2015年6月7日

Debian Jessie SSL VPN Client

目的:在學校網域以外的地方連老師的鏡像站
不知從何時開始學校外沒辦法連到老師的鏡像站
# ping 120.117.72.71

PING 120.117.72.71 (120.117.72.71) 56(84) bytes of data.
^C
--- 120.117.72.71 ping statistics ---
84 packets transmitted, 0 received, 100% packet loss, time 83663ms
安裝openconnect
# apt-get install openconnect
正在讀取套件清單... 完成
正在重建相依關係        
正在讀取狀態資料... 完成
下列的額外套件將被安裝:
  liboath0 libopenconnect3 libstoken1 libtomcrypt0 libtommath0 vpnc-scripts
建議套件:
  dnsmasq resolvconf openssh-server
下列【新】套件將會被安裝:
  liboath0 libopenconnect3 libstoken1 libtomcrypt0 libtommath0 openconnect
  vpnc-scripts
升級 0 個,新安裝 7 個,移除 0 個,有 4 個未被升級。
需要下載 794 kB 的套件檔。
此操作完成之後,會多佔用 2,836 kB 的磁碟空間。
Do you want to continue? [Y/n]y
.
.
.
Processing triggers for man-db (2.7.0.2-5) ...
設定 liboath0 (2.4.1-1) ...
設定 libtommath0 (0.42.0-1.1) ...
設定 libtomcrypt0:amd64 (1.17-6) ...
設定 libstoken1:amd64 (0.6-1) ...
設定 libopenconnect3:amd64 (6.00-2) ...
設定 vpnc-scripts (0.1~git20140806-1) ...
設定 openconnect (6.00-2) ...
Processing triggers for libc-bin (2.19-18) ...

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

# openconnect https://vpn2.stust.edu.tw
POST https://vpn2.stust.edu.tw/
Attempting to connect to server 120.117.156.122:443
SSL negotiation with vpn2.stust.edu.tw
Server certificate verify failed: signer not found

Certificate from VPN server "vpn2.stust.edu.tw" failed verification.
Reason: signer not found
Enter 'yes' to accept, 'no' to abort; anything else to view: yes
Connected to HTTPS on vpn2.stust.edu.tw
XML POST enabled
GROUP: [SSL-VPN(Full-Tunnel)|SSL-VPN(Split-Tunnel)]:SSL-VPN(Split-Tunnel)
POST https://vpn2.stust.edu.tw/
XML POST enabled
Username:4a037052
Password:
POST https://vpn2.stust.edu.tw/
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 30, Keepalive 20
Connected tun0 as 10.18.250.63, using SSL
Established DTLS connection (using GnuTLS). Ciphersuite AES128-SHA.
# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 tun0
10.18.250.0     0.0.0.0         255.255.255.0   U     0      0        0 tun0
120.117.0.0     0.0.0.0         255.255.128.0   U     0      0        0 tun0
120.117.2.1     0.0.0.0         255.255.255.255 UH    0      0        0 tun0
120.117.2.2     0.0.0.0         255.255.255.255 UH    0      0        0 tun0
120.117.128.0   0.0.0.0         255.255.224.0   U     0      0        0 tun0
120.117.156.122 192.168.1.1     255.255.255.255 UGH   0      0        0 eth0
163.26.220.0    0.0.0.0         255.255.252.0   U     0      0        0 tun0
163.26.224.0    0.0.0.0         255.255.240.0   U     0      0        0 tun0
163.26.240.0    0.0.0.0         255.255.254.0   U     0      0        0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.10.0    0.0.0.0         255.255.255.0   U     0      0        0 tun0
192.168.11.0    0.0.0.0         255.255.255.0   U     0      0        0 tun0
192.168.12.0    0.0.0.0         255.255.255.0   U     0      0        0 tun0
192.168.13.0    0.0.0.0         255.255.255.0   U     0      0        0 tun0
192.168.14.0    0.0.0.0         255.255.255.0   U     0      0        0 tun0
203.68.160.0    0.0.0.0         255.255.252.0   U     0      0        0 tun0
203.68.164.0    0.0.0.0         255.255.255.0   U     0      0        0 tun0
# ping 120.117.72.71
PING 120.117.72.71 (120.117.72.71) 56(84) bytes of data.
64 bytes from 120.117.72.71: icmp_seq=1 ttl=60 time=22.1 ms
64 bytes from 120.117.72.71: icmp_seq=2 ttl=60 time=14.8 ms
^C
--- 120.117.72.71 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 14.869/18.514/22.159/3.645 ms

至於透過學校的VPN server再連老師的鏡像站速度會不會降很多,還沒測試。

Reference:
http://www.infradead.org/openconnect/manual.html
http://www.heitorlessa.com/connecting-your-linux-to-a-cisco-anyconnect-ssl-part-1/

沒有留言:

張貼留言

文章有誤或有問題麻煩您留言告知! 謝謝您~~