I want a Network Manager, VPN Client in Freebsd.

WantBSD

Member


Messages: 32

Hello,

I have a FreeBSD 12 PC with Gnome Desktop.

Currently i am connected using LAN.

I am decide to connect to a VPN. (Kerio, Cisco Connect, L2PP, PP2P)


$ ifconfig

Code:
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
    ether 94:de:80:8d:e5:7f
    inet 192.168.1.34 netmask 0xffffff00 broadcast 192.168.1.255
    media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
    inet 127.0.0.1 netmask 0xff000000
    groups: lo
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    ether 00:20:18:38:bf:f4
    media: Ethernet autoselect (10base2/BNC)
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>





$ cd pcbsd-utils-qt5/

$ make

Code:
===>  pcbsd-utils-qt5-1444236547_7 is marked as broken on FreeBSD 12.0: fails
to compile: netif.cpp: error: use of undeclared identifier 'IFM_FDDI'.
*** Error code 1
Stop.
make: stopped in /usr/ports/sysutils/pcbsd-utils-qt5




$ openconnect

Code:
No server specified
Usage:  openconnect [options] <server>

Open client for Cisco AnyConnect VPN, version v7.08-unknown

Using OpenSSL. Features present: TPM (OpenSSL ENGINE not present), HOTP software token, TOTP software token, DTLS
      --config=CONFIGFILE         Read options from config file
  -b, --background                Continue in background after startup
      --pid-file=PIDFILE          Write the daemon's PID to this file
  -c, --certificate=CERT          Use SSL client certificate CERT
  -e, --cert-expire-warning=DAYS  Warn when certificate lifetime < DAYS
  -k, --sslkey=KEY                Use SSL private key file KEY
  -C, --cookie=COOKIE             Use WebVPN cookie COOKIE
      --cookie-on-stdin           Read cookie from standard input
  -d, --deflate                   Enable compression (default)
  -D, --no-deflate                Disable compression
      --force-dpd=INTERVAL        Set minimum Dead Peer Detection interval
  -g, --usergroup=GROUP           Set login usergroup
  -h, --help                      Display help text
  -i, --interface=IFNAME          Use IFNAME for tunnel interface
  -l, --syslog                    Use syslog for progress messages
      --timestamp                 Prepend timestamp to progress messages
      --passtos                   copy TOS / TCLASS when using DTLS
  -U, --setuid=USER               Drop privileges after connecting
      --csd-user=USER             Drop privileges during CSD execution
      --csd-wrapper=SCRIPT        Run SCRIPT instead of CSD binary
  -m, --mtu=MTU                   Request MTU from server (legacy servers only)
      --base-mtu=MTU              Indicate path MTU to/from server
  -p, --key-password=PASS         Set key passphrase or TPM SRK PIN
      --key-password-from-fsid    Key passphrase is fsid of file system
  -P, --proxy=URL                 Set proxy server
      --proxy-auth=METHODS        Set proxy authentication methods
      --no-proxy                  Disable proxy
      --libproxy                  Use libproxy to automatically configure proxy
                                  (NOTE: libproxy disabled in this build)
      --pfs                       Require perfect forward secrecy
  -q, --quiet                     Less output
  -Q, --queue-len=LEN             Set packet queue limit to LEN pkts
  -s, --script=SCRIPT             Shell command line for using a vpnc-compatible config script
                                  default: "/usr/local/sbin/vpnc-script"
  -S, --script-tun                Pass traffic to 'script' program, not tun
  -u, --user=NAME                 Set login username
  -V, --version                   Report version number
  -v, --verbose                   More output
      --dump-http-traffic         Dump HTTP authentication traffic (implies --verbose
  -x, --xmlconfig=CONFIG          XML config file
      --authgroup=GROUP           Choose authentication login selection
      --authenticate              Authenticate only and print login info
      --cookieonly                Fetch webvpn cookie only; don't connect
      --printcookie               Print webvpn cookie before connecting
      --cafile=FILE               Cert file for server verification
      --disable-ipv6              Do not ask for IPv6 connectivity
      --dtls-ciphers=LIST         OpenSSL ciphers to support for DTLS
      --no-dtls                   Disable DTLS
      --no-http-keepalive         Disable HTTP connection re-use
      --no-passwd                 Disable password/SecurID authentication
      --no-cert-check             Do not require server SSL cert to be valid
      --no-system-trust           Disable default system certificate authorities
      --no-xmlpost                Do not attempt XML POST authentication
      --non-inter                 Do not expect user input; exit if it is required
      --passwd-on-stdin           Read password from standard input
      --token-mode=MODE           Software token type: rsa, totp or hotp
      --token-secret=STRING       Software token secret
                                  (NOTE: libstoken (RSA SecurID) disabled in this build)
                                  (NOTE: Yubikey OATH disabled in this build)
      --reconnect-timeout         Connection retry timeout in seconds
      --servercert=FINGERPRINT    Server's certificate SHA1 fingerprint
      --useragent=STRING          HTTP header User-Agent: field
      --local-hostname=STRING     Local hostname to advertise to server
      --resolve=HOST:IP           Use IP when connecting to HOST
      --os=STRING                 OS type (linux,linux-64,win,...) to report
      --dtls-local-port=PORT      Set local port for DTLS datagrams

