On Tue, Aug 22, 2017 at 6:14 PM, Aube, Jeremy <[email protected]> wrote:
> Asuswrt-Merlin doesn't have OpenConnect support for their interface (I wish
> they did), so I've been running openconnect from the command line. Here's the
> output (let me know if I've redacted too much):
>
> # openconnect vpn.example.com:22 -v -u username -s
> /mnt/sda1/vpnc-script-infradead
> POST https://vpn.example.com:22/
> Attempting to connect to server y.y.y.y:22
> Connected to y.y.y.y:22
> SSL negotiation with vpn.example.com
> Server certificate verify failed: signer not found
>
> Certificate from VPN server "vpn.example.com" failed verification.
> Reason: signer not found
> To trust this server in future, perhaps add this to your command line:
> --servercert sha256:******************************************
> Enter 'yes' to accept, 'no' to abort; anything else to view: yes
> ...
> X-CSTP-Address: x.x.x.x
> X-CSTP-Netmask: 255.255.0.0
> X-CSTP-DNS: 10.9.0.1
> X-CSTP-DNS: 10.8.0.1
Ah, thanks for clarifying… I was thinking you might be using something
like OpenWRT's LuCI web interface. Hmm… all of that looks fine. (It's
a bit strange that your VPN uses port 22, which is normally for SSH,
but whatever.)
It might help to shed some light about what's going on if you try
using a "fake" vpnc-script which does nothing but print the
environment variables with which it's called and run 'openconnect
--script /path/to/fake.sh'. For example:
#!/bin/sh
echo "===== FAKE VPNC-SCRIPT ====="
env
echo "===== /FAKE VPNC-SCRIPT ====="
-Dan
_______________________________________________
openconnect-devel mailing list
[email protected]
http://lists.infradead.org/mailman/listinfo/openconnect-devel
