AnyConnect vpn 始终尝试使用 SSL 连接,而不是IPsec即使它是在配置文件中设置的。
我有一个 anyconnect 实例,它运行着一些 vpn ( )(不是 IPsec),它运行得很好,我尝试为 anycconectother.vpn设置一个附加配置文件 ( ),其中设置为。我预计对于我的新连接,anyconnect 将使用 IPsec,但在我的 vpn 服务器(fortigate 60f)中,在 CLI 中,我可以看到它尝试使用端口 443 进行连接。anyconnectclient 显示以下消息:“您当前位置的服务提供商正在限制对互联网的访问。您需要使用服务提供商登录...”。my.serverPrimaryProtocolIPsec
在同一台机器上,我my.server为虚拟专用网络并且它运行完美,所以我的 vpn 服务器配置没有任何问题。
位于 /opt/cisco/anyconnect/profile 下的新且不起作用的配置文件如下所示:
<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
<ServerList>
<HostEntry>
<HostName>my.server</HostName>
<HostAddress>my.server</HostAddress>
<PrimaryProtocol>IPsec</PrimaryProtocol>
<UserGroup>MyUserGroup</UserGroup>
</HostEntry>
</ServerList>
</AnyConnectProfile>
以及我使用的另一个 VPN 服务器的连接配置文件
<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
<ClientInitialization>
<UseStartBeforeLogon UserControllable="true">false</UseStartBeforeLogon>
<AutomaticCertSelection UserControllable="true">false</AutomaticCertSelection>
<ShowPreConnectMessage>false</ShowPreConnectMessage>
<CertificateStore>All</CertificateStore>
<CertificateStoreMac>All</CertificateStoreMac>
<CertificateStoreOverride>false</CertificateStoreOverride>
<ProxySettings>Native</ProxySettings>
<AllowLocalProxyConnections>true</AllowLocalProxyConnections>
<AuthenticationTimeout>12</AuthenticationTimeout>
<AutoConnectOnStart UserControllable="true">false</AutoConnectOnStart>
<MinimizeOnConnect UserControllable="true">true</MinimizeOnConnect>
<LocalLanAccess UserControllable="true">true</LocalLanAccess>
<DisableCaptivePortalDetection UserControllable="true">false</DisableCaptivePortalDetection>
<ClearSmartcardPin UserControllable="false">true</ClearSmartcardPin>
<IPProtocolSupport>IPv4,IPv6</IPProtocolSupport>
<AutoReconnect UserControllable="false">true
<AutoReconnectBehavior UserControllable="false">ReconnectAfterResume</AutoReconnectBehavior>
</AutoReconnect>
<SuspendOnConnectedStandby>false</SuspendOnConnectedStandby>
<AutoUpdate UserControllable="false">true</AutoUpdate>
<RSASecurIDIntegration UserControllable="false">Automatic</RSASecurIDIntegration>
<WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement>
<LinuxLogonEnforcement>SingleLocalLogon</LinuxLogonEnforcement>
<WindowsVPNEstablishment>LocalUsersOnly</WindowsVPNEstablishment>
<LinuxVPNEstablishment>LocalUsersOnly</LinuxVPNEstablishment>
<AutomaticVPNPolicy>false</AutomaticVPNPolicy>
<PPPExclusion UserControllable="false">Disable
<PPPExclusionServerIP UserControllable="false"></PPPExclusionServerIP>
</PPPExclusion>
<EnableScripting UserControllable="false">false</EnableScripting>
<EnableAutomaticServerSelection UserControllable="false">false
<AutoServerSelectionImprovement>20</AutoServerSelectionImprovement>
<AutoServerSelectionSuspendTime>4</AutoServerSelectionSuspendTime>
</EnableAutomaticServerSelection>
<RetainVpnOnLogoff>false
</RetainVpnOnLogoff>
<CaptivePortalRemediationBrowserFailover>false</CaptivePortalRemediationBrowserFailover>
<AllowManualHostInput>true</AllowManualHostInput>
</ClientInitialization>
<ServerList>
<HostEntry>
<HostName>other.vpn</HostName>
<HostAddress>other.vpn</HostAddress>
<MobileHostEntryInfo>
<CertificatePolicy>Auto</CertificatePolicy>
<ConnectOnDemand>false</ConnectOnDemand>
<ActivateOnImport>false</ActivateOnImport>
</MobileHostEntryInfo>
</HostEntry>
</ServerList>
</AnyConnectProfile>
我还尝试暂时删除other.vpn连接并重新启动 vpnagent 以查看是否有影响,但结果相同。
非常感谢您的帮助。