openconnect VPN 在 KDE NetworkManager 小部件中有效,但在命令行中无效

openconnect VPN 在 KDE NetworkManager 小部件中有效,但在命令行中无效

我需要在 Linux 上连接到 Cisco VPN,起初我使用 KDE NetworkManager Plasma 小部件来完成此操作。这很有效,如果我从 Network Manager 小部件中选择 VPN,我就可以连接到它。

但是,如果我尝试使用命令行,事情就不起作用了(IP 和 URL 已被更改以保护无辜者):

➜  ~  sudo openconnect --proxy http://proxy.mycompany.com:8080 vpn.mycompany.com:443 
POST https://vpn.mycompany.com/
Attempting to connect to proxy 172.17.122.135:8080
Requesting HTTP proxy connection to vpn.mycompany.com:443
Unexpected continuation line after CONNECT response: 'Via: 1.1 SPROXY2'
Unexpected continuation line after CONNECT response: 'X-WebMarshal-RequestID: 445D5E14-309A-4AA2-B7AF-07CAAD5BB21D'
SSL negotiation with vpn.mycompany.com
Server certificate verify failed: signer not found

Certificate from VPN server "vpn.mycompany.com" failed verification.
Reason: signer not found
Enter 'yes' to accept, 'no' to abort; anything else to view: yes
Connected to HTTPS on vpn.mycompany.com
Got HTTP response: HTTP/1.0 302 Object Moved
GET https://vpn.mycompany.com/
Attempting to connect to proxy 172.17.122.135:8080
Requesting HTTP proxy connection to vpn.mycompany.com:443
Unexpected continuation line after CONNECT response: 'Via: 1.1 SPROXY2'
Unexpected continuation line after CONNECT response: 'X-WebMarshal-RequestID: 39FA73DC-1FDD-4C4C-A1A6-5993477DD8E3'
SSL negotiation with vpn.mycompany.com
Server certificate verify failed: signer not found
Connected to HTTPS on vpn.mycompany.com
Got HTTP response: HTTP/1.0 302 Object Moved
GET https://vpn.mycompany.com/+webvpn+/index.html
Requesting HTTP proxy connection to vpn.mycompany.com:443
Unexpected continuation line after CONNECT response: 'Via: 1.1 SPROXY2'
Unexpected continuation line after CONNECT response: 'X-WebMarshal-RequestID: 0141A4E6-1EA7-4FAE-AFA0-E56B2BC07BD1'
SSL negotiation with vpn.mycompany.com
Server certificate verify failed: signer not found
Connected to HTTPS on vpn.mycompany.com
Please enter your username and password.
GROUP: [1..VPN|2..AD]:2
Auth choice "2" not valid
Failed to obtain WebVPN cookie
➜  ~  

系统提示我证书验证失败,然后提示我选择组,但一切都失败,并显示“身份验证选择“2”无效”。

我尝试了 openconnect 命令的不同选项。例如,使用 -g 指定组 -u 指定用户名和使用 --no-cert-check 跳过失败的证书检查,但都不起作用。

如您所见,我正在使用代理。这可能与此有关,但我不确定它(可能?)如何影响这一点。

我不明白 openconnect 如何通过 NetworkManager KDE 小部件工作,但在命令行上却失败。我是不是漏掉了什么?

答案1

你一定是在跟我开玩笑!!!

问题是,当我看到以下选项时:

Please enter your username and password.
GROUP: [1..VPN|2..AD]:

我选择了“2”并按下回车键!为了好玩,我甚至尝试输入“AD”而不是“2”,但仍然没有成功。

刚才我尝试输入“2..AD”...并且成功了!

令人难以置信的愚蠢“用户体验”!

相关内容