neuropoly/intranet.neuro.polymtl.ca

VPN - `security find-generic-password` not working

valosekj opened this issue · 2 comments

When connecting from home to VPN using openconnect based on the instructions from intranet, I encountered troubles with vpn.sh script for macOS. Namely, although I added poly-vpn credentials to the Keychain app, the security find-generic-password command returns the following error:

$ security find-generic-password -a "<here_I_used_my_username>" -s poly-vpn -w
security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.

It seems that security find-generic-password cannot find my credentials although they are stored in the Keychain app.

I solved that by modifying the vpn.sh script to read the password from the CLI. (It is actually similar to the vpn.sh Linux script, but I did not want to have my password hardcoded directly in the script)

#!/bin/bash
# vpn.sh

set -eo pipefail

USER="p118175"
echo "Enter your GRAMES password : "
read -s PASS # password is read in silent mode i.e. it will show nothing instead of password
GROUP=PolySSL # or PolyInvites, depending on your account's status
echo -n "$PASS" | sudo openconnect -u "$USER" --authgroup "$GROUP" --passwd-on-stdin --reconnect-timeout 20 ssl.vpn.polymtl.ca

My MacOS version is 11.7 (20G817) Big Sur.
This issue is maybe related to #19

I remember having that problem as well, and it was solved by changing the type of keychain entry to be an 'application password':

image

It is very convenient to rely on Keychain and not have to write poly-vpn password each time you want to connect to the VPN.

Hm, the problem was that I stored my credentials in the iCloud Keychain. But they have to be stored in the login Keychain. Now, it is working.

image

I will clarify the intranet wiki. Thank you!