janhouse/always-on-openconnect-vpn
1
0
Fork 0
Code Issues Pull Requests Activity

Updated readme

Browse Source
This commit is contained in:
Jānis Jansons 2024-12-02 13:53:52 +00:00
parent f49ca95e44
commit 9c69e8e234
1 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
README.md
View File

@ -10,6 +10,7 @@ Additionaly routing for only specific subnets can be added in `routes.txt`
## Setup ## Setup
### MacOS
``` ```
git clone this repo git clone this repo
brew install openconnect brew install openconnect
@ -26,6 +27,17 @@ On Macos add server address, username, password and 2fa seed in keychain with th
* `Openconnect Account Password` * `Openconnect Account Password`
* `Openconnect TOTP Seed` * `Openconnect TOTP Seed`
### Linux
#### Fedora packages
```
sudo dnf install rpm-build git bind oathtool openconnect libnotify
# Clone repo and follow build and install instructions for vpn-slice:
# https://github.com/dlenski/vpn-slice?tab=readme-ov-file#as-an-rpm
```
On Linux you can use keychain (gnome-keychain/seahorse), add following entries: On Linux you can use keychain (gnome-keychain/seahorse), add following entries:
``` ```
secret-tool store --label='openconnect-server' server openconnect secret-tool store --label='openconnect-server' server openconnect
@ -79,6 +91,18 @@ user ALL=(ALL) NOPASSWD:SETENV: /home/user/Documents/git/always-on-openconnect-v
user ALL=(ALL) NOPASSWD: /usr/bin/killall -2 openconnect user ALL=(ALL) NOPASSWD: /usr/bin/killall -2 openconnect
``` ```
#### On Linux enable dbus access from sudo
Create `/etc/dbus-1/session-local.conf` with following content:
```xml
<busconfig>
<policy context="mandatory">
<allow user="root"/>
</policy>
</busconfig>
```
### Yubikey ### Yubikey
Yubikey can be used for safe storage of TOTP seed. Configure TOTP in Yubikey Authenticator app or `ykman oath` if using command line. Then use `ykman oath list` to get the name of the entry and set that name in `OC_YUBIKEY` environment variable. Yubikey can be used for safe storage of TOTP seed. Configure TOTP in Yubikey Authenticator app or `ykman oath` if using command line. Then use `ykman oath list` to get the name of the entry and set that name in `OC_YUBIKEY` environment variable.