openconnect: implement --no-external-auth

The option prevents OpenConnect from advertising to the server that it supports any kind of authentication mode that requires an external browser. Some servers will force the client to use such an authentication mode if the client advertises it, but fallback to a more "scriptable" authentication mode if the client doesn’t appear to support it. Signed-off-by: Thomas Winkler <tewinkler86@gmail.com>
2026-04-15 10:51:55 +00:00 · 2026-03-10 13:56:11 +01:00
parent 0b6bedf5fb
commit 638335582a
2 changed files with 4 additions and 1 deletions
--- a/net/openconnect/Makefile
+++ b/net/openconnect/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=openconnect
 PKG_VERSION:=9.12
-PKG_RELEASE:=6
+PKG_RELEASE:=7

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.infradead.org/openconnect/download
--- a/net/openconnect/files/openconnect.sh
+++ b/net/openconnect/files/openconnect.sh
@@ -23,6 +23,7 @@ proto_openconnect_init_config() {
 	proto_config_add_string "vpn_protocol"
 	proto_config_add_boolean "pfs"
 	proto_config_add_boolean "no_dtls"
+	proto_config_add_boolean "no_external_auth"
 	proto_config_add_string "interface"
 	proto_config_add_string "username"
 	proto_config_add_string "serverhash"
@@ -58,6 +59,7 @@ proto_openconnect_setup() {
 		juniper \
 		vpn_protocol \
 		mtu \
+		no_external_auth \
 		no_dtls \
 		os \
 		password \
@@ -107,6 +109,7 @@ proto_openconnect_setup() {
 	[ -n "$script" ] && append_args --script "$script"
 	[ "$pfs" = 1 ] && append_args --pfs
 	[ "$no_dtls" = 1 ] && append_args --no-dtls
+	[ "$no_external_auth" = 1 ] && append_args "--no-external-auth"
 	[ -n "$mtu" ] && append_args --mtu "$mtu"

 	# migrate to standard config files