openfortivpn은 fortigate에 연결할 수 없습니다

openfortivpn은 fortigate에 연결할 수 없습니다

openfortivpn(버전 1.15.0-1)을 사용하여 클라이언트 fortigate에 연결하기 위해 데비안 시스템(bullseye)을 구성하려고 합니다. 이미 다른 클라이언트 fortigate를 구성했으며 제대로 작동합니다. 사용자 이름과 비밀번호를 확인했고(Windows 시스템에서 시도했는데 문제 없이 로그인할 수 있었습니다) --trusted-cert 옵션을 사용했지만 최종 결과에는 아무것도 변경되지 않았습니다. 다음은 openfortivpn -c configfile -vv 명령의 출력입니다.

DEBUG:  openfortivpn 1.15.0
DEBUG:  revision unavailable
DEBUG:  Loaded config file "vpn".
DEBUG:  Loaded password from config file "vpn"
DEBUG:  Config host = "hostname"
DEBUG:  Config realm = ""
DEBUG:  Config port = "443"
DEBUG:  Config username = "username"
DEBUG:  Resolving gateway host ip
DEBUG:  Establishing ssl connection
DEBUG:  server_addr: xxx.xxx.xxx.xxx
DEBUG:  server_port: 443
DEBUG:  gateway_addr: xxx.xxx.xxx.xxx
DEBUG:  gateway_port: 443
DEBUG:  Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG:  Setting minimum protocol version to: 0x303.
DEBUG:  Gateway certificate validation failed.
DEBUG:  Gateway certificate digest found in white list.
INFO:   Connected to gateway.
DEBUG:  http_send:
POST /remote/logincheck HTTP/1.1
Host: customer-host:443
User-Agent: Mozilla/5.0 SV1
Accept: */*
Accept-Encoding: gzip, deflate, br
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT
Content-Type: application/x-www-form-urlencoded
Cookie:
Content-Length: 60

username=sidretail&credential=****************&realm=&ajax=1
DEBUG:  http_receive:
HTTP/1.1 405 Method Not Allowed
Date: Mon, 16 May 2022 10:51:24 GMT
Server: xxxxxxxx-xxxxx
Set-Cookie:  SVPNCOOKIE=; path=/; expires=Sun, 11 Mar 1984 12:00:00 GMT; secure; httponly; SameSite=Strict;
Set-Cookie: SVPNNETWORKCOOKIE=; path=/remote/network; expires=Sun, 11 Mar 1984 12:00:00 GMT; secure; httponly; SameSite=Strict
Transfer-Encoding: chunked
Content-Type: text/html
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'; object-src 'self'; script-src 'self' https:   'unsafe-eval' 'unsafe-inline' blob:;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

698
<HTML>
<HEAD>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<link href="/sslvpn/css/ssl_style.css" rel="stylesheet" type="text/css">
<script type='text/javascript' src='/remote/fgt_lang?lang=en'></script>
</head>
<body class="main">
<table class="container" cellpadding="0" cellspacing="0">
<tr>
<td><table class="dialog" width=300 align="center" cellpadding="0" cellspacing="0">
<tr>
<td><table class="header" cellpadding="0" cellspacing="0">
<tr>
<td id="err_title"></td>
</tr>
</table></td>
</tr>
<script>document.getElementById('err_title').innerHTML=fgt_lang['error'];</script>
<tr>
<td class="body" height=100><table class="body"><tr><td id='err_val' title='405' align="center">
<script>
var errval_elem=document.getElementById('err_val');
var errval=errval_elem.getAttribute('title').split(',');
var err_str = fgt_lang[errval[0]];
if (err_str == undefined) {
   errval_elem.innerHTML = "some unknown error!<br>";
} else {   if (errval.length == 2) {
       err_str = encodeURIComponent(err_str.replace("%d", errval[1]));
       err_str = err_str.replace(/%20/g, " ");   }
   errval_elem.innerHTML = err_str;
}
</script></td></tr></table></td>
</tr>
<tr><td>
<table class="footer" cellpadding="0" cellspacing="0">
<tr><td>
<input id="ok_button" type="button" value="" onclick="chkbrowser()" style="width:80px">
</td></tr>
</table>
</td></tr>
</table>
</body>
<script language = "javascript">
document.getElementById('ok_button').value=fgt_lang['ok'];
function chkbrowser() {
if (window.location.pathname == "/remote/login")
window.location.reload();
else
window.location.href = "/remote/login";}
</script>
</html>

0


ERROR:  Could not authenticate to gateway. Please check the password, client certificate, etc.
DEBUG:  HTTP status code 405
INFO:   Closed connection to gateway.
DEBUG:  server_addr: xxx.xxx.xxx.xxx
DEBUG:  server_port: 443
DEBUG:  gateway_addr: xxx.xxx.xxx.xxx
DEBUG:  gateway_port: 443
DEBUG:  Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG:  Setting minimum protocol version to: 0x303.
DEBUG:  Gateway certificate validation failed.
DEBUG:  Gateway certificate digest found in white list.
DEBUG:  http_send:
GET /remote/logout HTTP/1.1
Host: customer-host:443
User-Agent: Mozilla/5.0 SV1
Accept: */*
Accept-Encoding: gzip, deflate, br
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT
Content-Type: application/x-www-form-urlencoded
Cookie:
Content-Length: 0


DEBUG:  http_receive:
HTTP/1.1 200 OK
Date: Mon, 16 May 2022 10:51:24 GMT
Server: xxxxxxxx-xxxxx
Set-Cookie:  SVPNCOOKIE=; path=/; expires=Sun, 11 Mar 1984 12:00:00 GMT; secure; httponly; SameSite=Strict;
Set-Cookie: SVPNNETWORKCOOKIE=; path=/remote/network; expires=Sun, 11 Mar 1984 12:00:00 GMT; secure; httponly; SameSite=Strict
Content-Length: 162
Content-Type: text/html; charset=utf-8
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'; object-src 'self'; script-src 'self' https:   'unsafe-eval' 'unsafe-inline' blob:;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

<html><head><script>function fgt_sslvpn_logout() {window.location.href ='/remote/login';}</script></head><body><script>fgt_sslvpn_logout();</script></body></html>
INFO:   Logged out.

미리 감사드립니다.

답변1

것 같다메일링 방법dem-hq.fortidyndns.com:443/remote/logincheck에서는 허용되지 않으므로 인증할 수 없습니다!

관련 정보