Compatibility with juniper ssl vpn ?
Guillaume Rousse
guillomovitch at gmail.com
Wed Jan 12 05:10:37 EST 2011
Le 28/12/2010 16:56, David Woodhouse a écrit :
> On Tue, 2010-12-28 at 11:06 +0100, Guillaume Rousse wrote:
>>
>> I'd gladly try to set up an SSL proxy, but I'd need additional
>> informations for this. I quickly checked openssl man page, it doesn't
>> seem to be possible with it. However, googling point me to
>> http://crypto.stanford.edu/ssl-mitm/. Is that the way to go ?
>
> Something like that, perhaps. Or just use 'openssl s_server' and point
> your client at it, then manually cut and paste its requests into
> 'openssl s_client' pointed at the real server.
I just tried this, but I didn't achieved to make the client successfully
negociate an ssl session with my proxy.
Here is my proxy server command line:
openssl s_server
-key /etc/pki/tls/private/localhost.key
-cert /etc/pki/tls/certs/localhost.crt
-debug
-accept 443
Here is my client command line:
~/.juniper_networks/network_connect/ncsvc \
-h beria.zarb.home \
-u rousse \
-r smi \
-f /etc/pki/tls/certs/localhost.crt
I'm attaching the proxy output. The certificate/key pair used here has
nothing to do with the actual juniper vpn, but the hostname in the CN
matches the one used in the client command line. I may eventually get a
copy of the original certificate if needed, but I'm not the sure this is
the actual problem.
Sorry if I'm missing something obvious here, it's a bit beyond my own
technicals skills.
--
BOFH excuse #59:
failed trials, system needs redesigned
More information about the openconnect-devel
mailing list