Pulse Secure Linux client with openSUSE Leap 15.4 安裝小記
OS: openSUSE Leap 15.4
Pulse Secure: 9.1
公司的 SSLVPN 用的是 Pulse Secure, 但是 openSUSE Leap 的參考文章相對少
今天就寫相關的安裝方式
參考台大的文章還有廠商的文章
取得套件 RPM
# wget https://ccnet.ntu.edu.tw/vpn/Download/ps-pulse-linux-9.1r15.0-b15819-64bit-installer.rpm
先嘗試安裝
# rpm -ivh ps-pulse-linux-9.1r15.0-b15819-64bit-installer.rpm
error: Failed dependencies:
gtkmm30 >= 3.22.2 is needed by pulsesecure-2:9.1-R15.x86_64
libbsd is needed by pulsesecure-2:9.1-R15.x86_64
libcurl >= 7.29.0 is needed by pulsesecure-2:9.1-R15.x86_64
nss-tools is needed by pulsesecure-2:9.1-R15.x86_64
webkit2gtk3 >= 2.24.4 is needed by pulsesecure-2:9.1-R15.x86_64
直接安裝會遇到相依性的問題
安裝 mozilla-nss-tools
# zypper install mozilla-nss-tools
The following 2 recommended packages were automatically selected:
libfreebl3-hmac libsoftokn3-hmac
The following 6 NEW packages are going to be installed:
libfreebl3 libfreebl3-hmac libsoftokn3 libsoftokn3-hmac mozilla-nss mozilla-nss-tools
6 new packages to install.
Overall download size: 2.1 MiB. Already cached: 0 B. After the operation, additional 5.2
MiB will be used.
Continue? [y/n/v/...? shows all options] (y):y
新增兩個 repo
# zypper addrepo https://download.opensuse.org/repositories/server:mail/openSUSE_Tumbleweed/server:mail.repo
# zypper addrepo https://download.opensuse.org/repositories/devel:gcc:next/15.4/devel:gcc:next.repo
更新 repo, 並信任相關 Key
# zypper refresh
安裝 glibc 套件
# zypper install glibc
zypper install libbsd0-0.11.6-24.29.x86_64
Problem: the to be installed libbsd0-0.11.6-24.29.x86_64 requires 'libc.so.6(GLIBC_2.33)(64bit)', but this requirement cannot be provided
not installable providers: glibc-2.36.9000.199.g589eda82bb-lp154.3834.1.x86_64[devel_gcc_next]
Solution 1: Following actions will be done:
install glibc-2.36.9000.199.g589eda82bb-lp154.3834.1.x86_64 from vendor obs://build.opensuse.org/devel:gcc
replacing glibc-2.31-150300.41.1.x86_64 from vendor SUSE LLC <https://www.suse.com/>
install glibc-extra-2.36.9000.199.g589eda82bb-lp154.3834.1.x86_64 from vendor obs://build.opensuse.org/devel:gcc
replacing glibc-extra-2.31-150300.41.1.x86_64 from vendor SUSE LLC <https://www.suse.com/>
install glibc-lang-2.36.9000.199.g589eda82bb-lp154.3834.1.noarch from vendor obs://build.opensuse.org/devel:gcc
replacing glibc-lang-2.31-150300.41.1.noarch from vendor SUSE LLC <https://www.suse.com/>
install glibc-locale-base-2.36.9000.199.g589eda82bb-lp154.3834.1.x86_64 from vendor obs://build.opensuse.org/devel:gcc
replacing glibc-locale-base-2.31-150300.37.1.x86_64 from vendor SUSE LLC <https://www.suse.com/>
install nscd-2.36.9000.199.g589eda82bb-lp154.3834.1.x86_64 from vendor obs://build.opensuse.org/devel:gcc
replacing nscd-2.31-150300.37.1.x86_64 from vendor SUSE LLC <https://www.suse.com/>
install glibc-locale-2.36.9000.199.g589eda82bb-lp154.3834.1.x86_64 from vendor obs://build.opensuse.org/devel:gcc
replacing glibc-locale-2.31-150300.37.1.x86_64 from vendor SUSE LLC <https://www.suse.com/>
Solution 2: do not install libbsd0-0.11.6-24.29.x86_64
Solution 3: break libbsd0-0.11.6-24.29.x86_64 by ignoring some of its dependencies
Choose from above solutions by number or cancel [1/2/3/c/d/?] (c): 1
使用方案 1 安裝
安裝 pulse secure 套件
# zypper install ps-pulse-linux-9.1r15.0-b15819-64bit-installer.rpm
Loading repository data...
Reading installed packages...
Resolving package dependencies...
Problem: nothing provides 'libbsd' needed by the to be installed pulsesecure-2:9.1-R15.x86_64
Solution 1: do not install pulsesecure-2:9.1-R15.x86_64
Solution 2: break pulsesecure-2:9.1-R15.x86_64 by ignoring some of its dependencies
Choose from above solutions by number or cancel [1/2/c/d/?] (c): 2
Resolving dependencies...
Resolving package dependencies...
The following 2 NEW packages are going to be installed:
libXss1 pulsesecure
2 new packages to install.
Overall download size: 10.3 MiB. Already cached: 0 B. After the operation, additional 29.6 MiB will be used.
Continue? [y/n/v/...? shows all options] (y): y
Retrieving package libXss1-1.2.2-3.4.x86_64 (1/2), 12.5 KiB ( 14.2 KiB unpacked)
Retrieving: libXss1-1.2.2-3.4.x86_64.rpm .......................................................................[done]
Retrieving package pulsesecure-2:9.1-R15.x86_64 (2/2), 10.3 MiB ( 29.6 MiB unpacked)
ps-pulse-linux-9.1r15.0-b15819-64bit-installer.rpm:
Package header is not signed!
pulsesecure-2:9.1-R15.x86_64 (Plain RPM files cache): Signature verification failed [6-File is unsigned]
Abort, retry, ignore? [a/r/i] (a): i
這邊使用方案 2 , 忽略相依性的方式來進行安裝, 並忽略簽章問題
安裝完畢就可以找到圖形介面的程式
點選 新增的 + 按鈕
輸入 名稱與 Server URL
點選 Connect 就可以進行連線
同場加映, 文字介面連線方式
建立憑證存放資料夾
# mkdir -p /etc/pki/ca-trust/extracted/openssl
建立檔案
# touch /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
使用 Brave 瀏覽器開啟之後要存取的網址, 例如 https://YOUR_SERVER_URL
點選 鎖頭 -- > 點選 憑證有效的另開視窗
點選 詳細資訊
將 3 個憑證全部匯出
將憑證放入
# cat /home/sakanamax/Builtin\ Object\ Token_TWCA\ Global\ Root\ CA > /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
# cat /home/sakanamax/TWCA\ Secure\ SSL\ Certification\ Authority >> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
# cat /home/sakanamax/_.YOURS.com.tw >> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
公司憑證名稱記得換成自己的
進行連線
# /opt/pulsesecure/bin/pulselauncher -U https://YOUR_SERVER_URL -u YOUR_USER
實務上測試用一般使用者可以連線
輸入User Realm:
輸入密碼
這樣之後就可以用 Pulse Secure 進行 SSLVPN 連線了
~ enjoy it
Reference