back when I didnt want creepy strangers even seeing the fact that I was connecting to my stockbroker (over public hotspots which was all I had access to) I resorted to a provider stated as trustworthy by a long, longtime radio show. (I'll refrain from naming them in case doing so might result in a demand spike with resulting price increase, as I might one day be able to afford it again.) Something like $5/mo for the most minimal service, SSH tunnelling, which I'd use via<br class="gmail_msg"><br class="gmail_msg"> ssh -L 5000:<a href="http://127.0.0.1:1080" class="gmail_msg" target="_blank">127.0.0.1:1080</a> <a href="mailto:account@assignedsshserver.io" rel="noopener noreferrer" class="gmail_msg" target="_blank">account@assignedsshserver.io</a><br class="gmail_msg"><br class="gmail_msg">or so.. the full-fledged VPN service is a bit more. Hit me up off-list for their url, and if anyone else has thoughts on good services (good call on digitalocean btw-- used by at least a couple podcasts I know of) let me/us know, by all means.<br class="gmail_msg"><br class="gmail_msg">--<br class="gmail_msg"><a href="https://twitter.com/linuxusergroup" rel="noopener noreferrer" class="gmail_msg" target="_blank">https://twitter.com/linuxusergroup</a><br class="gmail_msg"><br class="gmail_msg">20. Dec 2016 21:43 by <a href="mailto:mmstigler@ucdavis.edu" rel="noopener noreferrer" class="gmail_msg" target="_blank">mmstigler@ucdavis.edu</a>:</div><div class="gmail_msg"><br class="gmail_msg"><br class="gmail_msg"><blockquote class="m_-7352092110323337758tutanota_quote gmail_msg" style="border-left:1px solid #93a3b8;padding-left:10px;margin-left:5px"><div class="gmail_msg"><div class="gmail_msg"><div class="gmail_msg"><div class="gmail_msg"><div class="gmail_msg">Hi <br class="gmail_msg"><br class="gmail_msg"></div>Thanks Bill for the explanation! But I am not sure I fully understood your answer: is the issue coming from openconnect, or from how the library guys did setup the certificate? What is weird is that it used to work for a while, and then not anymore. In the latter case, will asking the #openconnect people help resolve the situation?<br class="gmail_msg"></div><br class="gmail_msg"></div>Thanks!!<br class="gmail_msg"><br class="gmail_msg"></div>Matthieu<br class="gmail_msg"></div><div class="gmail_extra gmail_msg"><br class="gmail_msg"><div class="gmail_quote gmail_msg">On Sat, Dec 17, 2016 at 12:27 AM, Bill Broadley <<a rel="noopener noreferrer" href="mailto:bill@broadley.org" class="gmail_msg" target="_blank">bill@broadley.org</a>> wrote:<br class="gmail_msg"><blockquote class="gmail_quote gmail_msg" style="margin:0 0 0 0.8ex;border-left:1px #ccc solid;padding-left:1ex"><br class="gmail_msg">
> I hit the same error yesterday. Bill said the Library broke it somehow.<br class="gmail_msg">
> The 'Official' Pulse client is working on Linux. And someone I chatted<br class="gmail_msg">
> with yesterday had an interested SSH port forwarding method of VPN, if<br class="gmail_msg">
> you have access to a server on campus.<br class="gmail_msg">
<br class="gmail_msg">
The first time I tried it, I stopped by the openconnect irc channel and worked<br class="gmail_msg">
with (I think) the primary dev. We tracked it down to a SSL problem, which I<br class="gmail_msg">
could even confirm with a browser.<br class="gmail_msg">
<br class="gmail_msg">
I reported that to the library, and they tweaked the SSL cert (it wasn't<br class="gmail_msg">
properly signed).<br class="gmail_msg">
<br class="gmail_msg">
I lobbied for them to support openconnect since it was compatible, a signed<br class="gmail_msg">
binary, 64 bit, and open source. The pulse client seems like some orphaned<br class="gmail_msg">
juniper project that some 3rd party is trying to make some money off of. They<br class="gmail_msg">
haven't even recompiled for 64 bit since. What's worse is that the binary<br class="gmail_msg">
includes an old SSL library with known exploits, turns out that you need a<br class="gmail_msg">
fairly new openssl library which actually emulates the broken behavior, but<br class="gmail_msg">
doesn't allow the exploit.<br class="gmail_msg">
<br class="gmail_msg">
Kinda sad that campus is standardizing on an orphaned insecure unsigned binary<br class="gmail_msg">
for such a critical piece of security infrastructure.<br class="gmail_msg">
<br class="gmail_msg">
In any case the #openconnect folks were really helpful, if you want to try to<br class="gmail_msg">
get it working again I suggest trying there.<br class="gmail_msg">
<div class="m_-7352092110323337758HOEnZb gmail_msg"><div class="m_-7352092110323337758h5 gmail_msg"><br class="gmail_msg">
<br class="gmail_msg">
<br class="gmail_msg">
_______________________________________________<br class="gmail_msg">
vox-tech mailing list<br class="gmail_msg">
<a rel="noopener noreferrer" href="mailto:vox-tech@lists.lugod.org" class="gmail_msg" target="_blank">vox-tech@lists.lugod.org</a><br class="gmail_msg">
<a rel="noopener noreferrer" href="http://lists.lugod.org/mailman/listinfo/vox-tech" class="gmail_msg" target="_blank">http://lists.lugod.org/mailman/listinfo/vox-tech</a><br class="gmail_msg">
</div></div></blockquote></div><br class="gmail_msg"></div></blockquote> </div>
_______________________________________________<br class="gmail_msg">
vox-tech mailing list<br class="gmail_msg">
<a href="mailto:vox-tech@lists.lugod.org" class="gmail_msg" target="_blank">vox-tech@lists.lugod.org</a><br class="gmail_msg">
<a href="http://lists.lugod.org/mailman/listinfo/vox-tech" rel="noreferrer" class="gmail_msg" target="_blank">http://lists.lugod.org/mailman/listinfo/vox-tech</a><br class="gmail_msg">
</blockquote></div>