# I want a Network Manager, VPN Client in Freebsd.



## WantBSD (Mar 31, 2019)

Hello,

I have a  FreeBSD 12 PC with Gnome Desktop.

Currently i am connected using LAN.

I am decide to connect to a VPN. (Kerio, Cisco Connect, L2PP, PP2P)


*$ ifconfig*


```
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
    ether 94:de:80:8d:e5:7f
    inet 192.168.1.34 netmask 0xffffff00 broadcast 192.168.1.255
    media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
    inet 127.0.0.1 netmask 0xff000000
    groups: lo
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    ether 00:20:18:38:bf:f4
    media: Ethernet autoselect (10base2/BNC)
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
```









						FreshPorts -- sysutils/pcbsd-utils-qt4: PC-BSD Qt4 Utilities
					

PC-BSD QT4 Utilities




					www.freshports.org
				




$ cd pcbsd-utils-qt5/

$ make


```
===>  pcbsd-utils-qt5-1444236547_7 is marked as broken on FreeBSD 12.0: fails
to compile: netif.cpp: error: use of undeclared identifier 'IFM_FDDI'.
*** Error code 1
Stop.
make: stopped in /usr/ports/sysutils/pcbsd-utils-qt5
```




$ openconnect


```
No server specified
Usage:  openconnect [options] <server>

Open client for Cisco AnyConnect VPN, version v7.08-unknown

Using OpenSSL. Features present: TPM (OpenSSL ENGINE not present), HOTP software token, TOTP software token, DTLS
      --config=CONFIGFILE         Read options from config file
  -b, --background                Continue in background after startup
      --pid-file=PIDFILE          Write the daemon's PID to this file
  -c, --certificate=CERT          Use SSL client certificate CERT
  -e, --cert-expire-warning=DAYS  Warn when certificate lifetime < DAYS
  -k, --sslkey=KEY                Use SSL private key file KEY
  -C, --cookie=COOKIE             Use WebVPN cookie COOKIE
      --cookie-on-stdin           Read cookie from standard input
  -d, --deflate                   Enable compression (default)
  -D, --no-deflate                Disable compression
      --force-dpd=INTERVAL        Set minimum Dead Peer Detection interval
  -g, --usergroup=GROUP           Set login usergroup
  -h, --help                      Display help text
  -i, --interface=IFNAME          Use IFNAME for tunnel interface
  -l, --syslog                    Use syslog for progress messages
      --timestamp                 Prepend timestamp to progress messages
      --passtos                   copy TOS / TCLASS when using DTLS
  -U, --setuid=USER               Drop privileges after connecting
      --csd-user=USER             Drop privileges during CSD execution
      --csd-wrapper=SCRIPT        Run SCRIPT instead of CSD binary
  -m, --mtu=MTU                   Request MTU from server (legacy servers only)
      --base-mtu=MTU              Indicate path MTU to/from server
  -p, --key-password=PASS         Set key passphrase or TPM SRK PIN
      --key-password-from-fsid    Key passphrase is fsid of file system
  -P, --proxy=URL                 Set proxy server
      --proxy-auth=METHODS        Set proxy authentication methods
      --no-proxy                  Disable proxy
      --libproxy                  Use libproxy to automatically configure proxy
                                  (NOTE: libproxy disabled in this build)
      --pfs                       Require perfect forward secrecy
  -q, --quiet                     Less output
  -Q, --queue-len=LEN             Set packet queue limit to LEN pkts
  -s, --script=SCRIPT             Shell command line for using a vpnc-compatible config script
                                  default: "/usr/local/sbin/vpnc-script"
  -S, --script-tun                Pass traffic to 'script' program, not tun
  -u, --user=NAME                 Set login username
  -V, --version                   Report version number
  -v, --verbose                   More output
      --dump-http-traffic         Dump HTTP authentication traffic (implies --verbose
  -x, --xmlconfig=CONFIG          XML config file
      --authgroup=GROUP           Choose authentication login selection
      --authenticate              Authenticate only and print login info
      --cookieonly                Fetch webvpn cookie only; don't connect
      --printcookie               Print webvpn cookie before connecting
      --cafile=FILE               Cert file for server verification
      --disable-ipv6              Do not ask for IPv6 connectivity
      --dtls-ciphers=LIST         OpenSSL ciphers to support for DTLS
      --no-dtls                   Disable DTLS
      --no-http-keepalive         Disable HTTP connection re-use
      --no-passwd                 Disable password/SecurID authentication
      --no-cert-check             Do not require server SSL cert to be valid
      --no-system-trust           Disable default system certificate authorities
      --no-xmlpost                Do not attempt XML POST authentication
      --non-inter                 Do not expect user input; exit if it is required
      --passwd-on-stdin           Read password from standard input
      --token-mode=MODE           Software token type: rsa, totp or hotp
      --token-secret=STRING       Software token secret
                                  (NOTE: libstoken (RSA SecurID) disabled in this build)
                                  (NOTE: Yubikey OATH disabled in this build)
      --reconnect-timeout         Connection retry timeout in seconds
      --servercert=FINGERPRINT    Server's certificate SHA1 fingerprint
      --useragent=STRING          HTTP header User-Agent: field
      --local-hostname=STRING     Local hostname to advertise to server
      --resolve=HOST:IP           Use IP when connecting to HOST
      --os=STRING                 OS type (linux,linux-64,win,...) to report
      --dtls-local-port=PORT      Set local port for DTLS datagrams

For assistance with OpenConnect, please see the web page at
  http://www.infradead.org/openconnect/mail.html
```


