OpenConnect problem

蔡政賢 austin210843 at gmail.com
Wed May 7 20:43:44 PDT 2014


Hello Sir,



I have a OpenConnect problem.



I use Cisco IOS
c7200-adventerprisek9-mz.124-11.T1.bin

And Cisco sslclient pkg

sslclient-win-1.1.3.173.pkg



and use Dynamips Server to setup Cisco 7200 system





format disk0:

y

copy tftp: disk0:

192.168.121.132

sslclient-win-1.1.2.169.pkg

y



conf t

webvpn install svc disk0:sslclient-win-1.1.3.173.pkg

interface Ethernet 0/0

ip address 11.1.1.1 255.255.255.0

no shutdown

exit

aaa new-model

aaa authentication login default local

aaa authentication login webvpn local

ip local pool ssl-add 11.1.1.10 11.1.1.20

username austin password austin

webvpn gateway vpngateway

http-redirect

ip address 192.168.121.136 port 443

inservice

exit

webvpn context webcontext

gateway vpngateway

aaa authentication list webvpn

inservice

exit

webvpn context webcontext

gateway vpngateway

aaa authentication list webvpn

inservice

policy group sslvpn-policy

functions svc-enabled

svc address-pool ssl-add

exit

default-group-policy sslvpn-policy



and then I use openconnect to connect



# openconnect https://192.168.121.136

POST https://192.168.121.136/

Attempting to connect to server 192.168.121.136:443

SSL negotiation with 192.168.121.136

Server certificate verify failed: self signed certificate



Certificate from VPN server "192.168.121.136" failed verification.

Reason: self signed certificate

Enter 'yes' to accept, 'no' to abort; anything else to view: yes

Connected to HTTPS on 192.168.121.136

Failed to read from SSL socket

Error fetching HTTPS response

GET https://192.168.121.136/

Attempting to connect to server 192.168.121.136:443

SSL negotiation with 192.168.121.136

Server certificate verify failed: self signed certificate

Connected to HTTPS on 192.168.121.136

Got HTTP response: HTTP/1.1 303 See Other

GET https://192.168.121.136/webvpn.html



And then no any response.



Would you please give me some help?

Many thanks

Austin



More information about the openconnect-devel mailing list