openconnect password and cookie input

Question

After 2-3 day search and work now i hope you can help ...
I want to use from openconnect in my program and for auth have 2 solution
1 - use from user and pass (but pass dont have any option for command line and only with standard input can input pass)
2 - used from cookie (but openconnect not work with cookie for me !)

For Cookie i do this

-send user with post method to server
-server ask for password
-send password with post method to server
-if all is ok and auth id = success
-read header and get cookie

open command line and send ip and cookie to openconenct

and Error !

Creating SSL connection failed

command line code

openconnect.exe vpn.server.ip --no-cert-check -C "webvpn=BPlUDg9oaTN2uQQ0DQvH7QopD3x5NahiCHQgTqKQ7KPJg38dSuvqLmYIo9Jskig; Secure,webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; Secure,webvpnc=bu:/&p:t&iu:1/&sh:7350D46A8EE85D06&lu:/+CSCOT+/translation-table?textdomain%3DAnyConnect%26type%3Dmanifest&fu:profiles%2F/etc/ocserv/profile.xml&fh:6B5181182D2B5483FBB8D2AA1BCBACC9A70E2BA3; path=/; Secure"

for send user and pass with post method i use from C#

2 - for user and pass i do this work
use from command line for auto fill input with this code

type password | openconnect.exe vpn.server.ip -u username --no-cert-check

and

password | openconnect.exe vpn.server.ip -u username --no-cert-check

and

openconnect.exe vpn.server.ip -u username --no-cert-check < pas.txt

and again error !!!

Password: ReadConsole() failed: The handle is invalid.

now i want to know whats wrong in my code ??

or have any better solution for accept cookie or auto fill input ?

if you have any idea please tell me.

thanks and kind regards.

openconnect command line info

Jansen Simanullang · Answer 1 · 2018-10-23T10:40:37.670

Openconnect Autofill Username and Password

There is a trade-off between convenience and security. Autofill user and password is not recommended in terms of security.

In case you need the convenience to make an autoconnection using openconnect here is a simple example steps:

Simple Steps Example

Create a plaintext password file

mypass.txt contains only the password:

mysupersecretpassword

Create a script to call openconnect

myscript.sh contains two lines of command:

openconnect --protocol=gp vpn.mycompany.com --user=abc123 --passwd-on-stdin < mypass.txt ./myscript.sh

the second line ./myscript.sh is intentionally added to make the script loop forever thus create a persistent VPN connection.

Make script executable

In terminal line:

chmod +x myscript.sh

Run your script

run your script with a sudo privilege sudo ./myscript.sh to exit the loop just press CTRL + C

For More Security

For added security you can make the process not so simple:

put your script and password file in a protected/hidden directory that only root level user can access;
Encrypt the plaintext password file and make another script to decrypt and read the password for example using linux gpg, but you will still have to enter the encryption/decryption passphrase.

for those in rush and need a practical answer to implement, I have created `ovlauncher` [here](https://github.com/jansenicus/openconnect-vpn) — Jansen Simanullang, Apr 19 '19 at 11:38

score 2 · Answer 2 · edited Jun 02 '17 at 13:20

2

In ubuntu you can use this:

openconnect --script ./vpnc.sh target-domain --no-cert-check -u username --passwd-on-stdin < pass.txt

Hope this helps.

edited Jun 02 '17 at 13:20

Edu

2,354
5
32
36

answered Jun 02 '17 at 11:02

sab

21
2

1

--no-cert-check been removed, and then it asks a question about cert and i need to enter an answer. – holms Apr 05 '19 at 14:44