Closed changchunhua2017 closed 3 years ago
我使用 anyconnect-win-4.9.05042.msi 本地测试正常,麻烦提供下用户组的配置信息
我使用 anyconnect-win-4.9.05042.msi 本地测试正常,麻烦提供下用户组的配置信息
用户组信息
环境: 桌面 OS : Windows 10 vpn客户端 cisco anyconnect 版本 v4.9.04043
作为对比,同样是这个客户端,连另一台 VPN 服务端 OpenConnect server (ocserv 1.1.1)登录正常
客户端报错 cisco anyconnect 输入 pin + OTP 动态码后 ,Banner信息弹出正常 ,但下一步就报错了
服务端日志输出
2021/01/12 10:04:48 main.go:26: [Info] Server pid: 2027 2021/01/12 10:04:48 server.go:47: [Info] listen server :443 2021/01/12 10:04:48 server.go:58: [Info] Listen admin :8800 2021/01/12 10:05:30 link_tunnel.go:69: [Debug] 192.168.214.10 02:00:ac:1a:05:0e demo 2021/01/12 10:05:30 link_cstp.go:54: [Debug] DISCONNECT 192.168.214.10 2021/01/12 10:05:30 closeOnce: 192.168.214.10
使用的是自签证书吗?
我的也是这个错误.用的是自签证书,自签证书引起的?
我的也是这个错误.用的是自签证书,自签证书引起的?
我用的昨天刚申请的 Let's Encrypt 泛域名公共证书 (类似 *.example.com ),非自签证书
我的也是这个错误.用的是自签证书,自签证书引起的?
我使用的自签证书,需要将p12证书导入浏览器。可以正常使用。这个报错具体原因不太清楚
这个删除掉,不正确的CIDR也会导致链接问题。 另增加了CIDR判断和返回数据的debug信息,稍后会更新
排除路由的内容去掉了,问题依旧
服务端日志
2021/01/12 15:16:14 link_tunnel.go:69: [Debug] 192.168.214.10 02:00:ac:1a:05:0e demo
2021/01/12 15:16:14 link_cstp.go:54: [Debug] DISCONNECT 192.168.214.10
2021/01/12 15:16:14 closeOnce: 192.168.214.10
2021/01/12 15:16:14 link_tun.go:104: [Error] tun Read err 0 read tun: file already closed
anyconnect 客户端的连接日志
15:22:20 Contacting sslvpn.xxx.org.
15:22:39 User credentials entered.
15:24:21 User credentials entered.
15:24:21 Please respond to banner.
15:24:22 User accepted banner.
15:24:22 Establishing VPN session...
15:24:22 The AnyConnect Downloader is performing update checks...
15:24:22 Checking for profile updates...
15:24:22 Checking for customization updates...
15:24:23 Establishing VPN - Initiating connection...
15:24:23 Establishing VPN session...
15:24:23 Connection attempt has failed.
15:24:23 VPN session ended.
有没有个QQ群?
去Let's Encrypt申请了 证书换上去.录入ping+动态码之后.
去Let's Encrypt申请了 证书换上去.录入ping+动态码之后.
这个报错和我自签证书报错一样的,我是将p12证书文件加入到浏览器解决的
排除路由的内容去掉了,问题依旧
服务端日志 2021/01/12 15:16:14 link_tunnel.go:69: [Debug] 192.168.214.10 02:00:ac:1a:05:0e demo 2021/01/12 15:16:14 link_cstp.go:54: [Debug] DISCONNECT 192.168.214.10 2021/01/12 15:16:14 closeOnce: 192.168.214.10 2021/01/12 15:16:14 link_tun.go:104: [Error] tun Read err 0 read tun: file already closed
anyconnect 客户端的连接日志
15:22:20 Contacting sslvpn.xxx.org. 15:22:39 User credentials entered. 15:24:21 User credentials entered. 15:24:21 Please respond to banner. 15:24:22 User accepted banner. 15:24:22 Establishing VPN session... 15:24:22 The AnyConnect Downloader is performing update checks... 15:24:22 Checking for profile updates... 15:24:22 Checking for customization updates... 15:24:23 Establishing VPN - Initiating connection... 15:24:23 Establishing VPN session... 15:24:23 Connection attempt has failed. 15:24:23 VPN session ended.
下载最新版,然后把debug信息贴一下
有没有个QQ群?
暂时没有建立
去Let's Encrypt申请了 证书换上去.录入ping+动态码之后.
使用较新版本的客户端试一下 https://gitee.com/bjdgyc/anylink-soft
去Let's Encrypt申请了 证书换上去.录入ping+动态码之后.