$ mpd5


```
Multi-link PPP daemon for FreeBSD
process 8742 started, version 5.8 (root@120amd64-quarterly-job-15 02:54  8-Feb-2019)
CONSOLE: listening on 127.0.0.1 5005
web: listening on 0.0.0.0 5006
Usage: set ippool add {pool} {start} {end}
Usage: set ipcp ranges {self}[/{width}]|ippool {pool} {peer}[/{width}]|ippool {pool}
mpd.conf:25: Error in 'set ipcp dns <dns-server>': invalid IP address: '<dns-server>'
Usage: set pptp self {ip} [{port}]
PPTP: waiting for connection on 0.0.0.0 1723
[L] set pptp self sv20.***.com
[L] show pptp
Active PPTP tunnels:
[L] set pptp
Commands available under "set pptp":
self     : Set local IP address     peer     : Set remote IP address
callingnum: Set calling PPTP telephone number     callednum: Set called PPTP telephone number
enable   : Enable option            disable  : Disable option   
[L] set pptp self sv20.fitsrv.com
[L] set pptp enable
```







						FreshPorts -- net-mgmt/networkmgr: FreeBSD/GhostBSD network connection manager
					

NetworkMgr is an open source, Network Manager based on the look of the Linux Network Manager user interface. It use ifconfig and netif if make all work.




					www.freshports.org
				













						Finally a Network Manager for FreeBSD!
					

Can someone port Networkmgr from GhostBSD? https://github.com/GhostBSD/networkmgr Some screenshots!




					forums.freebsd.org
				




Who can guide me to connect to VPN server?


----------



## aragats (Apr 1, 2019)

I use this simple script which prompts for the password:
	
	



```
SERVER=secure.cyberreefsolutions.com
USERNAME=myuser
AUTHGROUP=CRS-CUST-RADIUS1
CERT=sha256:0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
IFACE=tun9

openconnect --interface=${IFACE} --authgroup=${AUTHGROUP} --user=${USERNAME} --servercert ${CERT} --passwd-on-stdin ${SERVER}
```


----------



## WantBSD (Apr 1, 2019)

aragats said:


> I use this simple script which prompts for the password:
> 
> 
> 
> ...




1. How can get the *CERT* of a server? (e.g: pp1.ilcvpn.info)








						Using openssl to get the certificate from a server
					

I am trying to get the certificate of a remote server, which I can then use to add to my keystore and use within my Java application. A senior dev (who is on holidays :( ) informed me I can run this:




					stackoverflow.com
				











						How to save a remote server SSL certificate locally as a file
					

I need to download an SSL certificate of a remote server (not HTTPS, but the SSL handshake should be the same as Google Chrome / IE / wget and curl all give certificate check fail errors) and add the




					superuser.com
				





2. What is the *AUTHGROUP* value?

```
--authgroup=GROUP           Choose authentication login selection
```


----------



## aragats (Apr 1, 2019)

If you run the same command without the certificate option, you'll get something like this:
	
	



```
Certificate from VPN server "secure.cyberreefsolutions.com" failed verification.
Reason: unable to get local issuer certificate
To trust this server in future, perhaps add this to your command line:
    --servercert pin-sha256:wS943fWqrkEzFyTON9Q90O+2aI7i3FPjgvaSHIq/5/4=
Enter 'yes' to accept, 'no' to abort; anything else to view:
```
So, then you can add this cert to  he script to avoid such questions.
Regarding the AUTHGROUP: when I login via their web interface I get a drop-down with available groups, and I was told which one to use. I'm not sure how it's supposed to work in you case, maybe you don't need it at all.


