Sunday, January 31, 2021

Re: Cisco AnyConnect Secure Mobility Client Alternatives with MFA?

> On Sun, 2021-01-31 at 21:41 +0300, somebody from mother Russia wrote:
> > Hello,
> > Our employer decided that AnyConnect Secure Mobility Client with
> > multifactor Azure authentication is the only secure option to connect
> > to
> > work. No alternatives, no discussions.
> > There are packages for Windows and Linux only.
> > Did anybody succeed in running vpn clients compatible with all that
> > funny stuff?
> >
>
> Hi,
>
> have you tried your luck with Openconnect? It's in packages. I've had
> luck with that at least on Linux side on my work laptop.

I have been using Openconnect for a while and with exception of the 6.8
release cycle it worked perfectly. At the beggining of the 6.8 release
cycle OpenBSD package was "broken". I am not sure if it was OpenBSD SSL
stack or the server side (Cisco black box) but I just tried again today
and there was no error.


oko# openconnect https://nrec.vpn.cmu.edu
POST https://nrec.vpn.cmu.edu/
Connected to 128.2.5.164:443
SSL negotiation with nrec.vpn.cmu.edu
Connected to HTTPS on nrec.vpn.cmu.edu with ciphersuite
(TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-256-GCM)

oko# uname -a
OpenBSD oko.int.bagdala2.net 6.8 GENERIC.MP#4 amd64
oko# syspatch -l
001_bgpd
002_icmp6
003_tmux
004_wg
005_unwind
006_rpki
007_xmaplen
008_asn1
009_exit
010_smtpd
011_nd6
012_carp



>
> --
> Kind regards,
> Ville

No comments:

Post a Comment