On Arch Linux.
School requiring use of a VPN. Installed OpenConnect, running it as
openconnect vpn.xyz.edu
I get the following output
POST https://vpn.xyz.edu/
Attempting to connect to server xxx.xxx.xxx.xxx
Connected to xxx.xxx.xxx.xxx
SSL negotiation with vpn.xyz.edu
Server certificate verify failed: signer not found
Certificate from VPN server "vpn.xyz.edu" failed verification.
Reason: signer not found
To trust this server in future, perhaps add this to your command line:
--servercert pin-sha256:QY6jkD6lYNKQPM+m7wVLb7mMp1TflU8x6lKD6ULD2gA=
Enter 'yes' to accept, 'no' to abort; anything else to view:
I try the command again with the --servercert pin appended
openconnect vpn.xyz.edu --servercert=pin-sha256:QY6jkD6lYNKQPM+m7wVLb7mMp1TflU8x6lKD6ULD2gA=
I get the following output
POST https://vpn.xyz.edu/
Attempting to connect to server xxx.xxx.xxx.xxx
Connected to xxx.xxx.xxx.xxx
SSL negotiation with vpn.xyz.edu
Server certificate verify failed: signer not found
Connected to HTTPS on vpn.xyz.edu with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-256-GCM)
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-store
Pragma: no-cache
Connection: Keep-Alive
Date: Sat, 12 Mar 2022 05:58:01 GMT
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'
X-Aggregate-Auth: 1
HTTP body chunked (-2)
XML response has no "auth" node
GET https://vpn.xyz.edu/
Attempting to connect to server xxx.xxx.xxx.xxx
Connected to xxx.xxx.xxx.xxx
SSL negotiation with vpn.xyz.edu
Server certificate verify failed: signer not found
Connected to HTTPS on vpn.xyz.edu with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-256-GCM)
Got HTTP response: HTTP/1.0 302 Object Moved
Content-Type: text/html; charset=utf-8
Content-Length: 0
Cache-Control: no-store
Pragma: no-cache
Connection: Close
Date: Sat, 12 Mar 2022 05:58:01 GMT
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'
Location: /+webvpn+/index.html
Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
HTTP body length: (0)
GET https://vpn.xyz.edu/+webvpn+/index.html
SSL negotiation with vpn.xyz.edu
Server certificate verify failed: signer not found
Connected to HTTPS on vpn.xyz.edu with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-256-GCM)
Got HTTP response: HTTP/1.1 200 OK
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: text/xml; charset=utf-8
Cache-Control: no-store
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpn_as=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=1; secure
X-Transcend-Version: 1
HTTP body chunked (-2)
Please enter your username and password.
Username:
I enter the username and password prompt
Please enter your username and password.
Username:johndoe
Password:
It seems to go through, but the Server certificate verify failed pops up again and it just re-prompts me for my username and password.
POST https://vpn.xyz.edu/
Attempting to connect to server xxx.xxx.xxx.xxx
Connected to xxx.xxx.xxx.xxx
SSL negotiation with vpn.xyz.edu
Server certificate verify failed: signer not found
Connected to HTTPS on vpn.xyz.edu with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-256-GCM)
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-store
Pragma: no-cache
Connection: Keep-Alive
Date: Sat, 12 Mar 2022 06:03:59 GMT
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'
X-Aggregate-Auth: 1
HTTP body chunked (-2)
XML response has no "auth" node
GET https://vpn.xyz.edu/
Attempting to connect to server xxx.xxx.xxx.xxx
Connected to xxx.xxx.xxx.xxx
SSL negotiation with vpn.xyz.edu
Server certificate verify failed: signer not found
Connected to HTTPS on vpn.xyz.edu with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-256-GCM)
Got HTTP response: HTTP/1.0 302 Object Moved
Content-Type: text/html; charset=utf-8
Content-Length: 0
Cache-Control: no-store
Pragma: no-cache
Connection: Close
Date: Sat, 12 Mar 2022 06:03:59 GMT
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'
Location: /+webvpn+/index.html
Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
HTTP body length: (0)
GET https://vpn.xyz.edu/+webvpn+/index.html
SSL negotiation with vpn.xyz.edu
Server certificate verify failed: signer not found
Connected to HTTPS on vpn.xyz.edu with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-256-GCM)
Got HTTP response: HTTP/1.1 200 OK
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: text/xml; charset=utf-8
Cache-Control: no-store
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpn_as=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=1; secure
X-Transcend-Version: 1
HTTP body chunked (-2)
Please enter your username and password.
Username:johndoe
Password:
POST https://vpn.xyz.edu/+webvpn+/index.html
Got HTTP response: HTTP/1.1 200 OK
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: text/xml; charset=utf-8
Cache-Control: no-store
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpn_as=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=1; secure
X-Transcend-Version: 1
HTTP body chunked (-2)
Please enter your username and password.
Username:
I enter my username and password again, and it repeats. Sometimes however it doesn't repeat, but just shows a POST request with no further output.
Please enter your username and password.
Username:johndoe
Password:
POST https://vpn.xyz.edu/+webvpn+/index.html
I tried googling the error, but the related threads haven't helped much as I'm new to VPNs and don't know how certification works, or what a "signer" is for that matter. Would appreciate any explanation.
Kernel: 5.16.13-arch1-1
Network Manager: iwd
Laptop Model: Asus M16 GU603
