luci-proto-openconnect provides a GUI for setting up a openconnect client connect on OpenWRT. I'm trying to figure out the right parameters for it.
For the first page, I'm not sure how to get the server's SHA1 hash and the the "AuthGroup".
For the second page, I used openssl to convert my client.p12 file to the user certificate PEM and user private key PEM, but they're in the following format:
Bag Attributes
localKeyID: XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
friendlyName: streisand-openconnect-XXX.XXX.XXX.XXX
subject=/OU=users/CN=XXX.XXX.XXX.XXX
issuer=/O=Streisand Effect Automated Signing, Inc./CN=Streisand
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
Do I include the whole PEM file or just the
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
part?
I didn't tried yet openconnect or shadowsocks (I will try both some day) if you want to use OpenVPN see this (I just posted it the step-by-step instructions tutorial):
https://github.com/jlund/streisand/issues/166#issuecomment-231841621
https://github.com/jlund/streisand/wiki/Setting-an-OpenWrt-Based-Router-as-OpenVPN-Client
I believe this question has been answered so I'm going to close this issue. Thanks!
There are docs in https://github.com/openwrt/packages/tree/master/net/openconnect
For Googlers :)
AuthGroup is DEFAULT
SHA1 is sha1 of your server public key
for googlers, you can use openssl to get the server's public key sha1 (replace HOSTNAME:PORT with your hostname and port), ie for vpn.example.com:443:
openssl s_client -connect vpn.example.com:443 -showcerts 2>/dev/null </dev/null | awk '/-----BEGIN/,/-----END/ { print $0 }' | openssl x509 -noout -fingerprint -sha1 | sed 's/Fingerprint=//' | sed 's/://g'
(thanks to testssl.sh for the commands)
i couldn't still.
hoping to get some guidelines.
I have solved it. See my blog https://www.jianshu.com/p/bcbd16a0cdc9
I have solved it. See my blog https://www.jianshu.com/p/bcbd16a0cdc9
hello,
Thanks for your guide link.
I'm using a striesand server on AWS ec2 instance, which has openconnect server installed.
i've tried to follow your steps but i don't see any traffic passing from OC-VPN interface.
I'm using streisand user and password
when i run below command it gives -ash:openssl: not found. But i installed opkg install openvpn-openssl already.
root@OpenWrt:~# openssl s_client -connect 157.x.x.x:x -showcer
ts 2>/dev/null </dev/null | awk '/-----BEGIN/,/-----END/ { print $0 }'
| openssl x509 -noout -fingerprint -sha1 | sed 's/Fingerprint=//' | s
ed 's/://g'
-ash: openssl: not found
Please can you help me point what step i'm doing wrong?
Thanks in advance and appreciate your support.
@jacob210 your link returns 404 now