For assistance with OpenConnect, please see the web page at
  http://www.infradead.org/openconnect/mail.html


$ mpd5

Code:
Multi-link PPP daemon for FreeBSD
process 8742 started, version 5.8 (root@120amd64-quarterly-job-15 02:54  8-Feb-2019)
CONSOLE: listening on 127.0.0.1 5005
web: listening on 0.0.0.0 5006
Usage: set ippool add {pool} {start} {end}
Usage: set ipcp ranges {self}[/{width}]|ippool {pool} {peer}[/{width}]|ippool {pool}
mpd.conf:25: Error in 'set ipcp dns <dns-server>': invalid IP address: '<dns-server>'
Usage: set pptp self {ip} [{port}]
PPTP: waiting for connection on 0.0.0.0 1723
[L] set pptp self sv20.***.com
[L] show pptp
Active PPTP tunnels:
[L] set pptp
Commands available under "set pptp":
self     : Set local IP address     peer     : Set remote IP address
callingnum: Set calling PPTP telephone number     callednum: Set called PPTP telephone number
enable   : Enable option            disable  : Disable option   
[L] set pptp self sv20.fitsrv.com
[L] set pptp enable





Who can guide me to connect to VPN server?
 

aragats

Daemon

Reaction score: 766
Messages: 1,664

I use this simple script which prompts for the password:
Code:
SERVER=secure.cyberreefsolutions.com
USERNAME=myuser
AUTHGROUP=CRS-CUST-RADIUS1
CERT=sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
IFACE=tun9

openconnect --interface=${IFACE} --authgroup=${AUTHGROUP} --user=${USERNAME} --servercert ${CERT} --passwd-on-stdin ${SERVER}
 
OP
W

WantBSD

Member


Messages: 32

I use this simple script which prompts for the password:
Code:
SERVER=secure.cyberreefsolutions.com
USERNAME=myuser
AUTHGROUP=CRS-CUST-RADIUS1
CERT=sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
IFACE=tun9

openconnect --interface=${IFACE} --authgroup=${AUTHGROUP} --user=${USERNAME} --servercert ${CERT} --passwd-on-stdin ${SERVER}


1. How can get the CERT of a server? (e.g: pp1.ilcvpn.info)


2. What is the AUTHGROUP value?
Code:
      --authgroup=GROUP           Choose authentication login selection
 

aragats

Daemon

Reaction score: 766
Messages: 1,664

If you run the same command without the certificate option, you'll get something like this:
Code:
Certificate from VPN server "secure.cyberreefsolutions.com" failed verification.
Reason: unable to get local issuer certificate
To trust this server in future, perhaps add this to your command line:
    --servercert pin-sha256:wS943fWqrkEzFyTON9Q90O+2aI7i3FPjgvaSHIq/5/4=
Enter 'yes' to accept, 'no' to abort; anything else to view:
So, then you can add this cert to he script to avoid such questions.
Regarding the AUTHGROUP: when I login via their web interface I get a drop-down with available groups, and I was told which one to use. I'm not sure how it's supposed to work in you case, maybe you don't need it at all.
scr-0401-111432.png
 
OP
W

WantBSD

Member


Messages: 32

If you run the same command without the certificate option, you'll get something like this:
Code:
Certificate from VPN server "secure.cyberreefsolutions.com" failed verification.
Reason: unable to get local issuer certificate
To trust this server in future, perhaps add this to your command line:
    --servercert pin-sha256:wS943fWqrkEzFyTON9Q90O+2aI7i3FPjgvaSHIq/5/4=
Enter 'yes' to accept, 'no' to abort; anything else to view:
So, then you can add this cert to he script to avoid such questions.
Regarding the AUTHGROUP: when I login via their web interface I get a drop-down with available groups, and I was told which one to use. I'm not sure how it's supposed to work in you case, maybe you don't need it at all.
View attachment 6319

Thanks you.

