我正在尝试配置 debian 机器(bullseye)以使用 openfortivpn(版本 1.15.0-1)连接到客户 fortigate,我已经配置了另一个客户 fortigate 并且工作正常。我已经检查了用户名和密码(我在 Windows 机器上尝试过,我可以毫无问题地登录),我使用了选项 --trusted-cert 并且最终结果没有任何变化。下面是命令 openfortivpn -c configfile -vv 的输出:
DEBUG: openfortivpn 1.15.0
DEBUG: revision unavailable
DEBUG: Loaded config file "vpn".
DEBUG: Loaded password from config file "vpn"
DEBUG: Config host = "hostname"
DEBUG: Config realm = ""
DEBUG: Config port = "443"
DEBUG: Config username = "username"
DEBUG: Resolving gateway host ip
DEBUG: Establishing ssl connection
DEBUG: server_addr: xxx.xxx.xxx.xxx
DEBUG: server_port: 443
DEBUG: gateway_addr: xxx.xxx.xxx.xxx
DEBUG: gateway_port: 443
DEBUG: Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG: Setting minimum protocol version to: 0x303.
DEBUG: Gateway certificate validation failed.
DEBUG: Gateway certificate digest found in white list.
INFO: Connected to gateway.
DEBUG: http_send:
POST /remote/logincheck HTTP/1.1
Host: customer-host:443
User-Agent: Mozilla/5.0 SV1
Accept: */*
Accept-Encoding: gzip, deflate, br
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT
Content-Type: application/x-www-form-urlencoded
Cookie:
Content-Length: 60
username=sidretail&credential=****************&realm=&ajax=1
DEBUG: http_receive:
HTTP/1.1 405 Method Not Allowed
Date: Mon, 16 May 2022 10:51:24 GMT
Server: xxxxxxxx-xxxxx
Set-Cookie: SVPNCOOKIE=; path=/; expires=Sun, 11 Mar 1984 12:00:00 GMT; secure; httponly; SameSite=Strict;
Set-Cookie: SVPNNETWORKCOOKIE=; path=/remote/network; expires=Sun, 11 Mar 1984 12:00:00 GMT; secure; httponly; SameSite=Strict
Transfer-Encoding: chunked
Content-Type: text/html
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'; object-src 'self'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob:;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
698
<HTML>
<HEAD>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<link href="/sslvpn/css/ssl_style.css" rel="stylesheet" type="text/css">
<script type='text/javascript' src='/remote/fgt_lang?lang=en'></script>
</head>
<body class="main">
<table class="container" cellpadding="0" cellspacing="0">
<tr>
<td><table class="dialog" width=300 align="center" cellpadding="0" cellspacing="0">
<tr>
<td><table class="header" cellpadding="0" cellspacing="0">
<tr>
<td id="err_title"></td>
</tr>
</table></td>
</tr>
<script>document.getElementById('err_title').innerHTML=fgt_lang['error'];</script>
<tr>
<td class="body" height=100><table class="body"><tr><td id='err_val' title='405' align="center">
<script>
var errval_elem=document.getElementById('err_val');
var errval=errval_elem.getAttribute('title').split(',');
var err_str = fgt_lang[errval[0]];
if (err_str == undefined) {
errval_elem.innerHTML = "some unknown error!<br>";
} else { if (errval.length == 2) {
err_str = encodeURIComponent(err_str.replace("%d", errval[1]));
err_str = err_str.replace(/%20/g, " "); }
errval_elem.innerHTML = err_str;
}
</script></td></tr></table></td>
</tr>
<tr><td>
<table class="footer" cellpadding="0" cellspacing="0">
<tr><td>
<input id="ok_button" type="button" value="" onclick="chkbrowser()" style="width:80px">
</td></tr>
</table>
</td></tr>
</table>
</body>
<script language = "javascript">
document.getElementById('ok_button').value=fgt_lang['ok'];
function chkbrowser() {
if (window.location.pathname == "/remote/login")
window.location.reload();
else
window.location.href = "/remote/login";}
</script>
</html>
0
ERROR: Could not authenticate to gateway. Please check the password, client certificate, etc.
DEBUG: HTTP status code 405
INFO: Closed connection to gateway.
DEBUG: server_addr: xxx.xxx.xxx.xxx
DEBUG: server_port: 443
DEBUG: gateway_addr: xxx.xxx.xxx.xxx
DEBUG: gateway_port: 443
DEBUG: Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG: Setting minimum protocol version to: 0x303.
DEBUG: Gateway certificate validation failed.
DEBUG: Gateway certificate digest found in white list.
DEBUG: http_send:
GET /remote/logout HTTP/1.1
Host: customer-host:443
User-Agent: Mozilla/5.0 SV1
Accept: */*
Accept-Encoding: gzip, deflate, br
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT
Content-Type: application/x-www-form-urlencoded
Cookie:
Content-Length: 0
DEBUG: http_receive:
HTTP/1.1 200 OK
Date: Mon, 16 May 2022 10:51:24 GMT
Server: xxxxxxxx-xxxxx
Set-Cookie: SVPNCOOKIE=; path=/; expires=Sun, 11 Mar 1984 12:00:00 GMT; secure; httponly; SameSite=Strict;
Set-Cookie: SVPNNETWORKCOOKIE=; path=/remote/network; expires=Sun, 11 Mar 1984 12:00:00 GMT; secure; httponly; SameSite=Strict
Content-Length: 162
Content-Type: text/html; charset=utf-8
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'; object-src 'self'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob:;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
<html><head><script>function fgt_sslvpn_logout() {window.location.href ='/remote/login';}</script></head><body><script>fgt_sslvpn_logout();</script></body></html>
INFO: Logged out.
提前致谢。
答案1
看起来邮寄方式在 dem-hq.fortidyndns.com:443/remote/logincheck 上不允许,因此您无法进行身份验证!