Ho OpenSuse 13.2 su un portatile HP Pavillon g6.
Sto cercando di collegarmi alla connessione VPN dell'Università di Pisa. Tutto quello che ti danno è un sito dove inserire nome utente e password, che poi ti reindirizza alla home page del VPN. Da qui si può navigare connessi con la VPN (in modo da accedere a siti a pagamento di cui l'università ha l'abbonamento) tramite il browser (viene aggiunta una stringa prima dell'URL del sito) oppure si può installare un client tramite i link che forniscono, in modo da rimanere collegati con la VPN anche chiudendo il browser (non si può creare una connessione VPN semplicemente dal gestore delle connessioni di KDE, perché non ho idea di quali siano il "gateway" e il "dominio NT"). Questa è la pagina:
Ora, il programma per Ubuntu o Debian è da escludere a priori.
Il programma per CentOS e RHEL l'ho provato. Viene installato regolarmente, ma quando lo faccio partire dall'icona carica per un po' e poi non succede nulla. Ho provato a farlo partire dal terminale con il comando
/usr/local/pulse/PulseClient.sh
e questo è l'output
/usr/local/pulse/PulseClient.sh: line 415: /home/lombres/.pulse_secure/pulse/PulseClient.log: File o directory non esistente /usr/local/pulse/PulseClient.sh: line 420: /home/lombres/.pulse_secure/pulse/PulseClient.log: File o directory non esistente /usr/local/pulse/PulseClient.sh: line 425: /home/lombres/.pulse_secure/pulse/PulseClient.log: File o directory non esistente root's password: sudo password sudo: yum: comando non trovato Failed to install dependencies.Please execute following command manually. yum install glibc.i686 nss.i686 zlib.i686
e sotto tutta la guida che inizia con "usage examples".
Ora, i primi 3 file .log probabilmente li posso creare? I problemi però sono questo "yum" (cos'è, un comando di CentOS corrispondente a zypper?) e l'intallazione di questi 3 pacchetti: glibc.i686, nss.i686 e zlib.i686. Su internet li trovo solo per Fedora (ma forse non sono nemmeno gli stessi). E anche se si riuscisse a installare tutto, funzionerebbe?
ALTRA OPZIONE: OpenConnect
Il programma è nelle repository di Opensuse e quindi me lo sono scaricato. Seguendo i semplici comandi trovati qui e qui (non sono sicuro che si usi il protocollo Juniper, l'università non fornisce alcuna informazione su questo, quindi ho provato sia con che senza), ma i risultati sono questi:
openconnect https://vpn.unipi.it/dana-na/auth/url_default/welcome.cgi Absolute path to 'openconnect' is '/usr/sbin/openconnect', so running it may require superuser privileges (eg. root). lombres@linux-pvr6:~> sudo openconnect https://vpn.unipi.it/dana-na/auth/url_default/welcome.cgi root's password: POST https://vpn.unipi.it/dana-na/auth/url_default/welcome.cgi Attempting to connect to server 131.114.186.12:443 SSL negotiation with vpn.unipi.it Connected to HTTPS on vpn.unipi.it XML response has no "auth" node GET https://vpn.unipi.it/dana-na/auth/url_default/welcome.cgi Attempting to connect to server 131.114.186.12:443 SSL negotiation with vpn.unipi.it Connected to HTTPS on vpn.unipi.it XML response has no "auth" node Failed to obtain WebVPN cookie lombres@linux-pvr6:~> sudo openconnect https://vpn.unipi.it/ POST https://vpn.unipi.it/ Attempting to connect to server 131.114.186.12:443 SSL negotiation with vpn.unipi.it Connected to HTTPS on vpn.unipi.it Got HTTP response: HTTP/1.1 302 Found GET https://vpn.unipi.it/ Attempting to connect to server 131.114.186.12:443 SSL negotiation with vpn.unipi.it Connected to HTTPS on vpn.unipi.it Got HTTP response: HTTP/1.1 302 Found GET https://vpn.unipi.it/dana-na/auth/url_default/welcome.cgi SSL negotiation with vpn.unipi.it Connected to HTTPS on vpn.unipi.it XML response has no "auth" node Failed to obtain WebVPN cookie lombres@linux-pvr6:~> openconnect --juniper https://vpn.unipi.it/dana-na/auth/url_default/welcome.cgi Absolute path to 'openconnect' is '/usr/sbin/openconnect', so running it may require superuser privileges (eg. root). lombres@linux-pvr6:~> sudo openconnect