linux client 使用 GlobalProtect VPN

這個問題卡了我超久,忠於找到方式可以解。

基於一些不爽的原因,開始需要用VPN連到特定機器,但是用的又是 GP,可能很厲害吧,但是,Linux User 就吃虧了。

首先他是有 Linux 的 Client,但是我無論怎麼搞 cert 就是過不去。

所以

有一天,apt-cach search global protect 看到

$ apt-cache search global connect
libopenconnect-dev - open client for Cisco AnyConnect, Pulse, GlobalProtect VPN - development files
libopenconnect5 - open client for Cisco AnyConnect, Pulse, GlobalProtect VPN - shared library
openconnect - open client for Cisco AnyConnect, Pulse, GlobalProtect VPN

想說,好像有機會,那就試試看吧

$ apt-get install openconnect

Google 搜尋一下文件,看到一個指令 openconnect --protocol=gp vpn.example.com

$ sudo openconnect --protocol=gp $想像的IP
[sudo] password for thomas: 
POST https://.../ssl-vpn/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Linux
Connected to ...:443
SSL negotiation with ...
Server certificate verify failed: insecure algorithm

Certificate from VPN server "...IP..." failed verification.
Reason: insecure algorithm
To trust this server in future, perhaps add this to your command line:
    --servercert *************************************************
Enter 'yes' to accept, 'no' to abort; anything else to view: 
Connected to HTTPS on *************
Enter login credentials
Username: *******
Password:
POST https://**********/ssl-vpn/login.esp
GlobalProtect login returned authentication-source=Local_Auth
POST https://*********/ssl-vpn/getconfig.esp
Tunnel timeout (rekey interval) is 180 minutes.
Idle timeout is 180 minutes.
No MTU received. Calculated for ESP tunnel
POST https://************/ssl-vpn/hipreportcheck.esp
Connected as 10.42.219.89, using SSL, with ESP in progress

就這樣成功,阿我這樣卡一年是白痴嘛

總之,使用 openconnect 就是了!

Comments