Topics

1

General Discussion / Installing a CA Bundle

« on: February 17, 2022, 05:28:31 pm »

Are there any instructions for how to install a CA Bundle?  Is this imported under the Certificate Authority or do you import it as a normal certificate?  If certificate, how do I get the key? 

I get from namecheap a domain.ca file and a domain.ca-bundle and also a domain.p7b file.  When I go to import a certificate, it asks for the "Certificate data" and the "Private Key".  I'm just not sure what to do here and I can't find instructions.

2

Virtual private networks / Static route drops

« on: April 09, 2021, 06:31:48 pm »

I'm using an OpenConnect VPN that occasionally loses connectivity, which it is able to re-establish without issue.  However, I have a static route defined using that gateway for a system outside of the subnet.  When the VPN drops, the static route does not function when it comes back up.  I have to go to the Routes Configuration and hit Apply again - then all is well.  Some settings I've tried to use to resolve the problem "Interface can not be removed", "Disable Gateway Monitoring".. anything that might allow the route to stay in place.

Any suggestions on how to force this static route to stick around when the VPN / gateway / interface drops?  I'm having to reapply it multiple times a day.

3

19.7 Legacy Series / CA authority

« on: October 31, 2019, 09:12:14 pm »

Just wondering my creating a CA authority defaults to 1 year.  Just had my CA expire for all my VPN and I have to go through the process of creating a new one and sending out new client files to everyone.  1 year seems like a very short time for the CA.

4

19.1 Legacy Series / OpenConnect Startup - deletion failed for interface

« on: June 04, 2019, 11:56:40 pm »

I'm getting this error on startup, which appears to prevent OpenConnect from starting.  I have to start it manually.

kernel: ocvpn0: link state changed to DOWN
kernel: ifa_maintain_loopback_route: deletion failed for interface ocvpn0: 3
kernel: OK
kernel: tun30000: changing name to 'ocvpn0'
kernel: tun30000: link state changed to UP

5

19.1 Legacy Series / OpenConnect Issues

« on: May 28, 2019, 11:54:12 pm »

I have two OpenConnect issues.

1) The Certificate Hash will not accept my hash, but it works fine if I directly write it to the config.  The log is telling me what it wants (Server SSL certificate didn't match: pin-sha256:SD.....), but it gets reset upon reboot.  Here is the Certificate Hash (modified).

Code: [Select]

pin-sha256:SDqgu8gcbxiE487woYrZPslpdoib7+R4Xrgsj3vn8yA= (obfuscated)

2) When I do connect to the Cisco VPN, all my traffic is being routed through it, instead of just the VPN subnet.  The OpenConnect VPN is assuming the default route.  How can I fix this? 

6

19.1 Legacy Series / GRE Tunnel

« on: May 08, 2019, 03:06:28 pm »

Are there instructions on how to do a GRE tunnel with IPSEC?  I don't see the option.

7

General Discussion / Locked Out

« on: March 18, 2019, 04:54:49 pm »

Having some network issues and having to login via console, however, I can't.  When I log in as Root, it says Login incorrect.  I rebooted in Single User Mode, reset the root password, and same problem - Login Incorrect.

I do think I disabled the Root account via the web interface, but didn't think that would disable it at console.  And since none of the other admin user accounts have shell login, they just say "This account is currently not available".  I tried to edit the passwd file in single user mode to add the shell, but it seems to reset after it boots up. 

Please help - how can I get back in via the console?

8

19.1 Legacy Series / Fatal trap 12: page fault

« on: February 22, 2019, 08:58:01 pm »

It's a trap!  I'm able to focus on this error now.  When upgrading from 18.7.10_x to 19.1, it crashes the Dell Inspiron 3470.  I'm installing the base 18.7 with no configuration, no plugins - install and update.  I even updated to the latest Dell bios (1.5.11).  There is some sort of hardware incompatibility in the new kernel. Never had an issue prior to 19.1.

Fatal trap 12: Page fault while in kernel mode
...
Stopped at fpuinit+0x179: orb $0x10,ctx_switch_xsave+0x3

After the crash, I ran db> bt

Tracing pid 0 tid 0 td 0xffffffff8202d260
fpuinit() at fpuinit+0x189/frame 0xffffffff81c1fbd0
hammer_time() at hammer_time+0x11cb/frame 0xffffffff81c20070
btext() at btext+0x24

Here is a screenshot.