On Sat, Mar 27, 2021, 9:35 AM Oton Marques Jr. <otonmarq...@gmail.com> wrote: > > I can connect to my company's vpn using cisco's client, but when I try > it using openconnect (with servercert parameter), I get the > following: > -- > $ openconnect GATEWAY-IP --servercert <pin-sha256> > Connected to GATEWAY-IP:443 > SSL negotiation with GATEWAY-IP > Server certificate verify failed: signer not found > Connected to HTTPS on GATEWAY-IP > Failed to read from SSL socket: The TLS connection was non-properly > terminated. > Error fetching HTTPS response > GET https://GATEWAY-IP/ > Connected to GATEWAY-IP:443 > SSL negotiation with GATEWAY-IP > Server certificate verify failed: signer not found > Connected to HTTPS on GATEWAY-IP > Failed to read from SSL socket: The TLS connection was non-properly > terminated. > Error fetching HTTPS response > Failed to obtain WebVPN cookie
What OS? What version of OpenConnect are you running and what crypto library? Use `openconnect --version` to show it. If you're running a newer version of OpenConnect, against a very old server… there is a chance that your server is ancient and uses some ancient (and insecure) encryption, which OpenConnect will refuse to connect to with this error. If so, you may need to use the --allow-insecure-crypto option, which is not yet in a released version of OpenConnect, but will be in the next one. (https://gitlab.com/openconnect/openconnect/-/merge_requests/114) Dan _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
