linux client 使用 GlobalProtect VPN


基於一些不爽的原因,開始需要用VPN連到特定機器,但是用的又是 GP,可能很厲害吧,但是,Linux User 就吃虧了。

首先他是有 Linux 的 Client,但是我無論怎麼搞 cert 就是過不去。


有一天,apt-cach search global protect 看到

$ apt-cache search global connect
libopenconnect-dev - open client for Cisco AnyConnect, Pulse, GlobalProtect VPN - development files
libopenconnect5 - open client for Cisco AnyConnect, Pulse, GlobalProtect VPN - shared library
openconnect - open client for Cisco AnyConnect, Pulse, GlobalProtect VPN


$ apt-get install openconnect

Google 搜尋一下文件,看到一個指令 openconnect --protocol=gp

$ sudo openconnect --protocol=gp $想像的IP
[sudo] password for thomas: 
POST https://.../ssl-vpn/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Linux
Connected to ...:443
SSL negotiation with ...
Server certificate verify failed: insecure algorithm

Certificate from VPN server "...IP..." failed verification.
Reason: insecure algorithm
To trust this server in future, perhaps add this to your command line:
    --servercert *************************************************
Enter 'yes' to accept, 'no' to abort; anything else to view: 
Connected to HTTPS on *************
Enter login credentials
Username: *******
POST https://**********/ssl-vpn/login.esp
GlobalProtect login returned authentication-source=Local_Auth
POST https://*********/ssl-vpn/getconfig.esp
Tunnel timeout (rekey interval) is 180 minutes.
Idle timeout is 180 minutes.
No MTU received. Calculated for ESP tunnel
POST https://************/ssl-vpn/hipreportcheck.esp
Connected as, using SSL, with ESP in progress


總之,使用 openconnect 就是了!