I want a Network Manager, VPN Client in Freebsd.

WantBSD · Mar 31, 2019

Hello,

I have a FreeBSD 12 PC with Gnome Desktop.

Currently i am connected using LAN.

I am decide to connect to a VPN. (Kerio, Cisco Connect, L2PP, PP2P)

$ ifconfig

Code:

re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
    ether 94:de:80:8d:e5:7f
    inet 192.168.1.34 netmask 0xffffff00 broadcast 192.168.1.255
    media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
    inet 127.0.0.1 netmask 0xff000000
    groups: lo
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    ether 00:20:18:38:bf:f4
    media: Ethernet autoselect (10base2/BNC)
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

FreshPorts -- sysutils/pcbsd-utils-qt4: PC-BSD Qt4 Utilities

PC-BSD QT4 Utilities

www.freshports.org

$ cd pcbsd-utils-qt5/

$ make

Code:

===>  pcbsd-utils-qt5-1444236547_7 is marked as broken on FreeBSD 12.0: fails
to compile: netif.cpp: error: use of undeclared identifier 'IFM_FDDI'.
*** Error code 1
Stop.
make: stopped in /usr/ports/sysutils/pcbsd-utils-qt5

$ openconnect

Code:

No server specified
Usage:  openconnect [options] <server>

Open client for Cisco AnyConnect VPN, version v7.08-unknown

Using OpenSSL. Features present: TPM (OpenSSL ENGINE not present), HOTP software token, TOTP software token, DTLS
      --config=CONFIGFILE         Read options from config file
  -b, --background                Continue in background after startup
      --pid-file=PIDFILE          Write the daemon's PID to this file
  -c, --certificate=CERT          Use SSL client certificate CERT
  -e, --cert-expire-warning=DAYS  Warn when certificate lifetime < DAYS
  -k, --sslkey=KEY                Use SSL private key file KEY
  -C, --cookie=COOKIE             Use WebVPN cookie COOKIE
      --cookie-on-stdin           Read cookie from standard input
  -d, --deflate                   Enable compression (default)
  -D, --no-deflate                Disable compression
      --force-dpd=INTERVAL        Set minimum Dead Peer Detection interval
  -g, --usergroup=GROUP           Set login usergroup
  -h, --help                      Display help text
  -i, --interface=IFNAME          Use IFNAME for tunnel interface
  -l, --syslog                    Use syslog for progress messages
      --timestamp                 Prepend timestamp to progress messages
      --passtos                   copy TOS / TCLASS when using DTLS
  -U, --setuid=USER               Drop privileges after connecting
      --csd-user=USER             Drop privileges during CSD execution
      --csd-wrapper=SCRIPT        Run SCRIPT instead of CSD binary
  -m, --mtu=MTU                   Request MTU from server (legacy servers only)
      --base-mtu=MTU              Indicate path MTU to/from server
  -p, --key-password=PASS         Set key passphrase or TPM SRK PIN
      --key-password-from-fsid    Key passphrase is fsid of file system
  -P, --proxy=URL                 Set proxy server
      --proxy-auth=METHODS        Set proxy authentication methods
      --no-proxy                  Disable proxy
      --libproxy                  Use libproxy to automatically configure proxy
                                  (NOTE: libproxy disabled in this build)
      --pfs                       Require perfect forward secrecy
  -q, --quiet                     Less output
  -Q, --queue-len=LEN             Set packet queue limit to LEN pkts
  -s, --script=SCRIPT             Shell command line for using a vpnc-compatible config script
                                  default: "/usr/local/sbin/vpnc-script"
  -S, --script-tun                Pass traffic to 'script' program, not tun
  -u, --user=NAME                 Set login username
  -V, --version                   Report version number
  -v, --verbose                   More output
      --dump-http-traffic         Dump HTTP authentication traffic (implies --verbose
  -x, --xmlconfig=CONFIG          XML config file
      --authgroup=GROUP           Choose authentication login selection
      --authenticate              Authenticate only and print login info
      --cookieonly                Fetch webvpn cookie only; don't connect
      --printcookie               Print webvpn cookie before connecting
      --cafile=FILE               Cert file for server verification
      --disable-ipv6              Do not ask for IPv6 connectivity
      --dtls-ciphers=LIST         OpenSSL ciphers to support for DTLS
      --no-dtls                   Disable DTLS
      --no-http-keepalive         Disable HTTP connection re-use
      --no-passwd                 Disable password/SecurID authentication
      --no-cert-check             Do not require server SSL cert to be valid
      --no-system-trust           Disable default system certificate authorities
      --no-xmlpost                Do not attempt XML POST authentication
      --non-inter                 Do not expect user input; exit if it is required
      --passwd-on-stdin           Read password from standard input
      --token-mode=MODE           Software token type: rsa, totp or hotp
      --token-secret=STRING       Software token secret
                                  (NOTE: libstoken (RSA SecurID) disabled in this build)
                                  (NOTE: Yubikey OATH disabled in this build)
      --reconnect-timeout         Connection retry timeout in seconds
      --servercert=FINGERPRINT    Server's certificate SHA1 fingerprint
      --useragent=STRING          HTTP header User-Agent: field
      --local-hostname=STRING     Local hostname to advertise to server
      --resolve=HOST:IP           Use IP when connecting to HOST
      --os=STRING                 OS type (linux,linux-64,win,...) to report
      --dtls-local-port=PORT      Set local port for DTLS datagrams

