|
本文将介绍OpenConnect SSL VPN客户端的安装和使用并且连接到VPN Server,连接Cisco的AnyConnect SSL VPN和Juniper Pulse Connect Secure。OpenConnect是最初创建的SSL VPN客户端,用于支持Cisco的AnyConnect SSL VPN,然后它已被移植到支持Juniper SSL VPN,现在称为Pulse Connect Secure。
在Linux上安装OpenConnect SSL客户端 现在让我们看一下在Linux发行版上安装OpenConnect SSL Client的不同方法: 1、在Arch Linux上安装OpenConnect SSL客户端 对于Arch Linux用户及其派生发行版,你可以从官方Pacman存储库安装openconnect: sudo pacman -S openconnect 使用yaourt也可以这样做: syaourt -S openconnect 2、在Debian/Ubuntu上安装OpenConnect SSL客户端 对于Debian及其衍生产品,请使用apt包管理器安装openconnect包: sudo apt-get install openconnect 3、在CentOS/RHEL上安装OpenConnect SSL客户端 对于CentOS和RHEL,可以从epel存储库获得openconnect包,添加存储库,然后安装openconnect包: sudo yum install epel-release sudo yum install openconnect 4、在Fedora上安装OpenConnect SSL客户端 对于Fedora,该工具也可以从epel获得,只是包管理器的名称发生了变化: sudo dns install openconnect 5、在macOS上安装OpenConnect SSL客户端 对于macOS用户,请使用brew安装openconnect包 $ brew install openconnect
使用Openconnect连接到SSL VPN服务器(手动) 在操作系统上成功安装openconnect软件包后,你应该已准备好连接到SSL VPN服务器,即Cisco的AnyConnect SSL VPN和Juniper Pulse Connect Secure。 简单连接遵循以下syntax: $ sudo openconnect -u user --passwd-on-stdin vpnserver 系统将提示你输入密码,请参阅以下示例: $ sudo openconnect 192.168.1.1 POST https://192.168.1.1/ Connected to 192.168.1.1:443 SSL negotiation with 192.168.1.1 Enter 'yes' to accept, 'no' to abort; anything else to view: yes Connected to HTTPS on 192.168.1.1 Got HTTP response: HTTP/1.0 302 Object Moved GET https://192.168.1.1/ Connected to 192.168.1.1:443 SSL negotiation with 192.168.1.1 Server certificate verify failed: signer not found Connected to HTTPS on 192.168.1.1 Got HTTP response: HTTP/1.0 302 Object Moved GET https://192.168.1.1/+webvpn+/index.html SSL negotiation with 192.168.1.1 Connected to HTTPS on 192.168.1.1 Please enter your username and password. GROUP: [ANYCONNECT_PROFILE] Please enter your username and password. Username:jmutai Password: POST https://192.168.1.1/+webvpn+/index.html Got CONNECT response: HTTP/1.1 200 OK CSTP connected. DPD 30, Keepalive 20 Connected as 192.168.4.2, using SSL Established DTLS connection (using GnuTLS). Ciphersuite (DTLS0.9)-(DHE-RSA-4294967237)-(AES-256-CBC)-(SHA1).
使用Bash脚本使用Openconnect连接到SSL VPN服务器 我写了一个bash脚本来简化连接,以方便连接到Cisco Autoconnect SSL VPN服务器,根据你的shell将它放到~/.zshrc或~/.bashrc中: myvpn () { local vpn_server="vpnserver" local vpn_username="user" local vpn_password="password" # try connect while true; do retry_time=$(($(date +%s) + 30)) sudo openconnect \ -u $vpn_username $vpn_server --non-inter --passwd-on-stdin <<< "$vpn_password" current_time=`date +%s` if [ $current_time -lt retry_time ]; then sleep $(( $retry_time - $current_time )) fi done } 提供正确的变量并保存文件,现在,每次要连接到VPN(搭建VPN工具Algo,Streisand,OpenVPN,StrongSwan,SoftEther,WireGuard)时,请按名称调用该函数: $ myvpn
Juniper Pulse客户端 要连接到Pulse Connect Secure服务器,你需要知道其证书的SHA-1: # openconnect --servercert=sha1:<HASH> \ --authgroup="single-Factor Pulse Clients" \ --protocol=nc <VPN_SERVER_ADDRESS>/dana-na/auth/url_6/welcome.cgi \ --pid-file="/var/run/work-vpn.pid" --user=<USERNAME>
结语 以上就是在Linux和macOS上安装和使用OpenConnect SSL客户端的内容,实现起来也非常的容易。
相关主题 |
