Hi,
With your guidance and documents, I tried openconnect in ubuntu.
unfortunately, I got an error. please check below logs
cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.5 LTS"
root@ip-172-21-99-66:~# dpkg -l | grep openconnect
ii libopenconnect5:amd64 8.05-1~xenial1
amd64 open client for Cisco AnyConnect, Pulse, G
lobalProtect VPN - shared library
ii network-manager-openconnect 1.2.0-1ubuntu0.16.04.1
amd64 network management framework (OpenConnect
plugin)
ii openconnect 8.05-1~xenial1
amd64 open client for Cisco AnyConnect, Pulse, G
lobalProtect VPN
root@ip-172-21-99-66:~# dpkg -l | grep network-manager-openconnect
ii network-manager-openconnect 1.2.0-1ubuntu0.16.04.1
amd64 network management framework (OpenConnect
plugin)
--protocol=nc
-----
openconnect --protocol=nc x.x.x.x -vvv
GET https://x.x.x.x/
Attempting to connect to server x.x.x.x:443
Connected tox.x.x.x:443
SSL negotiation with x.x.x.x
Server certificate verify failed: signer not found
Certificate from VPN server "x.x.x.x" failed verification.
Reason: signer not found
To trust this server in future, perhaps add this to your command line:
--servercert pin-sha256:ZovfsMIDceLOSCZxZPx4ceHc26L3Ec+yQpQtJ541Pao=
Enter 'yes' to accept, 'no' to abort; anything else to view: Connected
to HTTPS on x.x.x.x
Got HTTP response: HTTP/1.1 301 Moved Permanently
Date: Tue, 07 Apr 2020 14:07:09 GMT
Server: Embedthis-Appweb/3.2.3
Cache-Control: max-age=5184000
Expires: Fri, 17 Apr 2020 21:04:22 GMT
Content-Length: 284
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=120, max=199
Location: https://x.x.x.x/dynamic-vpn/index.php
HTTP body length: (284)
GET https://x.x.x.x/dynamic-vpn/index.php
Got HTTP response: HTTP/1.1 200 OK
Date: Tue, 07 Apr 2020 14:07:09 GMT
Server: Embedthis-Appweb/3.2.3
Cache-Control: no-cache
ETag: "1cd1d0-417-57d84162"
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=120, max=198
Last-Modified: Tue, 07 Apr 2020 14:07:09 GMT
Transfer-Encoding: chunked
HTTP body chunked (-2)
Failed to find or parse web form in login page
Failed to obtain WebVPN cookie
--protocol=pulse
------
openconnect --protocol=pulse x.x.x.x -vvv
Attempting to connect to server x.x.x.x:443
Connected to x.x.x.x:443
SSL negotiation with x.x.x.x
Server certificate verify failed: signer not found
Certificate from VPN server "x.x.x.x" failed verification.
Reason: signer not found
To trust this server in future, perhaps add this to your command line:
--servercert pin-sha256:ZovfsMIDceLOSCZxZPx4ceHc26L3Ec+yQpQtJ541Pao=
Enter 'yes' to accept, 'no' to abort; anything else to view: yes
Connected to HTTPS on x.x.x.x
Got HTTP response: HTTP/1.1 301 Moved Permanently
Date: Tue, 07 Apr 2020 14:08:16 GMT
Server: Embedthis-Appweb/3.2.3
Cache-Control: max-age=5184000
Expires: Fri, 17 Apr 2020 21:05:29 GMT
Content-Length: 284
Content-Type: text/html
Connection: keep-alive
Keep-Alive: timeout=120, max=199
Location: https://x.x.x.x/dynamic-vpn/index.php
HTTP body length: (284)
Unexpected 301 result from server
Failed to obtain WebVPN cookie
please help me to resolve this issue
Kind regards,
Midhunlal.N.B.
On Tue, Apr 7, 2020 at 6:11 PM David Woodhouse <dwmw2@xxxxxxxxxxxxx> wrote:
>
> On Tue, 2020-04-07 at 17:05 +0530, Nb, Midhunlal wrote:
> > Hi,
> > please go through the below details
> >
> > > we are using juniper srx 345 firewall
> > > Junos version:15.1X49-D60.7
> > > For VPN we are using pulse secure (windows: pulse 5.1.5(61437),
> > > MacBook:91.2(1181))
> >
> > Now we need a VPN for LINUX (we are using UBUNTU OS)
> > > for Linux which pulse client version we need to use and which
> > > openconnect version I need to install in my Linux?
>
> Use the latest version of OpenConnect. For Ubuntu there is a PPA at
> https://launchpad.net/~dwmw2/+archive/ubuntu/openconnect
>
>
> > > which version (pulse version and open connect version)is compatible
> > > with srx and Linux?
> > > I need a configuration guide
>
> As it says in the documentation at
> http://www.infradead.org/openconnect/pulse.html you just need to try
> connecting to your existing server using --protocol=pulse.
>
> If that doesn't work, then also try --protocol=nc which is the older
> Juniper Network Connect protocol. Most Pulse servers still support that
> too.
>
> > > Any extra configuration (eg: self-signed certificate, key pair
> > > generation) needs in juniper firewall for Linux VPN?
>
> Are you asking me about the configuration of *your* VPN server?
>
> If you give me the root password for it perhaps I can answer those
> questions... ?
>
> > We are facing a lot of pressure due to this VPN issue in Linux.due to
> > work from home every user needs VPN connectivity in their Linux
> > machine. Please help on this issue.
>
> Have you actually *tried* pointing OpenConnect at the existing
> server...?
_______________________________________________
openconnect-devel mailing list
openconnect-devel@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/openconnect-devel
