Compatibility with juniper ssl vpn ?
David Woodhouse
dwmw2 at infradead.org
Thu Jan 13 16:34:12 EST 2011
On Wed, 2011-01-12 at 11:10 +0100, Guillaume Rousse wrote:
>
> Here is my client command line:
> ~/.juniper_networks/network_connect/ncsvc \
> -h beria.zarb.home \
> -u rousse \
> -r smi \
> -f /etc/pki/tls/certs/localhost.crt
There's no -m option here. If you look in
~/.juniper_networks/network_connect/ncsvc.log you'll probably see a line
like:
20101228160000.207947 ncsvc[p21179.t21179] dsssl.error ive_cert_hash = 6f13afc3c6815ab480b2ddc27406ba4b, computed_hash = ecb77116a55194c4dfba8e9aa0cc862e (DSSSLSock.cpp:761)
It doesn't like the self-signed cert on your "server". For the above
example log line, you want to add '-m ecb77116a55194c4dfba8e9aa0cc862e'
to your ncsvc invocation. Obviously, yours will differ from mine.
You *may* need to use the -m option with a dummy argument just to make
it give this log line; I'm not sure.
--
dwmw2
More information about the openconnect-devel
mailing list