For assistance with OpenConnect, please see the web page at
  http://www.infradead.org/openconnect/mail.html

$ mpd5

Code:

Multi-link PPP daemon for FreeBSD
process 8742 started, version 5.8 (root@120amd64-quarterly-job-15 02:54  8-Feb-2019)
CONSOLE: listening on 127.0.0.1 5005
web: listening on 0.0.0.0 5006
Usage: set ippool add {pool} {start} {end}
Usage: set ipcp ranges {self}[/{width}]|ippool {pool} {peer}[/{width}]|ippool {pool}
mpd.conf:25: Error in 'set ipcp dns <dns-server>': invalid IP address: '<dns-server>'
Usage: set pptp self {ip} [{port}]
PPTP: waiting for connection on 0.0.0.0 1723
[L] set pptp self sv20.***.com
[L] show pptp
Active PPTP tunnels:
[L] set pptp
Commands available under "set pptp":
self     : Set local IP address     peer     : Set remote IP address
callingnum: Set calling PPTP telephone number     callednum: Set called PPTP telephone number
enable   : Enable option            disable  : Disable option   
[L] set pptp self sv20.fitsrv.com
[L] set pptp enable

FreshPorts -- net-mgmt/networkmgr: FreeBSD/GhostBSD network connection manager

NetworkMgr is an open source, Network Manager based on the look of the Linux Network Manager user interface. It use ifconfig and netif if make all work.

www.freshports.org

Finally a Network Manager for FreeBSD!

Can someone port Networkmgr from GhostBSD? https://github.com/GhostBSD/networkmgr Some screenshots!

forums.freebsd.org

Who can guide me to connect to VPN server?

aragats · Apr 1, 2019

I use this simple script which prompts for the password:

Code:

SERVER=secure.cyberreefsolutions.com
USERNAME=myuser
AUTHGROUP=CRS-CUST-RADIUS1
CERT=sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
IFACE=tun9

openconnect --interface=${IFACE} --authgroup=${AUTHGROUP} --user=${USERNAME} --servercert ${CERT} --passwd-on-stdin ${SERVER}

WantBSD · Apr 1, 2019

aragats said:

I use this simple script which prompts for the password:

Code:

SERVER=secure.cyberreefsolutions.com
USERNAME=myuser
AUTHGROUP=CRS-CUST-RADIUS1
CERT=sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
IFACE=tun9

openconnect --interface=${IFACE} --authgroup=${AUTHGROUP} --user=${USERNAME} --servercert ${CERT} --passwd-on-stdin ${SERVER}

