Build of OpenConnect 7.05+ for EL6?
Oliver Hernandez
mr.oliver.hernandez at gmail.com
Wed Jul 13 04:58:47 PDT 2016
With some one-on-one help from David (thank you!), I finally got
OpenConnect working to connect to my corporate Cisco VPN. The
solution consists of a workaround, similar to one I have to do to
connect to another VPN with OpenConnect's Juniper support.
Not having success connecting to the Cisco VPN, trying all kinds of
options and suggestions from David, I looked into maybe using the
workaround where I obtain a valid webvpn cookie and passing it to
OpenConnect. The VPN has a website for initially connecting to the
VPN over the web and downloading the Cisco AnyConnect client, which of
course is Windows only. Using a Windows VM, I connect to the VPN with
the IE browser, and obtain the webvpn cookie value. At first, that
didn't work either. But then I noticed the URL to the VPN in the
browser had a path appended to the FQDN after authenticating. So I
ran OpenConnect with this extended URL, and voila, it connected!
Granted, not ideal, and David wanted to help me figure out how to get
OpenConnect to mimic what the Cisco client does on the wire, but I can
live with this workaround.
Thanks again for all the help!
On Mon, Jul 11, 2016 at 5:40 PM, Oliver Hernandez
<mr.oliver.hernandez at gmail.com> wrote:
> That was it, thanks!
>
> Now I'm troubleshooting another issue, which is likely not related to
> OpenConnect. I'll post back if I get stuck again, but my initial
> thought is the VPN server might have some setting that will only allow
> usage of the Cisco brand VPN client. If that ends up being the case,
> then I'll be at the mercy of their help desk, as they don't officially
> support Linux, only Windoze clients. :-/
>
> On Mon, Jul 11, 2016 at 3:11 PM, David Woodhouse <dwmw2 at infradead.org> wrote:
>> On Mon, 2016-07-11 at 15:05 -0400, Oliver Hernandez wrote:
>>> pkcs11:model=;manufacturer=;serial=;token=HERNANDEZ.OLIVER.xxx.xxxxxx;id=%00%02;object=CAC%20Email%20Signature%20Certificate;object-type=cert
>>> Type: X.509 Certificate
>>> Label: CAC Email Signature Certificate
>>> ID: 00:02
>>>
>>> And the result of attempting to connect:
>>>
>>> # openconnect --no-cert-check -c
>>> 'pkcs11:token=HERNANDEZ.OLIVER.xxx.xxxxx;id=%02' foo.remotevpn
>>
>> "id=%02" != "id=%00%02"
>>
>> --
>> dwmw2
More information about the openconnect-devel
mailing list