Vpn

openconnect VPN 在 KDE NetworkManager 小元件中有效,但在命令行中無效

  • September 10, 2014

我需要在 Linux 上連接到 Cisco VPN,起初我使用 KDE NetworkManager 等離子小元件 thingy 來完成此操作。這很好,如果我從網路管理器小元件中選擇它,我就可以連接到 VPN。

但是,如果我嘗試使用命令行,則無法正常工作(IP 和 URL 已更改以保護無辜者):

➜  ~  sudo openconnect --proxy http://proxy.mycompany.com:8080 vpn.mycompany.com:443 
POST https://vpn.mycompany.com/
Attempting to connect to proxy 172.17.122.135:8080
Requesting HTTP proxy connection to vpn.mycompany.com:443
Unexpected continuation line after CONNECT response: 'Via: 1.1 SPROXY2'
Unexpected continuation line after CONNECT response: 'X-WebMarshal-RequestID: 445D5E14-309A-4AA2-B7AF-07CAAD5BB21D'
SSL negotiation with vpn.mycompany.com
Server certificate verify failed: signer not found

Certificate from VPN server "vpn.mycompany.com" failed verification.
Reason: signer not found
Enter 'yes' to accept, 'no' to abort; anything else to view: yes
Connected to HTTPS on vpn.mycompany.com
Got HTTP response: HTTP/1.0 302 Object Moved
GET https://vpn.mycompany.com/
Attempting to connect to proxy 172.17.122.135:8080
Requesting HTTP proxy connection to vpn.mycompany.com:443
Unexpected continuation line after CONNECT response: 'Via: 1.1 SPROXY2'
Unexpected continuation line after CONNECT response: 'X-WebMarshal-RequestID: 39FA73DC-1FDD-4C4C-A1A6-5993477DD8E3'
SSL negotiation with vpn.mycompany.com
Server certificate verify failed: signer not found
Connected to HTTPS on vpn.mycompany.com
Got HTTP response: HTTP/1.0 302 Object Moved
GET https://vpn.mycompany.com/+webvpn+/index.html
Requesting HTTP proxy connection to vpn.mycompany.com:443
Unexpected continuation line after CONNECT response: 'Via: 1.1 SPROXY2'
Unexpected continuation line after CONNECT response: 'X-WebMarshal-RequestID: 0141A4E6-1EA7-4FAE-AFA0-E56B2BC07BD1'
SSL negotiation with vpn.mycompany.com
Server certificate verify failed: signer not found
Connected to HTTPS on vpn.mycompany.com
Please enter your username and password.
GROUP: [1..VPN|2..AD]:2
Auth choice "2" not valid
Failed to obtain WebVPN cookie
➜  ~  

我收到提示證書驗證失敗,然後提示我選擇組,但隨後一切都失敗了,“Auth 選擇“2”無效”。

我為 openconnect 命令嘗試了不同的選項。例如 -g 指定組 -u 指定使用者名和 –no-cert-check 跳過失敗的證書檢查,但沒有任何作用。

如您所見,我正在使用代理。這可能與此有關,但我不確定它是如何(也許?)影響這一點的。

我不明白 openconnect 如何通過 NetworkManager KDE 小元件工作,但在命令行上失敗。我在這裡錯過了什麼嗎?

你一定是在跟我開玩笑!!!

所以問題是當我看到以下選項時:

Please enter your username and password.
GROUP: [1..VPN|2..AD]:

我選擇了“2”並按下輸入鍵!只是為了好玩,我什至嘗試輸入“AD”而不是使用“2”,但仍然沒有運氣。

剛才我嘗試輸入“2..AD”……並且成功了!

令人難以置信的愚蠢“使用者體驗”!

引用自:https://serverfault.com/questions/627530