openwrt + openconnect

Theo theo at omiha.net
Thu Jun 5 01:43:40 PDT 2014 

Hi Nikos,

On 05/06/14 09:08, Nikos Mavrogiannopoulos wrote:
> On Thu, Jun 5, 2014 at 8:23 AM, Ptroker Cine <cineptroker at gmail.com> wrote:
>> hi, can you setup openwrt + openconnect?
>> use vpn on openwrt?
> Yes, it is in the additional openwrt packages which you can find at:
> https://github.com/openwrt/packages
>
> The web interface (luci) is in not yet finalized but is available in
> the form of patch over luci at:
> https://lists.subsignal.org/pipermail/luci/2014-June/001499.html
> https://lists.subsignal.org/pipermail/luci/2014-June/001498.html
>
> The way you setup openconnect tunnels is by creating a new network
> interface and setting it up as openconnect.

I've been trying to get this to work on Debian. Would you know what
cause the following might have?

Jun  5 20:10:45 l1 daemon.info openconnect[4091]: Attempting to connect
to <ip-removed:443
Jun  5 20:10:45 l1 daemon.info openconnect[4091]: Using certificate file
/etc/openconnect/my.crt
Jun  5 20:10:45 l1 daemon.info openconnect[4091]: Extra cert from
cafile: <removed>'
Jun  5 20:10:45 l1 daemon.info openconnect[4091]: SSL negotiation with
<ip-removed>
Jun  5 20:10:47 l1 daemon.info openconnect[4091]: Connected to HTTPS on
<ip-removed>
Jun  5 20:10:47 l1 daemon.notice openconnect[4091]: Got inappropriate
HTTP CONNECT response: HTTP/1.1 303 See Other

My "interactive" test script is this:

echo "<password-removed>" | \
openconnect \
    --verbose \
    --non-inter \
    --syslog \
    --authgroup users \
    --script /usr/share/vpnc-scripts/vpnc-script \
    --servercert <hash-removed> \
    --user=<removed> \
    --passwd-on-stdin \
    --cookie="<removed>" \
    -i        tun10 \
    --cafile    /etc/openconnect/ca.pem \
    -c        /etc/openconnect/my.crt \
    --sslkey    /etc/openconnect/my.key \
    https://<ip-removed>

Am I missing something obvious?

kind regards,
Theo


>
> _______________________________________________
> openconnect-devel mailing list
> openconnect-devel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/openconnect-devel
>

More information about the openconnect-devel mailing list