我有一个 openconnect VPN 可以正常工作,直到他们更改了证书。它是自签名的,我的系统日志如下所示:
NetworkManager[777]: <info> [1537936242.5306] settings-connection[0x55a6b75f3520,28292c55-ffbf-4639-bffb-369cc7196457]: write: successfully updated (keyfile: update /etc/NetworkManager/system-connections/VPN 1 (28292c55-ffbf-4639-bffb-369cc7196457,"VPN 1")), connection was modified in the process
NetworkManager[777]: <info> [1537936242.5353] vpn-connection[0x55a6b7806330,28292c55-ffbf-4639-bffb-369cc7196457,"VPN 1",0]: VPN connection: (ConnectInteractive) reply received
NetworkManager[777]: <info> [1537936242.5370] vpn-connection[0x55a6b7806330,28292c55-ffbf-4639-bffb-369cc7196457,"VPN 1",0]: VPN plugin: state changed: starting (3)
openconnect[9838]: Connected to 34.196.133.252:443
openconnect[9838]: SSL negotiation with 34.196.133.252
openconnect[9838]: Server certificate verify failed: signer not found
openconnect[9838]: Connected to HTTPS on 34.196.133.252
openconnect[9838]: Got CONNECT response: HTTP/1.1 200 OK
NetworkManager[777]: Set up DTLS failed; using SSL instead
openconnect[9838]: CSTP connected. DPD 300, Keepalive 30
openconnect[9838]: Connected as 192.168.0.173, using SSL
openconnect[9838]: SIOCSIFMTU: Operation not permitted
NetworkManager[777]: <info> [1537936242.8559] vpn-connection[0x55a6b7806330,28292c55-ffbf-4639-bffb-369cc7196457,"VPN 1",0]: VPN connection: (IP Config Get) reply received.
NetworkManager[777]: <info> [1537936242.8582] vpn-connection[0x55a6b7806330,28292c55-ffbf-4639-bffb-369cc7196457,"VPN 1",4:(vpn0)]: VPN connection: (IP4 Config Get) reply received
NetworkManager[777]: <warn> [1537936242.8583] vpn-connection[0x55a6b7806330,28292c55-ffbf-4639-bffb-369cc7196457,"VPN 1",4:(vpn0)]: invalid IP4 config received!
NetworkManager[777]: <warn> [1537936242.8584] vpn-connection[0x55a6b7806330,28292c55-ffbf-4639-bffb-369cc7196457,"VPN 1",4:(vpn0)]: VPN connection: did not receive valid IP config information
NetworkManager[777]: <info> [1537936242.8606] vpn-connection[0x55a6b7806330,28292c55-ffbf-4639-bffb-369cc7196457,"VPN 1",0]: VPN plugin: state changed: started (4)
NetworkManager[777]: <info> [1537936242.8608] vpn-connection[0x55a6b7806330,28292c55-ffbf-4639-bffb-369cc7196457,"VPN 1",0]: VPN plugin: state changed: stopping (5)
NetworkManager[777]: <info> [1537936242.8608] vpn-connection[0x55a6b7806330,28292c55-ffbf-4639-bffb-369cc7196457,"VPN 1",0]: VPN plugin: state changed: stopped (6)
现在我在这里发布了类似内容: 新证书 我按照给出的说明操作。但是,我安装了第三方 openconnect,尽管它可以工作,但它破坏了我的网络管理器(lib 依赖项有问题),它破坏了 Gnome GUI,而且我无法对其进行拆分隧道。所以我需要另一种方法。我能够使用以下命令进行连接:
sudo /usr/local/sbin/openconnect -u me --servercert pin-sha256:1eq6Zy8FGCoEabDB/RnGydqzRMi5TSOpBNAGxm1ivFg=
这样做是可行的,但对于发行版 oppenconnect 则不起作用。我怎样才能将 pin-sha256 简介转换为 .crt 或 .pem 或常规 openconnect 可以处理的文件?
更新 我可以使用 sudo 在命令行上连接:
sudo openconnect -u <name> <ip>
所以我猜测网络管理器没有以 root 身份运行。我该怎么做?