mirror of https://github.com/opnsense/docs
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
45 lines
1.5 KiB
ReStructuredText
45 lines
1.5 KiB
ReStructuredText
6 years ago
|
=================
|
||
|
OpenConnect Setup
|
||
|
=================
|
||
|
|
||
|
------------
|
||
|
Introduction
|
||
|
------------
|
||
|
|
||
|
OpenConnect is a SSL VPN client initially created to support Cisco's AnyConnect SSL VPN.
|
||
|
It has since been ported to support the Juniper SSL VPN which is now known as Pulse Connect Secure.
|
||
|
Palo Altos Global Protect will also be supported in future and of course the own OpenConnect Server.
|
||
|
|
||
|
|
||
|
---------------------
|
||
|
Step 1 - Installation
|
||
|
---------------------
|
||
|
|
||
|
Go to **System->Firmware->Plugins->** and search for **os-openconnect**.
|
||
|
Install the plugin as usual, refresh and page and the you'll find the client via
|
||
|
**VPN->OpenConnect**.
|
||
|
|
||
|
--------------
|
||
|
Step 2 - Setup
|
||
|
--------------
|
||
|
|
||
|
The setup of the client is very simple. Just tick **Enable** and fill out **VPN Server**,
|
||
|
**Username** and **Password**. Be sure that the FQDN matches the name in the certificate
|
||
|
or you will receive an error. Also wildcard certificates can produce errors.
|
||
|
|
||
|
------------------------------
|
||
|
Step 3 - Troubleshoot problems
|
||
|
------------------------------
|
||
|
|
||
|
To troubleshoot connection problems it's best to login via CLI and start OpenConnect manually:
|
||
|
|
||
|
# /usr/local/etc/rc.d/opnsense-openconnect start
|
||
|
|
||
|
Look out for errors like
|
||
|
|
||
|
|
||
|
``To trust this server in future, perhaps add this to your command line: --servercert sha256:9f97a3395d18093a14f0d8e768dabee231af34d9ba35432dfe838d58dd633333``
|
||
|
|
||
|
Now the field **Certificate Hash** comes into play, so please insert the string above without
|
||
|
the hash size and set this one in field **Certificate Hash Type**.
|