公司VPN的新证书,现在openconnect不起作用

因此,由于工作中的“升级”,我们获得了新的VPN证书。 它是自签名的,不再有效。 这是系统日志: 

openconnect[6002]: Connected to xxx:443 openconnect[6002]: SSL negotiation with xxx openconnect[6002]: Server certificate verify failed: signer not found openconnect[6002]: Connected to HTTPS on xxx openconnect[6002]: Got CONNECT response: HTTP/1.1 200 OK openconnect[6002]: CSTP connected. DPD 300, Keepalive 30 NetworkManager[1273]: Set up DTLS failed; using SSL instead openconnect[6002]: Connected as 192.168.0.160, using SSL openconnect[6002]: SIOCSIFMTU: Operation not permitted NetworkManager[1273]:  [1537565026.6078] vpn-connection[0x55ab83c186c0,a0614dc2-f483-4dc9-87d4-7b9ac4169d31,"company",0]: VPN connection: (IP Config Get) reply received. NetworkManager[1273]:  [1537565026.6106] vpn-connection[0x55ab83c186c0,a0614dc2-f483-4dc9-87d4-7b9ac4169d31,"company",7:(vpn0)]: VPN connection: (IP4 Config Get) reply received NetworkManager[1273]:  [1537565026.6107] vpn-connection[0x55ab83c186c0,a0614dc2-f483-4dc9-87d4-7b9ac4169d31,"company",7:(vpn0)]: invalid IP4 config received! NetworkManager[1273]:  [1537565026.6107] vpn-connection[0x55ab83c186c0,a0614dc2-f483-4dc9-87d4-7b9ac4169d31,"company",7:(vpn0)]: VPN connection: did not receive valid IP config information NetworkManager[1273]:  [1537565026.6129] vpn-connection[0x55ab83c186c0,a0614dc2-f483-4dc9-87d4-7b9ac4169d31,"company",0]: VPN plugin: state changed: started (4) NetworkManager[1273]:  [1537565026.6133] vpn-connection[0x55ab83c186c0,a0614dc2-f483-4dc9-87d4-7b9ac4169d31,"company",0]: VPN plugin: state changed: stopping (5) NetworkManager[1273]:  [1537565026.6134] vpn-connection[0x55ab83c186c0,a0614dc2-f483-4dc9-87d4-7b9ac4169d31,"company",0]: VPN plugin: state changed: stopped (6)

我看到签名者没有找到错误,但是它已经过了“收到的IP4配置无效!” 这里发生了什么,我该如何解决?

或者更好的是,告诉openconnect信任自签名证书。

连接时使用–servercert选项有一种解决方法:

在终端输入 

 sudo openconnect --protocol=gp

并得到消息: 

 Certificate from VPN server "serverhost" failed verification. Reason: signer not found To trust this server in future, perhaps add this to your command line: --servercert pin-sha256:serverfingerprint Enter 'sì' to accept, 'no' to abort; anything else to view:

然后最终在命令行选项中使用指纹: 

 openconnect --servercert=sha1:26cfbcdefg... [usual arguments]

要么 

 openconnect --servercert=sha256:a8cfbcdedeadbeefdeadbeeffg... [usual arguments]

来源https://github.com/dlenski/openconnect/issues/60

Interesting Posts

无法在14.04 LTS上连接到VPN

VPN连接失败,因为服务意外停止

Packet Tracer 7.1不会出现Ubuntu 16.04 LTS

Cisco AnyConnect VPN客户端的服务器证书问题

在Ubuntu 16.04中不再有AnyConnect兼容的vpn传输?

在Ubuntu 16.10上安装Cisco Packet Tracer 7

在没有组密码的情况下从Ubuntu 18.04连接到Cisco VPN

让openconnect vpn通过网络管理器工作

安装Cisco AnyConnect VPN客户端后无法连接到Internet

如何卸载PacketTracer