My VPN Information :

username: camel
password: camel
Cisco server: cs1.ilcvpn.info:510
cs2.ilcvpn.info:510
cs3.ilcvpn.info:510
cs4.ilcvpn.info:510

It works for you?


$ openconnect --interface=tun9 --user=camel --passwd-on-stdin cs2.ilcvpn.info:510
Code:
camel
POST https://cs2.ilcvpn.info:510/
Connected to 80.84.49.142:510
SSL negotiation with cs2.ilcvpn.info

$ ifconfig
Code:
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
    ether 94:de:80:8d:e5:7f
    inet 192.168.1.34 netmask 0xffffff00 broadcast 192.168.1.255
    media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
    inet 127.0.0.1 netmask 0xff000000
    groups: lo
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
 

aragats

Daemon

Reaction score: 766
Messages: 1,664

I don't think it's listening on port 510:
Code:
# openconnect --interface=tu9 --user=camel https://cs1.ilcvpn.info:510
POST https://cs1.ilcvpn.info:510/
Failed to connect to 80.84.49.140:510: Connection refused
Failed to connect to host cs1.ilcvpn.info
Failed to open HTTPS connection to cs1.ilcvpn.info
Failed to obtain WebVPN cookie
I ran nmap as well and it found no open port 510:
Code:
% nmap cs1.ilcvpn.info
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-01 15:13 MDT
Nmap scan report for cs1.ilcvpn.info (80.84.49.140)
Host is up (0.12s latency).
rDNS record for 80.84.49.140: 140-49-84-80.rackcentre.redstation.net.uk
Not shown: 990 closed ports
PORT     STATE    SERVICE
49/tcp   open     tacacs
53/tcp   open     domain
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
1028/tcp open     unknown
1032/tcp open     iad3
1723/tcp open     pptp
3389/tcp open     ms-wbt-server
9999/tcp open     abyss
 

aragats

Daemon

Reaction score: 766
Messages: 1,664

okay, cs3.ilcvpn.info works!
Code:
tun9: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1340
    options=80000<LINKSTATE>
    inet6 fe80::de4a:3eff:fe8c:1360%tun9 prefixlen 64 tentative scopeid 0x6
    inet 10.10.0.62 --> 10.10.0.62 netmask 0xffffffff
    groups: tun
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
    Opened by PID 55820
 
OP
W

WantBSD

Member


Messages: 32

okay, cs3.ilcvpn.info works!
Code:
tun9: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1340
    options=80000<LINKSTATE>
    inet6 fe80::de4a:3eff:fe8c:1360%tun9 prefixlen 64 tentative scopeid 0x6
    inet 10.10.0.62 --> 10.10.0.62 netmask 0xffffffff
    groups: tun
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
    Opened by PID 55820

openconnect display connected message, but my network connection not change. (my ip not change)
also it not display tun9 on my $ifconfig.
 
OP
W

WantBSD

Member


Messages: 32

I don't think it's listening on port 510:
Code:
# openconnect --interface=tu9 --user=camel https://cs1.ilcvpn.info:510
POST https://cs1.ilcvpn.info:510/
Failed to connect to 80.84.49.140:510: Connection refused
Failed to connect to host cs1.ilcvpn.info
Failed to open HTTPS connection to cs1.ilcvpn.info
Failed to obtain WebVPN cookie
I ran nmap as well and it found no open port 510:
Code:
% nmap cs1.ilcvpn.info
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-01 15:13 MDT
Nmap scan report for cs1.ilcvpn.info (80.84.49.140)
Host is up (0.12s latency).
rDNS record for 80.84.49.140: 140-49-84-80.rackcentre.redstation.net.uk
Not shown: 990 closed ports
PORT     STATE    SERVICE
49/tcp   open     tacacs
53/tcp   open     domain
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
1028/tcp open     unknown
1032/tcp open     iad3
1723/tcp open     pptp
3389/tcp open     ms-wbt-server
9999/tcp open     abyss

They said cs1 not works.
So we should use other servers. (cs2, cs3, cs4)
 
OP
W

WantBSD

Member


Messages: 32

okay, cs3.ilcvpn.info works!
Code:
tun9: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1340
    options=80000<LINKSTATE>
    inet6 fe80::de4a:3eff:fe8c:1360%tun9 prefixlen 64 tentative scopeid 0x6
    inet 10.10.0.62 --> 10.10.0.62 netmask 0xffffffff
    groups: tun
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
    Opened by PID 55820

It not display on my $ifconfig.

