Hi Dan,
Manpage of vpnc states not implemented yet .. :-(
--auth-mode <psk/cert/hybrid>
Authentication mode:
· psk: pre-shared key (default)
· cert: server + client certificate (not implemented yet)
· hybrid: server certificate + xauth (if built with openssl support)
With original anyconnect linux client it's also not working for some reason ... :-(
Seams I have to stay with the behavior of Windows :-(
Thanks anyhow.
Best Regards
Steffen Löser
-----Ursprüngliche Nachricht-----
Von: David Woodhouse [mailto:dwmw2@xxxxxxxxxxxxx]
Gesendet: Donnerstag, 4. Juli 2019 11:00
An: Steffen Loeser; Daniel Lenski
Cc: openconnect-devel
Betreff: Re: AW: AW: Skipt Phase 1 when connecting using openconnect
On Thu, 2019-07-04 at 09:58 +0200, Steffen Loeser wrote:
> Hi Dan,
>
> That's why I was asking to skip this first phase totally. The
> Anyconnect client (anyconnect-win-3.1.14018-mit_eToken.msi, probably
> build by Versatel itself) connects to the VPN Server starting
> directly with DTLS (UDP port 500 and some high port).
> Cisco Client just needs the certificats which contain all information
> where and how to connect. The Authentication had to be done first
> using the WebUI prompt, the permission is then handled internally at
> the VPN Servers.
Ah, I don't think that's AnyConnect; I think it's IPSec. You want vpnc
for that, although it's kind of unmaintained these days and we've been
*talking* about adding IPSec support to OpenConnect. I don't think vpnc
supports certificate auth.
_______________________________________________
openconnect-devel mailing list
openconnect-devel@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/openconnect-devel