1. How can get the CERT of a server? (e.g: pp1.ilcvpn.info)

Using openssl to get the certificate from a server

I am trying to get the certificate of a remote server, which I can then use to add to my keystore and use within my Java application. A senior dev (who is on holidays :( ) informed me I can run this:

stackoverflow.com

How to save a remote server SSL certificate locally as a file

I need to download an SSL certificate of a remote server (not HTTPS, but the SSL handshake should be the same as Google Chrome / IE / wget and curl all give certificate check fail errors) and add the

superuser.com

2. What is the AUTHGROUP value?

Code:

      --authgroup=GROUP           Choose authentication login selection

aragats · Apr 1, 2019

If you run the same command without the certificate option, you'll get something like this:

Code:

Certificate from VPN server "secure.cyberreefsolutions.com" failed verification.
Reason: unable to get local issuer certificate
To trust this server in future, perhaps add this to your command line:
    --servercert pin-sha256:wS943fWqrkEzFyTON9Q90O+2aI7i3FPjgvaSHIq/5/4=
Enter 'yes' to accept, 'no' to abort; anything else to view:

So, then you can add this cert to he script to avoid such questions.
Regarding the AUTHGROUP: when I login via their web interface I get a drop-down with available groups, and I was told which one to use. I'm not sure how it's supposed to work in you case, maybe you don't need it at all.

WantBSD · Apr 1, 2019

aragats said:
If you run the same command without the certificate option, you'll get something like this:

Code:

Certificate from VPN server "secure.cyberreefsolutions.com" failed verification. Reason: unable to get local issuer certificate To trust this server in future, perhaps add this to your command line: --servercert pin-sha256:wS943fWqrkEzFyTON9Q90O+2aI7i3FPjgvaSHIq/5/4= Enter 'yes' to accept, 'no' to abort; anything else to view:

So, then you can add this cert to he script to avoid such questions.
Regarding the AUTHGROUP: when I login via their web interface I get a drop-down with available groups, and I was told which one to use. I'm not sure how it's supposed to work in you case, maybe you don't need it at all.
View attachment 6319

Thanks you.

My VPN Information :

username: camel
password: camel
Cisco server: cs1.ilcvpn.info:510
cs2.ilcvpn.info:510
cs3.ilcvpn.info:510
cs4.ilcvpn.info:510

It works for you?

$ openconnect --interface=tun9 --user=camel --passwd-on-stdin cs2.ilcvpn.info:510

Code:

camel
POST https://cs2.ilcvpn.info:510/
Connected to 80.84.49.142:510
SSL negotiation with cs2.ilcvpn.info

$ ifconfig

Code:

re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
    ether 94:de:80:8d:e5:7f
    inet 192.168.1.34 netmask 0xffffff00 broadcast 192.168.1.255
    media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
    inet 127.0.0.1 netmask 0xff000000
    groups: lo
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

aragats · Apr 1, 2019

I don't think it's listening on port 510:

Code:

# openconnect --interface=tu9 --user=camel https://cs1.ilcvpn.info:510
POST https://cs1.ilcvpn.info:510/
Failed to connect to 80.84.49.140:510: Connection refused
Failed to connect to host cs1.ilcvpn.info
Failed to open HTTPS connection to cs1.ilcvpn.info
Failed to obtain WebVPN cookie

I ran nmap as well and it found no open port 510:

Code:

% nmap cs1.ilcvpn.info
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-01 15:13 MDT
Nmap scan report for cs1.ilcvpn.info (80.84.49.140)
Host is up (0.12s latency).
rDNS record for 80.84.49.140: 140-49-84-80.rackcentre.redstation.net.uk
Not shown: 990 closed ports
PORT     STATE    SERVICE
49/tcp   open     tacacs
53/tcp   open     domain
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
1028/tcp open     unknown
1032/tcp open     iad3
1723/tcp open     pptp
3389/tcp open     ms-wbt-server
9999/tcp open     abyss

aragats · Apr 1, 2019

okay, cs3.ilcvpn.info works!