----------



## WantBSD (Apr 1, 2019)

aragats said:


> If you run the same command without the certificate option, you'll get something like this:
> 
> 
> 
> ...



Thanks you.

My VPN Information :

*username: *camel
*password:* camel
*Cisco server:* cs1.ilcvpn.info:510
cs2.ilcvpn.info:510
cs3.ilcvpn.info:510
cs4.ilcvpn.info:510

It works for you?


*$ openconnect --interface=tun9 --user=camel --passwd-on-stdin cs2.ilcvpn.info:510*

```
camel
POST https://cs2.ilcvpn.info:510/
Connected to 80.84.49.142:510
SSL negotiation with cs2.ilcvpn.info
```

*$ ifconfig*

```
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
    ether 94:de:80:8d:e5:7f
    inet 192.168.1.34 netmask 0xffffff00 broadcast 192.168.1.255
    media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
    inet 127.0.0.1 netmask 0xff000000
    groups: lo
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
```


----------



## aragats (Apr 1, 2019)

I don't think it's listening on port 510:
	
	



```
# openconnect --interface=tu9 --user=camel https://cs1.ilcvpn.info:510
POST https://cs1.ilcvpn.info:510/
Failed to connect to 80.84.49.140:510: Connection refused
Failed to connect to host cs1.ilcvpn.info
Failed to open HTTPS connection to cs1.ilcvpn.info
Failed to obtain WebVPN cookie
```
I ran nmap as well and it found no open port 510:
	
	



```
% nmap cs1.ilcvpn.info
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-01 15:13 MDT
Nmap scan report for cs1.ilcvpn.info (80.84.49.140)
Host is up (0.12s latency).
rDNS record for 80.84.49.140: 140-49-84-80.rackcentre.redstation.net.uk
Not shown: 990 closed ports
PORT     STATE    SERVICE
49/tcp   open     tacacs
53/tcp   open     domain
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
1028/tcp open     unknown
1032/tcp open     iad3
1723/tcp open     pptp
3389/tcp open     ms-wbt-server
9999/tcp open     abyss
```


----------



## aragats (Apr 1, 2019)

okay, *cs3.ilcvpn.info* works!
	
	



```
tun9: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1340
    options=80000<LINKSTATE>
    inet6 fe80::de4a:3eff:fe8c:1360%tun9 prefixlen 64 tentative scopeid 0x6
    inet 10.10.0.62 --> 10.10.0.62 netmask 0xffffffff
    groups: tun
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
    Opened by PID 55820
```


----------



## WantBSD (Apr 1, 2019)

aragats said:


> okay, *cs3.ilcvpn.info* works!
> 
> 
> 
> ...



openconnect display connected message, but my network connection not change. (my ip not change)
also it not display tun9 on my $ifconfig.


----------



## WantBSD (Apr 1, 2019)

aragats said:


> I don't think it's listening on port 510:
> 
> 
> 
> ...



They said cs1 not works.
So we should use other servers. (cs2, cs3, cs4)


----------



## WantBSD (Apr 1, 2019)

aragats said:


> okay, *cs3.ilcvpn.info* works!
> 
> 
> 
> ...



It not display on my $ifconfig.

`$  ifconfig`

```
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
    ether 94:de:80:8d:e5:7f
    inet 192.168.1.34 netmask 0xffffff00 broadcast 192.168.1.255
    media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
    inet 127.0.0.1 netmask 0xff000000
    groups: lo
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
```
What I should do?


----------



## aragats (Apr 1, 2019)

WantBSD said:


> openconnect display connected message, but my network connection not change. (my ip not change)
> also it not display tun9 on my $ifconfig.


That's strange. You should run openconnect as root.


----------



## WantBSD (Apr 1, 2019)

aragats said:


> That's strange. You should run openconnect as root.


`ifconfig` is same.