$ ifconfig
Code:
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
    ether 94:de:80:8d:e5:7f
    inet 192.168.1.34 netmask 0xffffff00 broadcast 192.168.1.255
    media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
    inet 127.0.0.1 netmask 0xff000000
    groups: lo
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
What I should do?
 
Last edited by a moderator:
OP
W

WantBSD

Member


Messages: 32

$ sudo openconnect --interface=tu9 --user=camel --passwd-on-stdin cs3.ilcvpn.info:510
Code:
camel
POST https://cs3.ilcvpn.info:510/
Connected to 69.175.34.157:510
SSL negotiation with cs3.ilcvpn.info
^CSSL connection cancelled
Failed to open HTTPS connection to cs3.ilcvpn.info
Failed to obtain WebVPN cookie

$ sudo openconnect --interface=tun9 --user=camel --passwd-on-stdin cs3.ilcvpn.info:510
Code:
camel
POST https://cs3.ilcvpn.info:510/
Connected to 69.175.34.157:510
SSL negotiation with cs3.ilcvpn.info

$ ifconfig
Code:
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
    ether 94:de:80:8d:e5:7f
    inet 192.168.1.34 netmask 0xffffff00 broadcast 192.168.1.255 
    media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128 
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 
    inet 127.0.0.1 netmask 0xff000000 
    groups: lo 
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
 
Last edited by a moderator:
OP
W

WantBSD

Member


Messages: 32

We should not use vpnc as a script in openconnect(8)?

$ openconnect --help
Code:
...
  -s, --script=SCRIPT             Shell command line for using a vpnc-compatible config script
                                  default: "/usr/local/sbin/vpnc-script"
...
 
Last edited by a moderator:
OP
W

WantBSD

Member


Messages: 32

$ sudo openconnect --interface=tu9 --user=camel --passwd-on-stdin cs3.ilcvpn.info:510

camel
POST https://cs3.ilcvpn.info:510/
Connected to 69.175.34.157:510
SSL negotiation with cs3.ilcvpn.info
^CSSL connection cancelled
Failed to open HTTPS connection to cs3.ilcvpn.info
Failed to obtain WebVPN cookie


$ sudo openconnect --interface=tun9 --user=camel --passwd-on-stdin cs3.ilcvpn.info:510

camel
POST https://cs3.ilcvpn.info:510/
Connected to 69.175.34.157:510
SSL negotiation with cs3.ilcvpn.info


$ ifconfig

re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
ether 94:de:80:8d:e5:7f
inet 192.168.1.34 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

i press $ reboot and again test it, i will back here...
 

aragats

Daemon

Reaction score: 766
Messages: 1,664

I just tried it again (using tun7 since I'm connected to my VPN using tun9):
Code:
$ sudo openconnect --interface=tun7 --user=camel cs3.ilcvpn.info:510
POST https://cs3.ilcvpn.info:510/
Connected to 69.175.34.157:510
SSL negotiation with cs3.ilcvpn.info
Server certificate verify failed: unable to get local issuer certificate

Certificate from VPN server "cs3.ilcvpn.info" failed verification.
Reason: unable to get local issuer certificate
To trust this server in future, perhaps add this to your command line:
    --servercert pin-sha256:hVi0yuYdOgpl4tLTsfseinznbgfzh3p0R64uWOWmq5c=
Enter 'yes' to accept, 'no' to abort; anything else to view: yes
Connected to HTTPS on cs3.ilcvpn.info
XML POST enabled
Please enter your username.
POST https://cs3.ilcvpn.info:510/auth
Please enter your password.
Password:
POST https://cs3.ilcvpn.info:510/auth
Got CONNECT response: HTTP/1.1 200 CONNECTED
CSTP connected. DPD 90, Keepalive 32400
Connected as 10.10.0.62, using SSL, with DTLS in progress
Established DTLS connection (using OpenSSL). Ciphersuite AES256-GCM-SHA384.
add host 69.175.34.157: gateway 172.28.0.1
add net 10.10.0.0: gateway 10.10.0.62
delete net default: gateway 172.28.0.1
add net default: gateway 10.10.0.62
Everything works as expected:
Code:
....
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    inet6 fe80::de4a:3eff:fe8c:1360%tun0 prefixlen 64 scopeid 0x5 
    inet 10.8.0.3 --> 10.8.0.1 netmask 0xffffff00 
    groups: tun 
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    Opened by PID 2368
tun9: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1322
    options=80000<LINKSTATE>
    inet6 fe80::de4a:3eff:fe8c:1360%tun9 prefixlen 64 tentative scopeid 0x6 
    inet 192.168.39.24 --> 192.168.39.24 netmask 0xffffffff 
    groups: tun 
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
    Opened by PID 65972
tun7: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1340
    options=80000<LINKSTATE>
    inet6 fe80::de4a:3eff:fe8c:1360%tun7 prefixlen 64 tentative scopeid 0x7 
    inet 10.10.0.62 --> 10.10.0.62 netmask 0xffffffff 
    groups: tun 
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
    Opened by PID 75840
 