https://vpn.unipi.it/dana-na/auth/url_default/welcome.cgi POST https://vpn.unipi.it/dana-na/auth/url_default/welcome.cgi Attempting to connect to server 131.114.186.12:443 SSL negotiation with vpn.unipi.it Connected to HTTPS on vpn.unipi.it XML response has no "auth" node GET https://vpn.unipi.it/dana-na/auth/url_default/welcome.cgi Attempting to connect to server 131.114.186.12:443 SSL negotiation with vpn.unipi.it Connected to HTTPS on vpn.unipi.it XML response has no "auth" node Failed to obtain WebVPN cookie lombres@linux-pvr6:~> sudo openconnect --juniper https://vpn.unipi.it/ openconnect: opzione non riconosciuta "--juniper" Usage: openconnect [options] <server> Open client for Cisco AnyConnect VPN, version v6.00 Using GnuTLS. Features present: PKCS#11, RSA software token, DTLS --config=CONFIGFILE Read options from config file -b, --background Continue in background after startup --pid-file=PIDFILE Write the daemon's PID to this file -c, --certificate=CERT Use SSL client certificate CERT -e, --cert-expire-warning=DAYS Warn when certificate lifetime < DAYS -k, --sslkey=KEY Use SSL private key file KEY -C, --cookie=COOKIE Use WebVPN cookie COOKIE --cookie-on-stdin Read cookie from standard input -d, --deflate Enable compression (default) -D, --no-deflate Disable compression --force-dpd=INTERVAL Set minimum Dead Peer Detection interval -g, --usergroup=GROUP Set login usergroup -h, --help Display help text -i, --interface=IFNAME Use IFNAME for tunnel interface -l, --syslog Use syslog for progress messages --timestamp Prepend timestamp to progress messages -U, --setuid=USER Drop privileges after connecting --csd-user=USER Drop privileges during CSD execution --csd-wrapper=SCRIPT Run SCRIPT instead of CSD binary -m, --mtu=MTU Request MTU from server --base-mtu=MTU Indicate path MTU to/from server -p, --key-password=PASS Set key passphrase or TPM SRK PIN --key-password-from-fsid Key passphrase is fsid of file system -P, --proxy=URL Set proxy server --proxy-auth=METHODS Set proxy authentication methods --no-proxy Disable proxy --libproxy Use libproxy to automatically configure proxy --pfs Require perfect forward secrecy -q, --quiet Less output -Q, --queue-len=LEN Set packet queue limit to LEN pkts -s, --script=SCRIPT Shell command line for using a vpnc-compatible config script default: "/etc/vpnc/vpnc-script" -S, --script-tun Pass traffic to 'script' program, not tun -u, --user=NAME Set login username -V, --version Report version number -v, --verbose More output --dump-http-traffic Dump HTTP authentication traffic (implies --verbose -x, --xmlconfig=CONFIG XML config file --authgroup=GROUP Choose authentication login selection --authenticate Authenticate only and print login info --cookieonly Fetch webvpn cookie only; don't connect --printcookie Print webvpn cookie before connecting --cafile=FILE Cert file for server verification --disable-ipv6 Do not ask for IPv6 connectivity --dtls-ciphers=LIST OpenSSL ciphers to support for DTLS --no-dtls Disable DTLS --no-http-keepalive Disable HTTP connection re-use --no-passwd Disable password/SecurID authentication --no-cert-check Do not require server SSL cert to be valid --no-xmlpost Do not attempt XML POST authentication --non-inter Do not expect user input; exit if it is required --passwd-on-stdin Read password from standard input --token-mode=MODE Software token type: rsa, totp or hotp --token-secret=STRING Software token secret (NOTE: liboath (TOTP,HOTP) disabled in this build) --reconnect-timeout Connection retry timeout in seconds --servercert=FINGERPRINT Server's certificate SHA1 fingerprint --useragent=STRING HTTP header User-Agent: field --os=STRING OS type (linux,linux-64,win,...) to report --dtls-local-port=PORT Set local port for DTLS datagrams For assistance with OpenConnect, please see the web page at http://www.infradead.org/openconnect/mail.html lombres@linux-pvr6:~> sudo openconnect --juniper https://vpn.unipi.it/ openconnect: opzione non riconosciuta "--juniper" Usage: openconnect [options] <server> Open