linux连接ocserv

###

1、在Linux上安装OpenConnect SSL客户端

1.1、在Arch Linux上安装OpenConnect SSL客户端

对于Arch Linux用户及其派生发行版，你可以从官方Pacman存储库安装openconnect：
sudo pacman -S openconnect

使用yaourt也可以这样做：
syaourt -S openconnect

 1.2、在Debian/Ubuntu上安装OpenConnect SSL客户端

对于Debian及其衍生产品，请使用apt包管理器安装openconnect包：
sudo apt-get install openconnect

1.3、在CentOS/RHEL上安装OpenConnect SSL客户端  

对于CentOS和RHEL，可以从epel存储库获得openconnect包，添加存储库，然后安装openconnect包： 
sudo yum install epel-release 
sudo yum install openconnect

1.4、在Fedora上安装OpenConnect SSL客户端

对于Fedora，该工具也可以从epel获得，只是包管理器的名称发生了变化：
sudo dns install openconnect

1.5、在macOS上安装OpenConnect SSL客户端

对于macOS用户，请使用brew安装openconnect包
$ brew install openconnect

2、使用Openconnect连接到SSL VPN服务器（手动）

在操作系统上成功安装openconnect软件包后，你应该已准备好连接到SSL VPN服务器，即Cisco的AnyConnect SSL VPN和Juniper Pulse Connect Secure。

简单连接遵循以下syntax：
$ sudo openconnect -u user --passwd-on-stdin vpnserveraddress

系统将提示你输入密码，请参阅以下示例：
$ sudo openconnect 192.168.1.1

POST https://192.168.1.1/
Connected to 192.168.1.1:443
SSL negotiation with 192.168.1.1
Enter 'yes' to accept, 'no' to abort; anything else to view: yes
Connected to HTTPS on 192.168.1.1
Got HTTP response: HTTP/1.0 302 Object Moved
GET https://192.168.1.1/
Connected to 192.168.1.1:443
SSL negotiation with 192.168.1.1
Server certificate verify failed: signer not found
Connected to HTTPS on 192.168.1.1
Got HTTP response: HTTP/1.0 302 Object Moved
GET https://192.168.1.1/+webvpn+/index.html
SSL negotiation with 192.168.1.1
Connected to HTTPS on 192.168.1.1
Please enter your username and password.
GROUP: [ANYCONNECT_PROFILE]
Please enter your username and password.
Username:jmutai
Password:
POST https://192.168.1.1/+webvpn+/index.html
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 30, Keepalive 20
Connected as 192.168.4.2, using SSL
Established DTLS connection (using GnuTLS). Ciphersuite (DTLS0.9)-(DHE-RSA-4294967237)-(AES-256-CBC)-(SHA1).

3、使用Bash脚本使用Openconnect连接到SSL VPN服务器

# vim login_ocserv_vpn.sh
function myvpn () {
  local vpn_server="vpnserverAddress"
  local vpn_username="user"
  local vpn_password="password"
  nohup openconnect -u $vpn_username $vpn_server --non-inter --passwd-on-stdin --servercert pin-sha256:UdCMae+E4wBsROAQxE7X0vdAB3ehURCO8QwjVnrlqf8= <<< "$vpn_password" & >/scripts/shell/login_ocserv_vpn/nohup.out
}

myvpn

4、Juniper Pulse客户端

要连接到Pulse Connect Secure服务器，你需要知道其证书的SHA-1：

# openconnect --servercert=sha1:<HASH> \

--authgroup="single-Factor Pulse Clients" \

--protocol=nc <VPN_SERVER_ADDRESS>/dana-na/auth/url_6/welcome.cgi \

--pid-file="/var/run/work-vpn.pid" --user=<USERNAME>

 

###