Code:

tun9: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1340
    options=80000<LINKSTATE>
    inet6 fe80::de4a:3eff:fe8c:1360%tun9 prefixlen 64 tentative scopeid 0x6
    inet 10.10.0.62 --> 10.10.0.62 netmask 0xffffffff
    groups: tun
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
    Opened by PID 55820

WantBSD · Apr 1, 2019

aragats said:

okay, cs3.ilcvpn.info works!

Code:

tun9: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1340
    options=80000<LINKSTATE>
    inet6 fe80::de4a:3eff:fe8c:1360%tun9 prefixlen 64 tentative scopeid 0x6
    inet 10.10.0.62 --> 10.10.0.62 netmask 0xffffffff
    groups: tun
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
    Opened by PID 55820

openconnect display connected message, but my network connection not change. (my ip not change)
also it not display tun9 on my $ifconfig.

WantBSD · Apr 1, 2019

aragats said:

I don't think it's listening on port 510:

Code:

# openconnect --interface=tu9 --user=camel https://cs1.ilcvpn.info:510
POST https://cs1.ilcvpn.info:510/
Failed to connect to 80.84.49.140:510: Connection refused
Failed to connect to host cs1.ilcvpn.info
Failed to open HTTPS connection to cs1.ilcvpn.info
Failed to obtain WebVPN cookie

I ran nmap as well and it found no open port 510:

Code:

% nmap cs1.ilcvpn.info
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-01 15:13 MDT
Nmap scan report for cs1.ilcvpn.info (80.84.49.140)
Host is up (0.12s latency).
rDNS record for 80.84.49.140: 140-49-84-80.rackcentre.redstation.net.uk
Not shown: 990 closed ports
PORT     STATE    SERVICE
49/tcp   open     tacacs
53/tcp   open     domain
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
1028/tcp open     unknown
1032/tcp open     iad3
1723/tcp open     pptp
3389/tcp open     ms-wbt-server
9999/tcp open     abyss

They said cs1 not works.
So we should use other servers. (cs2, cs3, cs4)

WantBSD · Apr 1, 2019

aragats said:

okay, cs3.ilcvpn.info works!

Code:

tun9: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1340
    options=80000<LINKSTATE>
    inet6 fe80::de4a:3eff:fe8c:1360%tun9 prefixlen 64 tentative scopeid 0x6
    inet 10.10.0.62 --> 10.10.0.62 netmask 0xffffffff
    groups: tun
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
    Opened by PID 55820

It not display on my $ifconfig.

$ ifconfig

Code:

re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
    ether 94:de:80:8d:e5:7f
    inet 192.168.1.34 netmask 0xffffff00 broadcast 192.168.1.255
    media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
    inet 127.0.0.1 netmask 0xff000000
    groups: lo
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

What I should do?

aragats · Apr 1, 2019

WantBSD said:
openconnect display connected message, but my network connection not change. (my ip not change)
also it not display tun9 on my $ifconfig.

That's strange. You should run openconnect as root.

WantBSD · Apr 1, 2019

aragats said:
That's strange. You should run openconnect as root.

ifconfig is same.

--------

--interface=tu9 or tun9?

WantBSD · Apr 1, 2019

$ sudo openconnect --interface=tu9 --user=camel --passwd-on-stdin cs3.ilcvpn.info:510

Code:

camel
POST https://cs3.ilcvpn.info:510/
Connected to 69.175.34.157:510
SSL negotiation with cs3.ilcvpn.info
^CSSL connection cancelled
Failed to open HTTPS connection to cs3.ilcvpn.info
Failed to obtain WebVPN cookie

$ sudo openconnect --interface=tun9 --user=camel --passwd-on-stdin cs3.ilcvpn.info:510

Code:

camel
POST https://cs3.ilcvpn.info:510/
Connected to 69.175.34.157:510
SSL negotiation with cs3.ilcvpn.info

