I don’t have good luck with UNC-Chapel Hill’s VPN installation guide for Linux systems (KB0010220, login required). After several tests with Cisco AnyConnect provided in the KB post, they all end up with the following message:
$ sudo /opt/cisco/anyconnect/bin/vpn connect vpn.unc.edu
>> error: The service provider in your current location is restricting access to the Internet. You need to log on with the service provider before you can establish a VPN session. You can try this by visiting any website with your browser.
Fortunately, we can use OpenConnect to replace AnyConnect on this. First, since the VPN is self-signed, we will need to trust it anyway, by obtaining the server certificate with the highlight line (--servercert ....
):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | $ openconnect vpn.unc.edu POST https://vpn.unc.edu/ Connected to 152.2.255.244:443 SSL negotiation with vpn.unc.edu Server certificate verify failed: signer not found Certificate from VPN server "vpn.unc.edu" failed verification. Reason: signer not found To trust this server in future, perhaps add this to your command line: --servercert pin-sha256:JqX8OOWTTFXN+l7HMShXFqmqwnkvy5g1sSpLhiExKdk= Enter 'yes' to accept, 'no' to abort; anything else to view: yes Connected to HTTPS on vpn.unc.edu with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-256-GCM) XML POST enabled Error: Server asked us to run CSD hostscan. You need to provide a suitable --csd-wrapper argument. Failed to complete authentication |
Then, we can connect to the VPN with the following command:
1 2 3 4 5 6 | # servercert could change, please replace with latest cert by above result. $ openconnect \ --csd-wrapper /usr/lib/openconnect/csd-post.sh \ --servercert "pin-sha256:JqX8OOWTTFXN+l7HMShXFqmqwnkvy5g1sSpLhiExKdk=" \ vpn.unc.edu |
With group UNCCampus
and your Onyen account name, password, and 2FA option (prefer push
). You may need sudo
for openconnect command if you received permission denied after all.
如果你覺得這篇文章不錯,歡迎打賞
BTH: 35QooNA82isrmQLmpEnqXpJoxeZmaPubPf
ETH:0x4cf61fea5EA842D202B85158d8b5e239C872De46