使用较新版本的客户端试一下 https://gitee.com/bjdgyc/anylink-soft
@hebaodanroot 对,你需要用最新版本的 anyconnect 测试
最新版 debug 信息 @bjdgyc
X-Cstp-Keep: true
X-Cstp-Keepalive: 20
X-Cstp-Lease-Duration: 1209600
X-Cstp-License: accept
X-Cstp-Msie-Proxy-Lockdown: true
X-Cstp-Mtu: 1399
X-Cstp-Netmask: 255.255.255.0
X-Cstp-Protocol: Copyright (c) 2004 Cisco Systems, Inc.
X-Cstp-Quarantine: false
X-Cstp-Rekey-Method: new-tunnel
X-Cstp-Rekey-Time: 172800
X-Cstp-Routing-Filtering-Ignore: false
X-Cstp-Session-Timeout: none
X-Cstp-Session-Timeout-Alert-Interval: 60
X-Cstp-Session-Timeout-Remaining: none
X-Cstp-Smartcard-Removal-Disconnect: true
X-Cstp-Split-Exclude: 0.0.0.0/255.255.255.255
X-Cstp-Split-Include:
X-Cstp-Tcp-Keepalive: false
X-Cstp-Tunnel-All-Dns: false
X-Cstp-Version: 1
X-Dtls-Keepalive: 20
X-Dtls-Mtu: 1399
X-Dtls-Port: 4433
X-Dtls-Rekey-Time: 5400
X-Dtls-Session-Id: e8de40505476305c05c84f60df1d7efe4ca513ca1a993bae5e77b3dfa162f2bc
X-Dtls12-Ciphersuite: ECDHE-ECDSA-AES128-GCM-SHA256
2021/01/13 09:34:30 link_cstp.go:54: [Debug] DISCONNECT 192.168.214.10
2021/01/13 09:34:30 closeOnce: 192.168.214.10
X-Cstp-Split-Include:
这个信息不能为空
X-Cstp-Split-Include:
这个信息不能为空
补全后,测试问题依旧
2021/01/13 13:47:27 link_tunnel.go:70: [Debug] 192.168.214.10 02:00:ac:1a:05:0e demo
2021/01/13 13:47:27 link_tunnel.go:138: [Debug] Server: AnyLink 0.0.8
X-Cstp-Address: 192.168.214.10
X-Cstp-Client-Bypass-Protocol: false
X-Cstp-Disable-Always-On-Vpn: false
X-Cstp-Disconnected-Timeout: 18000
X-Cstp-Dns: 114.114.114.114
X-Cstp-Dns: 8.8.8.8
X-Cstp-Dpd: 30
X-Cstp-Hostname: anylink
X-Cstp-Idle-Timeout: 18000
X-Cstp-Keep: true
X-Cstp-Keepalive: 20
X-Cstp-Lease-Duration: 1209600
X-Cstp-License: accept
X-Cstp-Msie-Proxy-Lockdown: true
X-Cstp-Mtu: 1399
X-Cstp-Netmask: 255.255.255.0
X-Cstp-Protocol: Copyright (c) 2004 Cisco Systems, Inc.
X-Cstp-Quarantine: false
X-Cstp-Rekey-Method: new-tunnel
X-Cstp-Rekey-Time: 172800
X-Cstp-Routing-Filtering-Ignore: false
X-Cstp-Session-Timeout: none
X-Cstp-Session-Timeout-Alert-Interval: 60
X-Cstp-Session-Timeout-Remaining: none
X-Cstp-Smartcard-Removal-Disconnect: true
X-Cstp-Split-Exclude: 0.0.0.0/255.255.255.255
X-Cstp-Split-Exclude: 192.168.11.0/255.255.255.0
X-Cstp-Split-Include: 192.168.18.0/255.255.255.0
X-Cstp-Tcp-Keepalive: false
X-Cstp-Tunnel-All-Dns: false
X-Cstp-Version: 1
X-Dtls-Keepalive: 20
X-Dtls-Mtu: 1399
X-Dtls-Port: 4433
X-Dtls-Rekey-Time: 5400
X-Dtls-Session-Id: bf23df96a52499dcc73fc3e3afe52b9d29d2d0094bcbabefb0bf9a2db05d0105
X-Dtls12-Ciphersuite: ECDHE-ECDSA-AES128-GCM-SHA256
2021/01/13 13:47:27 link_cstp.go:54: [Debug] DISCONNECT 192.168.214.10
2021/01/13 13:47:27 closeOnce: 192.168.214.10
2021/01/13 13:47:27 link_tun.go:104: [Error] tun Read err 0 read tun: file already closed
临时建了一个qq群,可以进群讨论下 567510628
环境: 桌面 OS : Windows 10 vpn客户端 cisco anyconnect 版本 v4.9.04043
客户端报错 cisco anyconnect 输入 pin + OTP 动态码后 ,Banner信息弹出正常 ,但下一步就报错了
服务端日志输出