Pulse via Openconnect in Debian Buster

Part 1: Pulse via Openconnect in Debian Buster
Part 2: Use LFTP to batch download files and then delete them on server.
Part 3: mSMTP with Office365
Part 4: The bash scripts

Backstory


We needed a way to automate downloads of certain files of a ftp server that is locate behind a Juniper VPN connection. To be able to automate the download of this files we first hade to solve the issue of connecting to the VPN. This was a little bit tricky since I did not get the CLI version of PulseSecure to connect. If I used the UI and connected it worked just fine. So I figured i could use Openconnect instead. It soon showed that the version shipped with Buster does not support –protocol=pulse which is need for this vpn server I am connecting to.

Howto

First of we need a newer version of Openconnect than the one provided in buster.
Therefore we need to enable backports do this by adding the following to your /etc/apt/source.list

#Backports 
deb http://deb.debian.org/debian buster-backports main contrib non-free

Now issue the following commnads

sudo apt update
sudo apt install -t buster-backports openconnect

Openconnect should now be installed
Now to connect to your vpn service type

echo "yourpassword" | sudo openconnect --protocol=pulse -u yourusername --passwd-on-stdin vpnhostname 

If it works you should now have a new interface when looking with “ip addr” and you should be able to access your vpn. If you want to automate the vpn connection this can be done via systemd.

First edit a new file example sudo vi /etc/systemd/system/my-vpn.service
This file should look something like this

[Unit]
Description=Connect to my VPN
After=network.target

[Service]
Type=simple
ExecStart=/bin/sh -c 'echo "yourpassword" | openconnect --protocol=pulse -u yourusername --passwd-on-stdin vpnhostname'
Restart=always

[Install]
WantedBy=multi-user.target

Save and close the file and run the following

sudo systemctl daemon-reload
sudo systemctl enable my-vpn.service
sudo systemctl start my-vpn.service

If you don’t want it to autostart then skip the eanble command.
To stop the service simple use

sudo systemctl stop my-vpn.service

Leave a comment

Your email address will not be published. Required fields are marked *