OP
W

WantBSD

Member


Messages: 32

I press $ reboot and again test it, I will back here...

$ ifconfig
Code:
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
    ether 94:de:80:8d:e5:7f
    inet 192.168.1.34 netmask 0xffffff00 broadcast 192.168.1.255 
    media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128 
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 
    inet 127.0.0.1 netmask 0xff000000 
    groups: lo 
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>


$ sudo openconnect --interface=tun9 --user=camel --passwd-on-stdin cs3.ilcvpn.info:510
Code:
Password:
camel
POST https://cs3.ilcvpn.info:510/
Connected to 69.175.34.157:510
SSL negotiation with cs3.ilcvpn.info

It not display tun9 in the $ ifconfig.
 
Last edited by a moderator:
OP
W

WantBSD

Member


Messages: 32

$ sudo openconnect --interface=tun7 --user=camel cs3.ilcvpn.info:510
Code:
POST https://cs3.ilcvpn.info:510/
Connected to 69.175.34.157:510
SSL negotiation with cs3.ilcvpn.info
....
...
...
after some seconds...
SSL connection failure
Failed to open HTTPS connection to cs3.ilcvpn.info
Failed to obtain WebVPN cookie
 
Last edited by a moderator:

aragats

Daemon

Reaction score: 766
Messages: 1,664

Wait a minute... if you use --passwd-on-stdin it will be waiting infinitely, with that option you should echo your password and pipe it to the command. Do not use it now. It will prompt you to enter.
 
OP
W

WantBSD

Member


Messages: 32

Wait a minute... if you use --passwd-on-stdin it will be waiting infinitely, with that option you should echo your password and pipe it to the command. Do not use it now. It will prompt you to enter.
Yeah, its correct.


$ sudo openconnect --interface=tun7 --user=camel cs3.ilcvpn.info:510
Code:
POST https://cs3.ilcvpn.info:510/
Connected to 69.175.34.157:510
SSL negotiation with cs3.ilcvpn.info

It only display re0 and lo0 in the ifconfig(8).
 

Attachments

  • rc.conf
    784 bytes · Views: 144
Last edited by a moderator:

aragats

Daemon

Reaction score: 766
Messages: 1,664

Try creating a tunX interface manually:
Code:
# ifconfig tun create
tun1
# ifconfig tun1
tun1: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    groups: tun 
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
If you don't have any, it will be tun0. Then use that interface for the VPN.
 
OP
W

WantBSD

Member


Messages: 32

Try creating a tunX interface manually:
Code:
# ifconfig tun create
tun1
# ifconfig tun1
tun1: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    groups: tun
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
If you don't have any, it will be tun0. Then use that interface for the VPN.

Code:
root@Unix:/tmp/ # ifconfig tun create
tun0
root@Unix:/tmp/ # ifconfig tun1
ifconfig: interface tun1 does not exist
root@Unix:/tmp/ # ifconfig tun0
tun0: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    groups: tun 
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

It create the tun0.
-------

Code:
$ curl 'https://api.ipify.org?format=json'

{"ip":"31.56.89.79"}

This IP is not the Cisco IP.
 
Last edited by a moderator:
OP
W

WantBSD

Member


Messages: 32

# ifconfig
Code:
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
    ether 94:de:80:8d:e5:7f
    inet 192.168.1.34 netmask 0xffffff00 broadcast 192.168.1.255
    media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
    inet 127.0.0.1 netmask 0xff000000
    groups: lo
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
tun0: flags=8011<UP,POINTOPOINT,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    groups: tun
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

Why the tun0 information not change?

---------


I should enter this?
$ ifconfig tun0 up

how can enable it?
 
Last edited by a moderator:

aragats

Daemon

Reaction score: 766
Messages: 1,664

Your openconnect command should configure it properly:
Code:
$ sudo openconnect --interface=tun0 --user=camel cs3.ilcvpn.info:510
 
Top