Using OpenConnect instead of Pulse 8.1r7
Bill Broadley
bill at broadley.org
Thu Jun 2 23:25:20 PDT 2016
Greetings,
I'm using ubuntu-16.04 which defaults to OpenSSL-1.0.2g.
I built OpenConnect from git tonight, installed all the optional
dependencies except for LIBPSKC.
I'm trying to get OpenConenct to work instead of the pulse client.
The pulse instructions:
1) Download Pulse 8.1R7
2) download the example.com.der certificate
3) Run:
/usr/local/pulse/PulseClient.sh -h vpn.example.com -u <your kerberos id>
-r Library -f <path to certificate file>
I compiled OpenConnect from git to get the --proto=nc functionality.
OpenConnect didn't seem to like the der cert, so I:
$ openssl x509 -inform der -in vpn.example.com.der -out vpn.example.com.pem
Then tried (using example.com to keep site specific details to the minimum):
# ./openconnect --proto=nc
--certificate=/home/bill/Downloads/vpn.example.com.pem
https://vpn.example.com
GET https://vpn.example.com/
Connected to 109.108.107.106:443
Using client certificate
'/C=US/postalCode=90210/ST=CA/L=Hollywood/street/OU=Library/CN=vpn.example.com'
Using client certificate
'/C=US/postalCode=90210/ST=CA/L=Hollywood/street 5th Ave/O=Example
corp/OU=Library/CN=vpn.example.com'
Failed to identify private key type in
'/home/bill/Downloads/vpn.example.com.pem'
Loading certificate failed. Aborting.
Failed to open HTTPS connection to vpn.example.com
Failed to obtain WebVPN cookie
I got similar with openconnect --juniper --certificate:
Connected to 109.108.107.106:443
SSL negotiation with vpn.example.com
SSL connection failure
If I add --certificate I get the same private key error as above.
Any suggestions on converting the .der file into a format OpenConnect is
happy with?
My end goal is to get a Puppet managed OpenConnect working for linux
clients that enables IPv4 and IPv6.
More information about the openconnect-devel
mailing list