Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:vpn:openconnect:extras [2024/10/16 19:55] – [Commercial provider] andrewzdocs:guide-user:services:vpn:openconnect:extras [2024/10/16 20:06] – [Default gateway] andrewz
Line 47: Line 47:
 </code> </code>
  
-Alternatively, run the client without specifying ''serverhash'' in the configuration file or "VPN Server's certificate SHA1 hash" in Luci. Open the System Log and look for the following lines: 
- 
-<code> 
-daemon.notice netifd: vpn (3443): Certificate from VPN server "vpn.example.com" failed verification. 
-daemon.notice netifd: vpn (3443): Reason: unable to get local issuer certificate 
-daemon.notice netifd: vpn (3443): To trust this server in future, perhaps add this to your command line: 
-daemon.notice netifd: vpn (3443):     --servercert pin-sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
-daemon.notice netifd: vpn (3443): SSL connection failure 
-</code> 
- 
-Copy the complete string shown __after__ ''--servercert'' and use it in the configuration as your server hash. 
  
 ==== Dynamic connection ==== ==== Dynamic connection ====
Line 63: Line 52:
  
 ==== Default gateway ==== ==== Default gateway ====
-If you do not need to route all traffic to VPN+Disable gateway redirection in the client if you don'need to route all traffic through VPN.
-Disable gateway redirection on VPN client.+
  
 <code bash> <code bash>
  • Last modified: 2024/10/17 17:30
  • by andrewz