$ ifconfig

Code:

re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
    ether 94:de:80:8d:e5:7f
    inet 192.168.1.34 netmask 0xffffff00 broadcast 192.168.1.255 
    media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128 
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 
    inet 127.0.0.1 netmask 0xff000000 
    groups: lo 
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

aragats · Apr 1, 2019

WantBSD said:
--interface=tu9 or tun9?

it should be tun9 (or whatever tunX), sorry, it was a typo in my message

WantBSD · Apr 1, 2019

We should not use vpnc as a script in openconnect(8)?

vpnc(8) - Linux man page

vpnc is a VPN client for the Cisco 3000 VPN Concentrator, creating a IPSec-like connection as a tunneling network device for the local system.

linux.die.net

$ openconnect --help

Code:

...
  -s, --script=SCRIPT             Shell command line for using a vpnc-compatible config script
                                  default: "/usr/local/sbin/vpnc-script"
...

WantBSD · Apr 1, 2019

WantBSD said:
$ sudo openconnect --interface=tu9 --user=camel --passwd-on-stdin cs3.ilcvpn.info:510
camel POST https://cs3.ilcvpn.info:510/ Connected to 69.175.34.157:510 SSL negotiation with cs3.ilcvpn.info ^CSSL connection cancelled Failed to open HTTPS connection to cs3.ilcvpn.info Failed to obtain WebVPN cookie

$ sudo openconnect --interface=tun9 --user=camel --passwd-on-stdin cs3.ilcvpn.info:510
camel POST https://cs3.ilcvpn.info:510/ Connected to 69.175.34.157:510 SSL negotiation with cs3.ilcvpn.info

$ ifconfig
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE> ether 94:de:80:8d:e5:7f inet 192.168.1.34 netmask 0xffffff00 broadcast 192.168.1.255 media: Ethernet autoselect (100baseTX <full-duplex>) status: active nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet 127.0.0.1 netmask 0xff000000 groups: lo nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

i press $ reboot and again test it, i will back here...

aragats · Apr 1, 2019

I just tried it again (using tun7 since I'm connected to my VPN using tun9):

Code:

$ sudo openconnect --interface=tun7 --user=camel cs3.ilcvpn.info:510
POST https://cs3.ilcvpn.info:510/
Connected to 69.175.34.157:510
SSL negotiation with cs3.ilcvpn.info
Server certificate verify failed: unable to get local issuer certificate

Certificate from VPN server "cs3.ilcvpn.info" failed verification.
Reason: unable to get local issuer certificate
To trust this server in future, perhaps add this to your command line:
    --servercert pin-sha256:hVi0yuYdOgpl4tLTsfseinznbgfzh3p0R64uWOWmq5c=
Enter 'yes' to accept, 'no' to abort; anything else to view: yes
Connected to HTTPS on cs3.ilcvpn.info
XML POST enabled
Please enter your username.
POST https://cs3.ilcvpn.info:510/auth
Please enter your password.
Password:
POST https://cs3.ilcvpn.info:510/auth
Got CONNECT response: HTTP/1.1 200 CONNECTED
CSTP connected. DPD 90, Keepalive 32400
Connected as 10.10.0.62, using SSL, with DTLS in progress
Established DTLS connection (using OpenSSL). Ciphersuite AES256-GCM-SHA384.
add host 69.175.34.157: gateway 172.28.0.1
add net 10.10.0.0: gateway 10.10.0.62
delete net default: gateway 172.28.0.1
add net default: gateway 10.10.0.62

Everything works as expected:

Code:

....
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    inet6 fe80::de4a:3eff:fe8c:1360%tun0 prefixlen 64 scopeid 0x5 
    inet 10.8.0.3 --> 10.8.0.1 netmask 0xffffff00 
    groups: tun 
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    Opened by PID 2368
tun9: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1322
    options=80000<LINKSTATE>
    inet6 fe80::de4a:3eff:fe8c:1360%tun9 prefixlen 64 tentative scopeid 0x6 
    inet 192.168.39.24 --> 192.168.39.24 netmask 0xffffffff 
    groups: tun 
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
    Opened by PID 65972
tun7: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1340
    options=80000<LINKSTATE>
    inet6 fe80::de4a:3eff:fe8c:1360%tun7 prefixlen 64 tentative scopeid 0x7 
    inet 10.10.0.62 --> 10.10.0.62 netmask 0xffffffff 
    groups: tun 
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
    Opened by PID 75840

WantBSD · Apr 1, 2019

WantBSD said:
I press $ reboot and again test it, I will back here...

