OpenConnect with Wildcard Cert

[dstrobel]

Hello,

I am trying to use the OpenConnect plugin to connect to my ASAs at work. We currently have a wildcard cert. I know, bad idea but it wasn't my choice I just get to managed it. So I've been trying to get the openconnect plugin to work and it seemed to work for a while and now it won't connect at all. Nothing seems to be logged and I can't tell that the plugin is even trying to connect.

By chance I happened to reboot one of my opnsense boxes while watching the console. I saw an error fly by saying something about the openconnect host certificate not matching the connection name given. It looked like there was some suggestion about adding a certificate hash to the startup command.

So my question is, where's the config file and can I put arguments in it?

Thanks

[mimugmail]

I can try to add this to the plugin ...

[mimugmail]

It will be added shortly:

https://github.com/opnsense/plugins/pull/723

[dstrobel]

Thank you very much sir. Is there any way I can test for you?

[mimugmail]

It works when it's merged you can load the dev version

[dstrobel]

How do I load the dev version of just a plugin?

[mimugmail]

If you wait for 18.1.12 you can install via CLI: pkg install os-openconnect-devel

If you're in a real hurry, via CLI:

opnsense-code plugins
cd /usr/plugins/security/openconnect
make upgrade