Hello.
I am trying to change my openconnect usage from command line to configfile.
I need to use a smartcard (StarSign CUT S, from Giesecke & Devrient GmbH) in
order to access my VPN. And my current command line works fine and I can
connect to the VPN:
# openconnect \
--authgroup=<my_gateway> \
--protocol=gp \
--servercert <...> \
--disable-ipv6 \
--cafile <file.pem> \
<my_server_url> \
-c
"pkcs11:model=XXXXXXXXXXXXXXXX;manufacturer=A.E.T.%20Europe%20B.V.;serial=XXXXXXXXXXXXXXXX;token=XXXXXXXXX;id=<...>;object=<...>;type=cert"
But when I try this configfile:
(All arguments are exactly the same!)
# cat vpn.config
authgroup = <my_gateway>
protocol = gp
servercert = <...>
disable-ipv6
cafile = <file.pem>
server = <my_server_url>
certificate =
"pkcs11:model=XXXXXXXXXXXXXXXX;manufacturer=A.E.T.%20Europe%20B.V.;serial=XXXXXXXXXXXXXXXX;token=XXXXXXXXX;id=<...>;object=<...>;type=cert"
I get this error:
# openconnect --config=vpn.config`
Failed to open key/certificate file <...>: File name too long
Loading certificate failed. Aborting.
Failed to open HTTPS connection to <...>
Failed to complete authentication
Any idea on how to make it work? Or is it a bug in openconnect?
Thanks!
PS 1:
# openconnect --version
OpenConnect version v9.01
Using GnuTLS 3.7.7. Features present: PKCS#11, HOTP software token, TOTP
software token, System keys, DTLS, ESP
Supported protocols: anyconnect (default), nc, gp, pulse, f5, fortinet,
array
Default vpnc-script (override with --script): /etc/vpnc/vpnc-script
PS 2: All commands executed as root.
_______________________________________________
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel
