在 linux 机器上,我们尝试使用 Cisco AnyConnect 版本建立 VPN 连接,anyconnect-linux64-4.10.05085-predeploy-k9如下所示:
printf '<user>\n<password>\ny' | /opt/cisco/anyconnect/bin/vpn -s connect <host>
我们得到这个错误:
>> state: Connecting
>> notice: Establishing VPN session...
The AnyConnect Downloader is analyzing this computer. Please wait...
Initializing the AnyConnect Downloader...
The AnyConnect Downloader is performing update checks...
The AnyConnect Downloader updates have been completed.
>> notice: The AnyConnect Downloader is performing update checks...
>> notice: Checking for profile updates...
>> notice: Checking for customization updates...
>> notice: Performing any required updates...
>> notice: The AnyConnect Downloader updates have been completed.
Please wait while the VPN connection is established...
>> state: Connecting
>> notice: Establishing VPN session...
>> notice: Establishing VPN - Initiating connection...
>> state: Disconnecting
>> notice: Disconnect in progress, please wait...
>> error: VPN establishment capability for a remote user is disabled. A VPN connection will not be established.
>> state: Disconnected
根据互联网上的评论,我们尝试添加/opt/cisco/anyconnect/profile/Profile.xml具有以下内容的配置文件:
<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
<ClientInitialization>
<LinuxVPNEstablishment>AllowRemoteUsers</LinuxVPNEstablishment>
</ClientInitialization>
</AnyConnectProfile>
但无济于事。
允许远程用户进行 VPN 连接的正确方法是什么?
所以事实证明,
AllowRemoteUser设置必须在服务器端完成,而不是客户端。添加
在 VPN 服务器上的某些
.xml文件中,错误消失了。知道会很有趣