我正在尝试在VM和多个树莓派之间建立VPN。 VM是VPN服务器。
我需要使用不带密码的证书进行身份验证,因为在pi上引导操作系统时,它必须能够自动连接到VPN。
我使用easy-rsa-3生成证书,并带有nopass选项,它似乎工作得很好。
在台式机上进行测试时,请使用以下命令:
sudo openconnect https://vpn.mydomain.com/ --no-dtls -c client_01.p12
我知道
To trust this server in future, perhaps add this to your command line:
--servercert sha256:ac5f7da20ef6fd872488b10f7730a15b0b913c68d083bdb5db3931xxxxxxxxxxxxx
Enter 'yes' to accept, 'no' to abort; anything else to view:
将此参数添加到命令行时,它不需要任何输出即可工作。
这是日志,我有警告signer not found,但我不知道它们是否重要。
POST https://vpn.mydomain.com/
Connected to xx.xx.xx.xx:443
Using client certificate 'client_01'
SSL negotiation with vpn.mydomain.com
Server certificate verify failed: signer not found
Connected to HTTPS on vpn.mydomain.com
XML POST enabled
SSL negotiation with vpn.mydomain.com
Server certificate verify failed: signer not found
Connected to HTTPS on vpn.mydomain.com
Got CONNECT response: HTTP/1.1 200 CONNECTED
CSTP connected. DPD 90, Keepalive 32400
Connected as 192.168.23.3, using SSL
RTNETLINK answers: File exists
但是当我在树莓派上尝试相同的操作时,如果我输入yes作为问题的答案,它将连接:
Certificate from VPN server "vpn.mydomain.com" failed verification.
Reason: signer not found
Enter 'yes' to accept, 'no' to abort; anything else to view: yes
但是它并没有告诉我要添加--servercert参数
为什么行为不同,我该怎么办? 但是当我连接命令时:
sudo openconnect https://vpn.mydomain.com/ --no-dtls -c client_01.p12