OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: dstrobel on July 07, 2018, 09:48:07 pm

Title: OpenConnect with Wildcard Cert
Post by: dstrobel on July 07, 2018, 09:48:07 pm

Hello,

I am trying to use the OpenConnect plugin to connect to my ASAs at work. We currently have a wildcard cert. I know, bad idea but it wasn't my choice I just get to managed it. So I've been trying to get the openconnect plugin to work and it seemed to work for a while and now it won't connect at all. Nothing seems to be logged and I can't tell that the plugin is even trying to connect.

By chance I happened to reboot one of my opnsense boxes while watching the console. I saw an error fly by saying something about the openconnect host certificate not matching the connection name given. It looked like there was some suggestion about adding a certificate hash to the startup command.

So my question is, where's the config file and can I put arguments in it?

Thanks

Title: Re: OpenConnect with Wildcard Cert
Post by: mimugmail on July 07, 2018, 10:57:02 pm

I can try to add this to the plugin ...

Title: Re: OpenConnect with Wildcard Cert
Post by: mimugmail on July 08, 2018, 07:56:11 am

It will be added shortly:

https://github.com/opnsense/plugins/pull/723

Title: Re: OpenConnect with Wildcard Cert
Post by: dstrobel on July 08, 2018, 10:14:34 am

Thank you very much sir. Is there any way I can test for you?

Title: Re: OpenConnect with Wildcard Cert
Post by: mimugmail on July 08, 2018, 10:59:46 am

It works ;) when it's merged you can load the dev version

Title: Re: OpenConnect with Wildcard Cert
Post by: dstrobel on July 09, 2018, 07:08:33 pm

How do I load the dev version of just a plugin?

Title: Re: OpenConnect with Wildcard Cert
Post by: mimugmail on July 09, 2018, 09:16:08 pm

If you wait for 18.1.12 you can install via CLI: pkg install os-openconnect-devel

If you're in a real hurry, via CLI:

opnsense-code plugins
cd /usr/plugins/security/openconnect
make upgrade