The official GlobalProtect VPN clients always connect first via the portal. The portal then sends a choice of one or more gateways. However, this behavior is unnecessary, and adds an additional delay in establishing a connection.
Recent versions of
openconnect
can connect via either the portal endpoint or the gateway endpoint:- If unspecified, the gateway endpoint is tried first, then the portal endpoint.
- For the gateway, include a URL-path starting with
/ssl-vpn
or specify--usergroup=gateway
- For the portal, include a URL-path starting with
/global-protect
or specify--usergroup=portal
- To choose a specific gateway from the portal without further prompting, add
--authgroup $GATEWAYNAME
- To choose a specific gateway from the portal without further prompting, add
Example of connecting via the portal interface and getting a choice of gateway servers:
$ openconnect --protocol=gp --usergroup=portal server.company.com
Please enter your username and password.
Username:
Password:
..
Connected to HTTPS on server.company.com
3 gateway servers available:
NorthAmerica (vpn-na.company.com)
Europe (vpn-eu.company.com)
Asia (vpn-asia.company.com)
Please select GlobalProtect gateway.
GATEWAY: [NorthAmerica|Europe|Asia]:
...
from https://github.com/dlenski/openconnect
------
相关帖子:
http://www.briten.info/2015/02/openconnect-server-089-for-debian-7.html
http://www.briten.info/2015/02/centos-65ocservcisco-anyconnect.html
No comments:
Post a Comment