--------

`--interface=tu9 or tun9?`


----------



## WantBSD (Apr 1, 2019)

`$  sudo openconnect --interface=tu9 --user=camel --passwd-on-stdin cs3.ilcvpn.info:510`

```
camel
POST https://cs3.ilcvpn.info:510/
Connected to 69.175.34.157:510
SSL negotiation with cs3.ilcvpn.info
^CSSL connection cancelled
Failed to open HTTPS connection to cs3.ilcvpn.info
Failed to obtain WebVPN cookie
```

`$  sudo openconnect --interface=tun9 --user=camel --passwd-on-stdin cs3.ilcvpn.info:510`

```
camel
POST https://cs3.ilcvpn.info:510/
Connected to 69.175.34.157:510
SSL negotiation with cs3.ilcvpn.info
```

`$  ifconfig`

```
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
    ether 94:de:80:8d:e5:7f
    inet 192.168.1.34 netmask 0xffffff00 broadcast 192.168.1.255 
    media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128 
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 
    inet 127.0.0.1 netmask 0xff000000 
    groups: lo 
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
```


----------



## aragats (Apr 1, 2019)

WantBSD said:


> --interface=tu9 or tun9?


it  should be tun9 (or whatever tunX), sorry, it was a typo in my message


----------



## WantBSD (Apr 1, 2019)

We should not use vpnc as a script in openconnect(8)?





						vpnc(8) - Linux man page
					

vpnc is a VPN client for the Cisco 3000 VPN Concentrator, creating a IPSec-like connection as a tunneling network device for the local system.




					linux.die.net
				




`$  openconnect --help`

```
...
  -s, --script=SCRIPT             Shell command line for using a vpnc-compatible config script
                                  default: "/usr/local/sbin/vpnc-script"
...
```


----------



## WantBSD (Apr 1, 2019)

WantBSD said:


> *$ sudo openconnect --interface=tu9 --user=camel --passwd-on-stdin cs3.ilcvpn.info:510 *
> `camel
> POST https://cs3.ilcvpn.info:510/
> Connected to 69.175.34.157:510
> ...



i press *$ reboot* and again test it, i will back here...


----------



## aragats (Apr 1, 2019)

I just tried it again (using *tun7* since I'm connected to my VPN using *tun9*):
	
	



```
$ sudo openconnect --interface=tun7 --user=camel cs3.ilcvpn.info:510
POST https://cs3.ilcvpn.info:510/
Connected to 69.175.34.157:510
SSL negotiation with cs3.ilcvpn.info
Server certificate verify failed: unable to get local issuer certificate

Certificate from VPN server "cs3.ilcvpn.info" failed verification.
Reason: unable to get local issuer certificate
To trust this server in future, perhaps add this to your command line:
    --servercert pin-sha256:hVi0yuYdOgpl4tLTsfseinznbgfzh3p0R64uWOWmq5c=
Enter 'yes' to accept, 'no' to abort; anything else to view: yes
Connected to HTTPS on cs3.ilcvpn.info
XML POST enabled
Please enter your username.
POST https://cs3.ilcvpn.info:510/auth
Please enter your password.
Password:
POST https://cs3.ilcvpn.info:510/auth
Got CONNECT response: HTTP/1.1 200 CONNECTED
CSTP connected. DPD 90, Keepalive 32400
Connected as 10.10.0.62, using SSL, with DTLS in progress
Established DTLS connection (using OpenSSL). Ciphersuite AES256-GCM-SHA384.
add host 69.175.34.157: gateway 172.28.0.1
add net 10.10.0.0: gateway 10.10.0.62
delete net default: gateway 172.28.0.1
add net default: gateway 10.10.0.62
```
Everything works as expected:
	
	



```
....
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    inet6 fe80::de4a:3eff:fe8c:1360%tun0 prefixlen 64 scopeid 0x5 
    inet 10.8.0.3 --> 10.8.0.1 netmask 0xffffff00 
    groups: tun 
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    Opened by PID 2368
tun9: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1322
    options=80000<LINKSTATE>
    inet6 fe80::de4a:3eff:fe8c:1360%tun9 prefixlen 64 tentative scopeid 0x6 
    inet 192.168.39.24 --> 192.168.39.24 netmask 0xffffffff 
    groups: tun 
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
    Opened by PID 65972
tun7: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1340
    options=80000<LINKSTATE>
    inet6 fe80::de4a:3eff:fe8c:1360%tun7 prefixlen 64 tentative scopeid 0x7 
    inet 10.10.0.62 --> 10.10.0.62 netmask 0xffffffff 
    groups: tun 
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
    Opened by PID 75840
```


----------



## WantBSD (Apr 1, 2019)

WantBSD said:


> I press `$  reboot` and again test it, I will back here...



