linux连接ocserv
###
1、在Linux上安装OpenConnect SSL客户端
1.1、在Arch Linux上安装OpenConnect SSL客户端
对于Arch Linux用户及其派生发行版,你可以从官方Pacman存储库安装openconnect: sudo pacman -S openconnect
使用yaourt也可以这样做: syaourt -S openconnect
1.2、在Debian/Ubuntu上安装OpenConnect SSL客户端
对于Debian及其衍生产品,请使用apt包管理器安装openconnect包: sudo apt-get install openconnect
1.3、在CentOS/RHEL上安装OpenConnect SSL客户端
对于CentOS和RHEL,可以从epel存储库获得openconnect包,添加存储库,然后安装openconnect包:
sudo yum install epel-release
sudo yum install openconnect
1.4、在Fedora上安装OpenConnect SSL客户端
对于Fedora,该工具也可以从epel获得,只是包管理器的名称发生了变化:
sudo dns install openconnect
1.5、在macOS上安装OpenConnect SSL客户端
对于macOS用户,请使用brew安装openconnect包
$ brew install openconnect
2、使用Openconnect连接到SSL VPN服务器(手动)
在操作系统上成功安装openconnect软件包后,你应该已准备好连接到SSL VPN服务器,即Cisco的AnyConnect SSL VPN和Juniper Pulse Connect Secure。 简单连接遵循以下syntax: $ sudo openconnect -u user --passwd-on-stdin vpnserveraddress 系统将提示你输入密码,请参阅以下示例: $ sudo openconnect 192.168.1.1 POST https://192.168.1.1/ Connected to 192.168.1.1:443 SSL negotiation with 192.168.1.1 Enter 'yes' to accept, 'no' to abort; anything else to view: yes Connected to HTTPS on 192.168.1.1 Got HTTP response: HTTP/1.0 302 Object Moved GET https://192.168.1.1/ Connected to 192.168.1.1:443 SSL negotiation with 192.168.1.1 Server certificate verify failed: signer not found Connected to HTTPS on 192.168.1.1 Got HTTP response: HTTP/1.0 302 Object Moved GET https://192.168.1.1/+webvpn+/index.html SSL negotiation with 192.168.1.1 Connected to HTTPS on 192.168.1.1 Please enter your username and password. GROUP: [ANYCONNECT_PROFILE] Please enter your username and password. Username:jmutai Password: POST https://192.168.1.1/+webvpn+/index.html Got CONNECT response: HTTP/1.1 200 OK CSTP connected. DPD 30, Keepalive 20 Connected as 192.168.4.2, using SSL Established DTLS connection (using GnuTLS). Ciphersuite (DTLS0.9)-(DHE-RSA-4294967237)-(AES-256-CBC)-(SHA1).
3、使用Bash脚本使用Openconnect连接到SSL VPN服务器
# vim login_ocserv_vpn.sh
function myvpn () { local vpn_server="vpnserverAddress" local vpn_username="user" local vpn_password="password" nohup openconnect -u $vpn_username $vpn_server --non-inter --passwd-on-stdin --servercert pin-sha256:UdCMae+E4wBsROAQxE7X0vdAB3ehURCO8QwjVnrlqf8= <<< "$vpn_password" & >/scripts/shell/login_ocserv_vpn/nohup.out }
myvpn
4、Juniper Pulse客户端
要连接到Pulse Connect Secure服务器,你需要知道其证书的SHA-1: # openconnect --servercert=sha1:<HASH> \ --authgroup="single-Factor Pulse Clients" \ --protocol=nc <VPN_SERVER_ADDRESS>/dana-na/auth/url_6/welcome.cgi \ --pid-file="/var/run/work-vpn.pid" --user=<USERNAME>
###