On Tue, Aug 22, 2017 at 6:14 PM, Aube, Jeremy <aube at mykolab.com> wrote: > Asuswrt-Merlin doesn't have OpenConnect support for their interface (I wish they did), so I've been running openconnect from the command line. Here's the output (let me know if I've redacted too much): > > # openconnect vpn.example.com:22 -v -u username -s /mnt/sda1/vpnc-script-infradead > POST https://vpn.example.com:22/ > Attempting to connect to server y.y.y.y:22 > Connected to y.y.y.y:22 > SSL negotiation with vpn.example.com > Server certificate verify failed: signer not found > > Certificate from VPN server "vpn.example.com" failed verification. > Reason: signer not found > To trust this server in future, perhaps add this to your command line: > --servercert sha256:****************************************** > Enter 'yes' to accept, 'no' to abort; anything else to view: yes > ... > X-CSTP-Address: x.x.x.x > X-CSTP-Netmask: 255.255.0.0 > X-CSTP-DNS: 10.9.0.1 > X-CSTP-DNS: 10.8.0.1 Ah, thanks for clarifying? I was thinking you might be using something like OpenWRT's LuCI web interface. Hmm? all of that looks fine. (It's a bit strange that your VPN uses port 22, which is normally for SSH, but whatever.) It might help to shed some light about what's going on if you try using a "fake" vpnc-script which does nothing but print the environment variables with which it's called and run 'openconnect --script /path/to/fake.sh'. For example: #!/bin/sh echo "===== FAKE VPNC-SCRIPT =====" env echo "===== /FAKE VPNC-SCRIPT =====" -Dan