`$  ifconfig`

```
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
    ether 94:de:80:8d:e5:7f
    inet 192.168.1.34 netmask 0xffffff00 broadcast 192.168.1.255 
    media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128 
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 
    inet 127.0.0.1 netmask 0xff000000 
    groups: lo 
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
```


`$  sudo openconnect --interface=tun9 --user=camel --passwd-on-stdin cs3.ilcvpn.info:510`

```
Password:
camel
POST https://cs3.ilcvpn.info:510/
Connected to 69.175.34.157:510
SSL negotiation with cs3.ilcvpn.info
```

It not display tun9 in the `$  ifconfig`.


----------



## WantBSD (Apr 1, 2019)

`$  sudo openconnect --interface=tun7 --user=camel cs3.ilcvpn.info:510`

```
POST https://cs3.ilcvpn.info:510/
Connected to 69.175.34.157:510
SSL negotiation with cs3.ilcvpn.info
....
...
...
after some seconds...
SSL connection failure
Failed to open HTTPS connection to cs3.ilcvpn.info
Failed to obtain WebVPN cookie
```


----------



## aragats (Apr 1, 2019)

Wait a minute... if you use *--passwd-on-stdin* it will be waiting infinitely, with that option you should _echo_ your password and pipe it to the command. Do not use it now. It will prompt you to enter.


----------



## WantBSD (Apr 1, 2019)

aragats said:


> Wait a minute... if you use *--passwd-on-stdin* it will be waiting infinitely, with that option you should _echo_ your password and pipe it to the command. Do not use it now. It will prompt you to enter.


Yeah, its correct.


`$  sudo openconnect --interface=tun7 --user=camel cs3.ilcvpn.info:510`

```
POST https://cs3.ilcvpn.info:510/
Connected to 69.175.34.157:510
SSL negotiation with cs3.ilcvpn.info
```

It only display re0 and lo0 in the ifconfig(8).


----------



## aragats (Apr 1, 2019)

Try creating a *tunX* interface manually:
	
	



```
# ifconfig tun create
tun1
# ifconfig tun1
tun1: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    groups: tun 
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
```
If you don't   have any, it will be *tun0*. Then use that interface for the VPN.


----------



## WantBSD (Apr 1, 2019)

aragats said:


> Try creating a *tunX* interface manually:
> 
> 
> 
> ...




```
root@Unix:/tmp/ # ifconfig tun create
tun0
root@Unix:/tmp/ # ifconfig tun1
ifconfig: interface tun1 does not exist
root@Unix:/tmp/ # ifconfig tun0
tun0: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    groups: tun 
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
```

It create the tun0.
-------


```
$ curl 'https://api.ipify.org?format=json'

{"ip":"31.56.89.79"}
```

This IP is not the Cisco IP.


----------



## WantBSD (Apr 1, 2019)

`#  ifconfig`

```
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
    ether 94:de:80:8d:e5:7f
    inet 192.168.1.34 netmask 0xffffff00 broadcast 192.168.1.255
    media: Ethernet autoselect (100baseTX <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
    inet 127.0.0.1 netmask 0xff000000
    groups: lo
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
tun0: flags=8011<UP,POINTOPOINT,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    groups: tun
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
```

*Why the tun0 information not change?*

---------


I should enter this?
`$  ifconfig tun0 up`

how can enable it?


----------



## aragats (Apr 1, 2019)

Your openconnect command should configure it properly:
	
	



```
$ sudo openconnect --interface=tun0 --user=camel cs3.ilcvpn.info:510
```


----------



## WantBSD (Apr 1, 2019)

aragats said:


> Your openconnect command should configure it properly:
> 
> 
> 
> ...


That not changed.

`#  ifconfig tun0`

```
tun0: flags=8011<UP,POINTOPOINT,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    groups: tun 
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
```


----------



## WantBSD (Apr 1, 2019)

`$  sudo openconnect --interface=tun0 --user=camel cs3.ilcvpn.info:510`

```
POST https://cs3.ilcvpn.info:510/
Connected to 69.175.34.157:510
SSL negotiation with cs3.ilcvpn.info





SSL connection failure
Failed to open HTTPS connection to cs3.ilcvpn.info
Failed to obtain WebVPN cookie
```

It will be cut off after a few seconds.

Q: Did you connected to VPN?
Q: It works for you?
Q: you tested your new ip after connected?

because it has limited connection on 2 person.


----------



## aragats (Apr 1, 2019)

No, I disconnected right after checking.
Now I connected again. It pings 10.10.0.1 for 2 minutes with 35-40ms.
I don't see any issues.


