Jump to content
TorGuard
  • 0
Yann

Openconnect - Setup with openwrt router

Rate this question

Question

Hello,

I would like to use Openconnect protocol with my Torguard account.

My router is a GL.INET GL-MT300A

I have already installed the packages to use luci gui but I don’t know how to setup the connection.

Could you please help me ?

Thank you.

Yann.

Share this post


Link to post
Share on other sites

11 answers to this question

Recommended Posts

  • 0

Thank you for your answer. I have already saw this post but it's written:

(current available openconnect does not work, you need to compile your own)

I'm not sure to be able to do it by myself without help. How do I have todo this?

I though the luci gui could help me.

Yann.

Share this post


Link to post
Share on other sites
  • 0

Hello Yann, I recently submitted a bug report to the LEDE project about the broken package. It should be available in th currently night builds. 

In addtion, the torguard server certificates do not seem to be configured correctly. You will receive errors when trying to connect which can no longer be fixed by the depreciated command --no-cert-check.

Basically,  at this time don't bother with openconnect until torguard finds a solution to the certificate issue.

 

Share this post


Link to post
Share on other sites
  • 0

Hello adagari,

Thank you for your answer, I'll wait for a fix.

FYI, it’s OK with my raspberry but not with my router using the shell with something like this:
sudo openconnect -u username –authgroup=DEFAULT -b --no-dtls --pfs fr.torguardvpnaccess.com:22

Yann.

Share this post


Link to post
Share on other sites
  • 0
15 hours ago, adagari said:

Hello Yann, I recently submitted a bug report to the LEDE project about the broken package. It should be available in th currently night builds. 

In addtion, the torguard server certificates do not seem to be configured correctly. You will receive errors when trying to connect which can no longer be fixed by the depreciated command --no-cert-check.

Basically,  at this time don't bother with openconnect until torguard finds a solution to the certificate issue.

 

 

Hello,

Can you explain the issue your facing with the certificates?

Regards

Share this post


Link to post
Share on other sites
  • 0
40 minutes ago, Support said:

 

Hello,

Can you explain the issue your facing with the certificates?

Regards

Hello there,

Here is my log with openconnect setup.

https://pastebin.com/Z1WEQaHy

Here is another log with the --no-cert-check argument passed.

https://pastebin.com/eCudEVg5

I am assuming this may be an issue with the certificate authority used to sign the certificates. Usually, you could pass --servercert sha1:## to trust the certificate but this creates an issue where when you connect to the hostname, it is a different server, with a different certificate, each time.

Share this post


Link to post
Share on other sites
  • 0
1 hour ago, adagari said:

Hello there,

Here is my log with openconnect setup.

https://pastebin.com/Z1WEQaHy

Here is another log with the --no-cert-check argument passed.

https://pastebin.com/eCudEVg5

I am assuming this may be an issue with the certificate authority used to sign the certificates. Usually, you could pass --servercert sha1:## to trust the certificate but this creates an issue where when you connect to the hostname, it is a different server, with a different certificate, each time.

 

Keep in mind that the anyconnect.host hostnames use port 443, the shared hosts such as xx.torguardvpnaccess.com use port 22.

Have you installed the ca-certs package? 

opkg install ca-certificates

 

Share this post


Link to post
Share on other sites
  • 0
28 minutes ago, Support said:

 

Keep in mind that the anyconnect.host hostnames use port 443, the shared hosts such as xx.torguardvpnaccess.com use port 22.

Have you installed the ca-certs package? 

opkg install ca-certificates

 

Hello,

I checked and I do not have the ca-certificates package installed. Right now I am in the process of setting up openconnect again. I will report back with my findings.

Share this post


Link to post
Share on other sites
  • 0

Hello,

I built a new openconnect package and installed the ca-certificates package, but it still resulted in the same error. Are the certificates self signed? This may be the issue with trying to setup on LEDE.

 

It seems the only way I can get openconnect to work is by

1.) run "gnutls-cli --insecure hostname:port"

2.) enter the IP and sha1 key id returned in my LEDE config.

Doing this allows me to connect to the host. Although it might not be ideal because I will connect to the same IP each time.

Share this post


Link to post
Share on other sites
  • 0
17 hours ago, adagari said:

Hello,

I built a new openconnect package and installed the ca-certificates package, but it still resulted in the same error. Are the certificates self signed? This may be the issue with trying to setup on LEDE.

 

It seems the only way I can get openconnect to work is by

1.) run "gnutls-cli --insecure hostname:port"

2.) enter the IP and sha1 key id returned in my LEDE config.

Doing this allows me to connect to the host. Although it might not be ideal because I will connect to the same IP each time.

6

 

Hello Adagari

Yes the certs are self-signed - i believe there was an issue between hostname/direct IP, anyhow, let me look at this today and see clearly what the issue is and if we can implement a change so you can run them directly without any troubles.

Regards

Share this post


Link to post
Share on other sites
  • 0
31 minutes ago, Support said:

 

Hello Adagari

Yes the certs are self-signed - i believe there was an issue between hostname/direct IP, anyhow, let me look at this today and see clearly what the issue is and if we can implement a change so you can run them directly without any troubles.

Regards

Hello,

Yes there does seem to be an issue using the direct IP. On a reboot openconnect fails to reconnect. I have reverted back to openvpn for the time being.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×