Hi, can you please provide any solution on this issue? On Tue, Apr 7, 2020 at 9:46 PM Nb, Midhunlal <midhunlal.nb@xxxxxxxxxxxxxx> wrote: > > Hi, > With your guidance and documents, I tried openconnect in ubuntu. > unfortunately, I got an error. please check below logs > > > cat /etc/lsb-release > DISTRIB_ID=Ubuntu > DISTRIB_RELEASE=16.04 > DISTRIB_CODENAME=xenial > DISTRIB_DESCRIPTION="Ubuntu 16.04.5 LTS" > root@ip-172-21-99-66:~# dpkg -l | grep openconnect > ii libopenconnect5:amd64 8.05-1~xenial1 > amd64 open client for Cisco AnyConnect, Pulse, G > lobalProtect VPN - shared library > ii network-manager-openconnect 1.2.0-1ubuntu0.16.04.1 > amd64 network management framework (OpenConnect > plugin) > ii openconnect 8.05-1~xenial1 > amd64 open client for Cisco AnyConnect, Pulse, G > lobalProtect VPN > root@ip-172-21-99-66:~# dpkg -l | grep network-manager-openconnect > ii network-manager-openconnect 1.2.0-1ubuntu0.16.04.1 > amd64 network management framework (OpenConnect > plugin) > > --protocol=nc > ----- > openconnect --protocol=nc x.x.x.x -vvv > GET https://x.x.x.x/ > Attempting to connect to server x.x.x.x:443 > Connected tox.x.x.x:443 > SSL negotiation with x.x.x.x > Server certificate verify failed: signer not found > > Certificate from VPN server "x.x.x.x" failed verification. > Reason: signer not found > To trust this server in future, perhaps add this to your command line: > --servercert pin-sha256:ZovfsMIDceLOSCZxZPx4ceHc26L3Ec+yQpQtJ541Pao= > Enter 'yes' to accept, 'no' to abort; anything else to view: Connected > to HTTPS on x.x.x.x > Got HTTP response: HTTP/1.1 301 Moved Permanently > Date: Tue, 07 Apr 2020 14:07:09 GMT > Server: Embedthis-Appweb/3.2.3 > Cache-Control: max-age=5184000 > Expires: Fri, 17 Apr 2020 21:04:22 GMT > Content-Length: 284 > Content-Type: text/html > Connection: keep-alive > Keep-Alive: timeout=120, max=199 > Location: https://x.x.x.x/dynamic-vpn/index.php > HTTP body length: (284) > GET https://x.x.x.x/dynamic-vpn/index.php > Got HTTP response: HTTP/1.1 200 OK > Date: Tue, 07 Apr 2020 14:07:09 GMT > Server: Embedthis-Appweb/3.2.3 > Cache-Control: no-cache > ETag: "1cd1d0-417-57d84162" > Content-Type: text/html > Connection: keep-alive > Keep-Alive: timeout=120, max=198 > Last-Modified: Tue, 07 Apr 2020 14:07:09 GMT > Transfer-Encoding: chunked > HTTP body chunked (-2) > Failed to find or parse web form in login page > Failed to obtain WebVPN cookie > > --protocol=pulse > ------ > > openconnect --protocol=pulse x.x.x.x -vvv > Attempting to connect to server x.x.x.x:443 > Connected to x.x.x.x:443 > SSL negotiation with x.x.x.x > Server certificate verify failed: signer not found > > Certificate from VPN server "x.x.x.x" failed verification. > Reason: signer not found > To trust this server in future, perhaps add this to your command line: > --servercert pin-sha256:ZovfsMIDceLOSCZxZPx4ceHc26L3Ec+yQpQtJ541Pao= > Enter 'yes' to accept, 'no' to abort; anything else to view: yes > Connected to HTTPS on x.x.x.x > Got HTTP response: HTTP/1.1 301 Moved Permanently > Date: Tue, 07 Apr 2020 14:08:16 GMT > Server: Embedthis-Appweb/3.2.3 > Cache-Control: max-age=5184000 > Expires: Fri, 17 Apr 2020 21:05:29 GMT > Content-Length: 284 > Content-Type: text/html > Connection: keep-alive > Keep-Alive: timeout=120, max=199 > Location: https://x.x.x.x/dynamic-vpn/index.php > HTTP body length: (284) > Unexpected 301 result from server > Failed to obtain WebVPN cookie > > please help me to resolve this issue > > Kind regards, > Midhunlal.N.B. > > > On Tue, Apr 7, 2020 at 6:11 PM David Woodhouse <dwmw2@xxxxxxxxxxxxx> wrote: > > > > On Tue, 2020-04-07 at 17:05 +0530, Nb, Midhunlal wrote: > > > Hi, > > > please go through the below details > > > > > > > we are using juniper srx 345 firewall > > > > Junos version:15.1X49-D60.7 > > > > For VPN we are using pulse secure (windows: pulse 5.1.5(61437), > > > > MacBook:91.2(1181)) > > > > > > Now we need a VPN for LINUX (we are using UBUNTU OS) > > > > for Linux which pulse client version we need to use and which > > > > openconnect version I need to install in my Linux? > > > > Use the latest version of OpenConnect. For Ubuntu there is a PPA at > > https://launchpad.net/~dwmw2/+archive/ubuntu/openconnect > > > > > > > > which version (pulse version and open connect version)is compatible > > > > with srx and Linux? > > > > I need a configuration guide > > > > As it says in the documentation at > > http://www.infradead.org/openconnect/pulse.html you just need to try > > connecting to your existing server using --protocol=pulse. > > > > If that doesn't work, then also try --protocol=nc which is the older > > Juniper Network Connect protocol. Most Pulse servers still support that > > too. > > > > > > Any extra configuration (eg: self-signed certificate, key pair > > > > generation) needs in juniper firewall for Linux VPN? > > > > Are you asking me about the configuration of *your* VPN server? > > > > If you give me the root password for it perhaps I can answer those > > questions... ? > > > > > We are facing a lot of pressure due to this VPN issue in Linux.due to > > > work from home every user needs VPN connectivity in their Linux > > > machine. Please help on this issue. > > > > Have you actually *tried* pointing OpenConnect at the existing > > server...? _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
