Alternative Openconnect-sso¶
This is an alternative way to use the Openconnect SSO if you're having trouble getting the QT5 dependancies to resolve, which is a particular problem on macOS with M1/M2 silicon. At some point the more official openconnect-sso will change to QT6 and this shouldn't be needed anymore.
Note for this you will be running a fork of the openconnect-sso on my github, so it's good practise to havea look at make sure I'm not doing anything nefariouss. I'm not, but then I would say that. Also the code is not mine, it's a fork of a pull request on another repo that I;ve setup to be the main branch to simplify this process. Use with caution.
You'll also need a new version of chrome or chromium-browser to do this as we'll be using selenium to drive a webbrowser (in this case a chromelike browser) to handle the web part of the 2fa.
create a directory somewhere convenient, like vuwvpn or omething and cd there. then
Then download the requirements file from my fork of the openconnect-sso. It's not my code, I just made a repo from a pull request that hasn't been merged in yet, but we need to increase the timeout.Then install those requirements, note they will install some stuff from my fork
Vuw's ssl stuff on the VPN 2fa uses an old ssl config so we need to downgrade the ssl on newer linux versions, we can do that just for the vpn, best not do this systemwide. Now to test as a one liner If that works, ctrl-c to end it and make a script to make this easy and avoid needing to activate a python venv everytime: Somewhere sensible to you make a file that contains the following, you'll need to adjust the paths to match yours chmod it to be executable and just run it in a separeate terminal window when you need to connect to the vpn