Categories
iOS IPv6 Network OS X VPN 笔记

Ocserv IPv6

By @sskaje
Link: https://sskaje.me/2015/01/ocserv-ipv6/

I’m using AnyConnect both on iOS and OS X, you can read previously posted article on my blog: anyconnect, openconnect, ocserv.

You can find ipv6-network and ipv6-prefix in ocserv’s sample.config:

which means ocserv should be compatible with IPv6.
And, in AnyConnect for iOS, ipv6 can be found somewhere, seems ipv6 is also compatible here.

My VPN is hosted on Linode VPS. Linode provides free IPv6 address pool. Open a ticket and ask for an address pool, you’ll get your own pool routed to your VPS’s ipv6 address.
After that, set the ipv6-network and ipv6-prefix.

Ocserv 0.8.9 does not send correct headers to AnyConnect for iOS, but 0.9.0-dev does.
I can now get a correct ipv6 address on my iPhone but with no connectivity. As it’s said, X-CSTP-Split-Include/Exclude is not well handled by AnyConnect for IPv6 addresses.
After that, I tried the latest AnyConnect for OSX, you can download it here: http://dl.sskaje.me/anyconnect/4.0/4.0.00051/

IPv6 is also assigned to my MBP, also with route, but still not working.

Ocserv IPv6 by @sskaje: https://sskaje.me/2015/01/ocserv-ipv6/

Incoming search terms:

Categories
Linux OS X VPN Windows 操作系统相关

Cisco AnyConnect Clients 3.1.05170 download

By @sskaje
Link: https://sskaje.me/2014/06/cisco-anyconnect-clients-3-1-05170-download/

Available for OS X, Windows, Linux, but unfortunately I didn’t figure out how to use it with OpenConnect when using public key authentication.
OpenConnect Public Key Authentication
Open Connect Server Configuration (Working for iOS)
OpenConnect on Ubuntu

OCServ with AnyConnect on OSX

Download: http://dl.sskaje.me/anyconnect/

Cisco AnyConnect Clients 3.1.05170 download by @sskaje: https://sskaje.me/2014/06/cisco-anyconnect-clients-3-1-05170-download/

Incoming search terms:

Categories
iOS Linux VPN 操作系统相关

OpenConnect Public Key Authentication

By @sskaje
Link: https://sskaje.me/2014/06/openconnect-public-key-authentication/

Here are old articles about OpenConnect, the open source AnyConnect server:
OpenConnect on Ubuntu
Open Connect Server Configuration (Working for iOS)
Cisco AnyConnect Client for OS X/Windows/Linux (Version 3.1.05160)

This time, OCServ 0.80 on Ubuntu 14.04.
And still doesn’t work for OS X.

I was using password based authentication, but clients on iOS can not remember my password.
So now add some configurations based on “Open Connect Server Configuration (Working for iOS)“.

Create Client Certificates

Just follow the manual: http://www.infradead.org/ocserv/manual.html.
If you already have a CA based on openssl, I have another article: Generate Certificate with GnuTLS and Sign with OpenSSL.

Here is my user.tmpl:

After the pkcs12 is created like ‘Create Client Config’ in “iOS IPSec VPN Server on Ubuntu“, the mobileconfig should be also created.
Remember to leave the ‘Account‘ and ‘Group‘ BLANK in the VPN page.

Update config

Copy a new sample.config from source, edit it following Open Connect Server Configuration (Working for iOS)

Now comes the certificate authentication related changes:

auth

I tried to use both certificate and plain, but failed.
Just keep the certificate one.

server-cert & server-key

You can add your own certificate or get it somewhere like startssl.com.
I got my certificates from startssl.com, class 1, I got three files: ca.pem, sub.class1.server.ca.pem, and my own ssl.crt:

If you don’t make these three in a right order, you’ll see errors below in syslog:

The server-key I got from startssl is encrypted, decrypt it:

Encrypted private key would result:

ca-cert

This ca-cert is for CLIENT certificates!

cert-user-oid & cert-group-oid

Follow the comment:

cisco-client-compat

Enable this! Thanks to @simamy.

OpenConnect Public Key Authentication by @sskaje: https://sskaje.me/2014/06/openconnect-public-key-authentication/

Incoming search terms:

Categories
iOS OS X VPN 操作系统相关 杂七杂八

Open Connect Server Configuration (Working for iOS)

By @sskaje
Link: https://sskaje.me/2014/04/open-connect-server-configuration-working-ios/

Working for iOS only, but for OSX, (Cisco AnyConnect Client for OS X 3.1.05160), captive portal is detected.
‘Web Authentication Required’ and error log like

OpenConnect on Ubuntu
Generate Certificate with GnuTLS and Sign with OpenSSL

Open Connect Server Configuration (Working for iOS) by @sskaje: https://sskaje.me/2014/04/open-connect-server-configuration-working-ios/

Incoming search terms:

Categories
Linux OS X VPN 操作系统相关 杂七杂八

Cisco AnyConnect Client for OS X/Windows/Linux (Version 3.1.05160)

By @sskaje
Link: https://sskaje.me/2014/04/cisco-anyconnect-client/

You are not authorised to read all content in this post.

Please login…

Cisco AnyConnect Client for OS X/Windows/Linux (Version 3.1.05160) by @sskaje: https://sskaje.me/2014/04/cisco-anyconnect-client/