client for Cisco AnyConnect VPN, version v6.00 Using GnuTLS. Features present: PKCS#11, RSA software token, DTLS --config=CONFIGFILE Read options from config file -b, --background Continue in background after startup --pid-file=PIDFILE Write the daemon's PID to this file -c, --certificate=CERT Use SSL client certificate CERT -e, --cert-expire-warning=DAYS Warn when certificate lifetime < DAYS -k, --sslkey=KEY Use SSL private key file KEY -C, --cookie=COOKIE Use WebVPN cookie COOKIE --cookie-on-stdin Read cookie from standard input -d, --deflate Enable compression (default) -D, --no-deflate Disable compression --force-dpd=INTERVAL Set minimum Dead Peer Detection interval -g, --usergroup=GROUP Set login usergroup -h, --help Display help text -i, --interface=IFNAME Use IFNAME for tunnel interface -l, --syslog Use syslog for progress messages --timestamp Prepend timestamp to progress messages -U, --setuid=USER Drop privileges after connecting --csd-user=USER Drop privileges during CSD execution --csd-wrapper=SCRIPT Run SCRIPT instead of CSD binary -m, --mtu=MTU Request MTU from server --base-mtu=MTU Indicate path MTU to/from server -p, --key-password=PASS Set key passphrase or TPM SRK PIN --key-password-from-fsid Key passphrase is fsid of file system -P, --proxy=URL Set proxy server --proxy-auth=METHODS Set proxy authentication methods --no-proxy Disable proxy --libproxy Use libproxy to automatically configure proxy --pfs Require perfect forward secrecy -q, --quiet Less output -Q, --queue-len=LEN Set packet queue limit to LEN pkts -s, --script=SCRIPT Shell command line for using a vpnc-compatible config script default: "/etc/vpnc/vpnc-script" -S, --script-tun Pass traffic to 'script' program, not tun -u, --user=NAME Set login username -V, --version Report version number -v, --verbose More output --dump-http-traffic Dump HTTP authentication traffic (implies --verbose -x, --xmlconfig=CONFIG XML config file --authgroup=GROUP Choose authentication login selection --authenticate Authenticate only and print login info --cookieonly Fetch webvpn cookie only; don't connect --printcookie Print webvpn cookie before connecting --cafile=FILE Cert file for server verification --disable-ipv6 Do not ask for IPv6 connectivity --dtls-ciphers=LIST OpenSSL ciphers to support for DTLS --no-dtls Disable DTLS --no-http-keepalive Disable HTTP connection re-use --no-passwd Disable password/SecurID authentication --no-cert-check Do not require server SSL cert to be valid --no-xmlpost Do not attempt XML POST authentication --non-inter Do not expect user input; exit if it is required --passwd-on-stdin Read password from standard input --token-mode=MODE Software token type: rsa, totp or hotp --token-secret=STRING Software token secret (NOTE: liboath (TOTP,HOTP) disabled in this build) --reconnect-timeout Connection retry timeout in seconds --servercert=FINGERPRINT Server's certificate SHA1 fingerprint --useragent=STRING HTTP header User-Agent: field --os=STRING OS type (linux,linux-64,win,...) to report --dtls-local-port=PORT Set local port for DTLS datagrams For assistance with OpenConnect, please see the web page at http://www.infradead.org/openconnect/mail.html lombres@linux-pvr6:~>
con il Juniper ho provato perché il link dal sito dell'università porta proprio alla pagina che spiega come usarlo, anziché alla home del sito di OpenConnect, però non sembra proprio funzionare.
Non so che fare, bisogna trovare il modo di far funzionare OpenConnect o Pulse. A meno che non valga la pena di provare anche l'ultimo programma consigliato, Network Connect per Linux a 32 bit (ma si può usare su un sistema a 64 bit?)
https://www.novell.com/it-it/documentation/sled10/pdfdoc/sled_connectivity/sled_connectivity.pdf
Vedi se ti può essere utile questa guida,non uso VPN,qualcuno che la usa si farà vivo.
ciao
SUSE Tumbleweed- kernel-5.18.6-1 kde-plasma-5.25.1.1.2 Intel Core i7 Asus P9x79 pro GeForce GTX 560-driver Nvidia-390.143-SSD samsung 850 pro 512 gb http://opensuse-community.org/