$ ifconfig

Code:

re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
    ether 94:de:80:8d:e5:7f
    inet 192.168.1.34 netmask 0xffffff00 broadcast 192.168.1.255 
    media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128 
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 
    inet 127.0.0.1 netmask 0xff000000 
    groups: lo 
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

$ sudo openconnect --interface=tun9 --user=camel --passwd-on-stdin cs3.ilcvpn.info:510

Code:

Password:
camel
POST https://cs3.ilcvpn.info:510/
Connected to 69.175.34.157:510
SSL negotiation with cs3.ilcvpn.info

It not display tun9 in the $ ifconfig.

WantBSD · Apr 1, 2019

$ sudo openconnect --interface=tun7 --user=camel cs3.ilcvpn.info:510

Code:

POST https://cs3.ilcvpn.info:510/
Connected to 69.175.34.157:510
SSL negotiation with cs3.ilcvpn.info
....
...
...
after some seconds...
SSL connection failure
Failed to open HTTPS connection to cs3.ilcvpn.info
Failed to obtain WebVPN cookie

aragats · Apr 1, 2019

Wait a minute... if you use --passwd-on-stdin it will be waiting infinitely, with that option you should echo your password and pipe it to the command. Do not use it now. It will prompt you to enter.

WantBSD · Apr 1, 2019

aragats said:
Wait a minute... if you use --passwd-on-stdin it will be waiting infinitely, with that option you should echo your password and pipe it to the command. Do not use it now. It will prompt you to enter.

Yeah, its correct.

$ sudo openconnect --interface=tun7 --user=camel cs3.ilcvpn.info:510

Code:

POST https://cs3.ilcvpn.info:510/
Connected to 69.175.34.157:510
SSL negotiation with cs3.ilcvpn.info

It only display re0 and lo0 in the ifconfig(8).

aragats · Apr 1, 2019

Try creating a tunX interface manually:

Code:

# ifconfig tun create
tun1
# ifconfig tun1
tun1: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    groups: tun 
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

If you don't have any, it will be tun0. Then use that interface for the VPN.

WantBSD · Apr 1, 2019

aragats said:
Try creating a tunX interface manually:

Code:

# ifconfig tun create tun1 # ifconfig tun1 tun1: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500 options=80000<LINKSTATE> groups: tun nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

If you don't have any, it will be tun0. Then use that interface for the VPN.

Code:

root@Unix:/tmp/ # ifconfig tun create
tun0
root@Unix:/tmp/ # ifconfig tun1
ifconfig: interface tun1 does not exist
root@Unix:/tmp/ # ifconfig tun0
tun0: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    groups: tun 
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

It create the tun0.
-------

Code:

$ curl 'https://api.ipify.org?format=json'

{"ip":"31.56.89.79"}

This IP is not the Cisco IP.

WantBSD · Apr 1, 2019

# ifconfig

Code:

re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
    ether 94:de:80:8d:e5:7f
    inet 192.168.1.34 netmask 0xffffff00 broadcast 192.168.1.255
    media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
    inet 127.0.0.1 netmask 0xff000000
    groups: lo
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
tun0: flags=8011<UP,POINTOPOINT,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    groups: tun
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

Why the tun0 information not change?

---------

I should enter this?
$ ifconfig tun0 up

how can enable it?

aragats · Apr 1, 2019

Your openconnect command should configure it properly:

Code:

$ sudo openconnect --interface=tun0 --user=camel cs3.ilcvpn.info:510

I want a Network Manager, VPN Client in Freebsd.

Attachments