Streisand: OpenWRT Openconnect client setup

Created on 6 Apr 2016  路  8Comments  路  Source: StreisandEffect/streisand

luci-proto-openconnect provides a GUI for setting up a openconnect client connect on OpenWRT. I'm trying to figure out the right parameters for it.

For the first page, I'm not sure how to get the server's SHA1 hash and the the "AuthGroup".

For the second page, I used openssl to convert my client.p12 file to the user certificate PEM and user private key PEM, but they're in the following format:

Bag Attributes
    localKeyID: XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX
    friendlyName: streisand-openconnect-XXX.XXX.XXX.XXX
subject=/OU=users/CN=XXX.XXX.XXX.XXX
issuer=/O=Streisand Effect Automated Signing, Inc./CN=Streisand
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----

Do I include the whole PEM file or just the

-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----

part?

areopenconnect kinclient kinquestion

All 8 comments

I didn't tried yet openconnect or shadowsocks (I will try both some day) if you want to use OpenVPN see this (I just posted it the step-by-step instructions tutorial):

https://github.com/jlund/streisand/issues/166#issuecomment-231841621

https://github.com/jlund/streisand/wiki/Setting-an-OpenWrt-Based-Router-as-OpenVPN-Client

I believe this question has been answered so I'm going to close this issue. Thanks!

There are docs in https://github.com/openwrt/packages/tree/master/net/openconnect
For Googlers :)
AuthGroup is DEFAULT
SHA1 is sha1 of your server public key

for googlers, you can use openssl to get the server's public key sha1 (replace HOSTNAME:PORT with your hostname and port), ie for vpn.example.com:443:

openssl s_client -connect vpn.example.com:443 -showcerts 2>/dev/null </dev/null | awk '/-----BEGIN/,/-----END/ { print $0 }' | openssl x509 -noout -fingerprint -sha1 | sed 's/Fingerprint=//' | sed 's/://g'

(thanks to testssl.sh for the commands)

i couldn't still.
hoping to get some guidelines.

I have solved it. See my blog https://www.jianshu.com/p/bcbd16a0cdc9

I have solved it. See my blog https://www.jianshu.com/p/bcbd16a0cdc9

hello,
Thanks for your guide link.

I'm using a striesand server on AWS ec2 instance, which has openconnect server installed.

i've tried to follow your steps but i don't see any traffic passing from OC-VPN interface.

I'm using streisand user and password

when i run below command it gives -ash:openssl: not found. But i installed opkg install openvpn-openssl already.

root@OpenWrt:~# openssl s_client -connect 157.x.x.x:x -showcer
ts 2>/dev/null </dev/null | awk '/-----BEGIN/,/-----END/ { print $0 }'
 | openssl x509 -noout -fingerprint -sha1 | sed 's/Fingerprint=//' | s
ed 's/://g'
-ash: openssl: not found

Please can you help me point what step i'm doing wrong?

Thanks in advance and appreciate your support.

@jacob210 your link returns 404 now

Was this page helpful?
0 / 5 - 0 ratings

Related issues

M-Razavi picture M-Razavi  路  5Comments

timXTM picture timXTM  路  6Comments

alphazo picture alphazo  路  5Comments

tomchiverton picture tomchiverton  路  6Comments

alphazo picture alphazo  路  5Comments