----------



## WantBSD (Apr 1, 2019)

WantBSD said:


> That not changed.
> 
> `#  ifconfig tun0`
> 
> ...



OK, but openconnect(8) not change the tun0 for me!


----------



## WantBSD (Apr 1, 2019)

```
root@Unix:/tmp # ifconfig tun create
tun1
```


```
root@Unix:/tmp # ifconfig tun1
tun1: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    groups: tun 
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
```


```
root@Unix:/tmp # ifconfig tun0
tun0: flags=8011<UP,POINTOPOINT,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    groups: tun 
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
```


```
root@Unix:/tmp # ifconfig tun2
ifconfig: interface tun2 does not exist
```

---------------------
Next Step :



```
$ sudo openconnect --interface=tun1 --user=camel cs3.ilcvpn.info:510
POST https://cs3.ilcvpn.info:510/
Connected to 69.175.34.157:510
SSL negotiation with cs3.ilcvpn.info
```


`root@Unix:/tmp # ifconfig tun1`

```
tun1: flags=8010<POINTOPOINT,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    groups: tun 
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
```


----------



## aragats (Apr 1, 2019)

It is UP:


WantBSD said:


> root@Unix:/tmp # ifconfig tun0
> tun0: flags=8011<*UP*,POINTOPOINT,MULTICAST> metric 0 mtu 1500
> options=80000<LINKSTATE>
> groups: tun
> nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>


----------



## WantBSD (Apr 1, 2019)

aragats said:


> It is UP:



Ooops! yeah its up. 

_*--------- update*_

but it not works.
also: when I press or type *^C *in openconnect. (it will exit)

next: The tun0 is up yet.



```
$ curl 'https://api.ipify.org?format=json'
{"ip":"31.56.89.79"}
```


----------



## WantBSD (Apr 1, 2019)

i think myself make it  as up.
`ifconfig tun0 up`
You can check history in the first page of this thread.


----------



## WantBSD (Apr 2, 2019)

*Note:
OpenConnect *not ask me to accept the SSL, but it ask from you. (in the first page of this thread)
but it not ask me. (even when i not use --crt argument)


----------



## WantBSD (Apr 2, 2019)

vpn.sh file:


```
#!/bin/sh

# settings
user="camel"
pass="camel"
host="cs4.ilcvpn.info:510"
test="nc -v -w 10 -z 172.16.0.4 3389" # i think its wrong!(ip should change...)
tmpif="tun1"
iface="ocvpnc1" # i dont know why it?!
pidfile="/tmp/${iface}.pid"
script="/usr/local/sbin/vpnc-script"

# env
openconnect="/usr/local/sbin/openconnect"
ifconfig="/sbin/ifconfig"

# func
ifkill()
{
        $ifconfig "$1" down 2>/dev/null || :
        $ifconfig "$1" destroy 2>/dev/null || :
}

# check if we're already running
#if [ -n "$test" ] && $test; then
        echo "Connection is already up"
#        exit 0
#fi

# clean up previous instance, if any
if [ -e "$pidfile" ]; then
        read pid <"$pidfile"
        echo "Killing previous pid: $pid"
        kill -TERM "$pid"
        rm "$pidfile"
fi
ifkill "$tmpif"
ifkill "$iface"

# open vpn connection
echo "$pass" |\
$openconnect \
        --background \
        --pid-file="$pidfile" \
        --interface="$tmpif" \
        --user="$user" \
        --passwd-on-stdin \
        --script="$script" \
        "$host"

# rename the interface
if [ "$iface" != "$tmpif" ]; then
        echo "Renaming $tmpif to $iface"
        $ifconfig "$tmpif" name "$iface"
fi
```


```
$ sh vpn.sh
Connection is already up
POST https://cs4.ilcvpn.info:510/
Connected to 69.175.34.158:510
SSL negotiation with cs4.ilcvpn.info
....
....
after some seconds...

SSL connection failure
Failed to open HTTPS connection to cs4.ilcvpn.info
Failed to obtain WebVPN cookie
Renaming tun1 to ocvpnc1
ifconfig: ioctl SIOCSIFNAME (set name): Operation not permitted
```

----------------


```
$ sudo sh vpn.sh
Password:
Connection is already up
POST https://cs4.ilcvpn.info:510/
Connected to 69.175.34.158:510
SSL negotiation with cs4.ilcvpn.info
```

It not works, and not change the ifconfig status.


----------

