From c19c22fb3794d7d185afdde0882bfd3a5defa4cf Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 16 Jul 2018 08:14:02 +0200 Subject: [PATCH] openconnect howto (#34) --- source/manual/how-tos/openconnect.rst | 44 +++++++++++++++++++++++++++ source/manual/vpnet.rst | 3 ++ 2 files changed, 47 insertions(+) create mode 100644 source/manual/how-tos/openconnect.rst diff --git a/source/manual/how-tos/openconnect.rst b/source/manual/how-tos/openconnect.rst new file mode 100644 index 00000000..abfc0a15 --- /dev/null +++ b/source/manual/how-tos/openconnect.rst @@ -0,0 +1,44 @@ +================= +OpenConnect Setup +================= + +------------ +Introduction +------------ + +OpenConnect is a SSL VPN client initially created to support Cisco's AnyConnect SSL VPN. +It has since been ported to support the Juniper SSL VPN which is now known as Pulse Connect Secure. +Palo Altos Global Protect will also be supported in future and of course the own OpenConnect Server. + + +--------------------- +Step 1 - Installation +--------------------- + +Go to **System->Firmware->Plugins->** and search for **os-openconnect**. +Install the plugin as usual, refresh and page and the you'll find the client via +**VPN->OpenConnect**. + +-------------- +Step 2 - Setup +-------------- + +The setup of the client is very simple. Just tick **Enable** and fill out **VPN Server**, +**Username** and **Password**. Be sure that the FQDN matches the name in the certificate +or you will receive an error. Also wildcard certificates can produce errors. + +------------------------------ +Step 3 - Troubleshoot problems +------------------------------ + +To troubleshoot connection problems it's best to login via CLI and start OpenConnect manually: + +# /usr/local/etc/rc.d/opnsense-openconnect start + +Look out for errors like + + +``To trust this server in future, perhaps add this to your command line: --servercert sha256:9f97a3395d18093a14f0d8e768dabee231af34d9ba35432dfe838d58dd633333`` + +Now the field **Certificate Hash** comes into play, so please insert the string above without +the hash size and set this one in field **Certificate Hash Type**. diff --git a/source/manual/vpnet.rst b/source/manual/vpnet.rst index 088d2317..2cc667d1 100644 --- a/source/manual/vpnet.rst +++ b/source/manual/vpnet.rst @@ -78,6 +78,9 @@ OpenVPN/SSL Site-to-Site ------------------------ :doc:`how-tos/sslvpn_s2s` +OpenConnect Client +------------------ +:doc:`how-tos/openconnect` Zerotier --------