Skip to content

invoke openconnect with originally-input server hostname rather than IP, to ensure that 'Host: ' header matches originally-input hostname

Previously, NM-oc invoked openconnect --servercert $HASH $IP:$PORT for the connection phase. This causes problems for VPN servers implemented as name-based vhosts, where a Host: [IPv4_address] header in the HTTPS request(s) will lead to errors. See #46 (closed) for an example.

With this change, NM-oc invokes openconnect --servercert $HASH --resolve $HOSTNAME:$IP $HOSTNAME:$PORT, which ensures that the Host: header contains a real hostname wherever possible and leaves certificate handling unchanged.

Tested by @Nephyrin in #46 (comment 1015652)

UPDATE: I've also incorporated a fix for #18 here (see discussion in !14 (comment 1016563)), since it also fits in closely with the handling of the gateway string.

Edited by Daniel Lenski

Merge request reports