SparkLabs Forum.

Community Help.


Using Viscosity to connect to Rackspace VPN

Hello,


We have Rackspace for our servers and they have a firewall also which they have configured to give us VPN access, and gain access to our Rackspace LAN and servers. Traditionally, they suggest to use Cisco AnyConnect VPN client. I think this client is based on OpenVPN so I am hoping to use Viscosity instead of Cisco for various reasons I won't go in to here. I am having a hard time getting everything configured properly to connect. It is an SSL vpn with a self signed cert. Here is the connection detail from Rackspace (with sensitive data x'd out):

Thank you for your call. As discussed, the AnyConnect SSL VPN has been configured. The following is the instructions:
1. You'll open a secure browser page to your firewall by going to https://XXX.XXX.XXX.XXX. You should receive a certificate warning. This is normal as the firewall is using a self-signed certificate and not a purchased cert from a trusted CA. Please click through these warnings to connect to the page. If in the future you'd like to purchase a certificate from a CA for your firewall to avoid this warning, we can apply that cert to your firewall.
2. After entering your username and password, a download will start for the Cisco AnyConnect Client on your computer. This download is using Java so you'll need to ensure it is installed.
3. Open the AnyConnect client if it didn't automatically.
4. Because the certificate on your firewall is self-signed, you will need to uncheck the box that blocks untrusted servers in the settings of AnyConnect.
5. Click the cog wheel in the bottom left of the AnyConnect client and uncheck the box "Block connections to untrusted servers"
6. Once you click past all of the warnings and enter in your user/password, it should connect successfully. Once connected, you'll be able to access your servers with their private IP.
7. After using the secure browser login and successfully downloading the client, you may connect using just the AnyConnect application installed. Enter XXX.XXX.XXX.XXX (same as address in step 1) in the connection window and it will prompt you for your username/password once the initial connection is made.


The following is the user that has been configured:

username: XXXXXXXXXXXXX
password: XXXXXXXXXXXXX


I also have the self signed cert that they are using, they sent it to me.

The first problem was with the cert. Because they sent it to me, I don't have the key. When I tried to point to this cert in the cert field under Authentication, I was getting errors that I needed CA or key. So, I put the cert in the CA field and now, I don't get those errors.

Instead, I am now getting an error about "No usable connection profiles are present". I did read a forum post about making sure the service is logging in as the admin account, I did that and restarted the service but I still have this issue.

I don't know how to get past this or if I am even on the right track. For example, do I have the cert stuff correctly configured, is port 1194 even the right port? What are the connection profile errors?

For the record, when using the Cisco VPN client, everything works and we can connect so I know the setup is good.

Here is the output from the log.

Oct 31 11:46:35 AM: No usable connection profiles are present
Oct 31 11:46:35 AM: State changed to Disconnected
Oct 31 11:51:15 AM: State changed to Connecting
Oct 31 11:51:15 AM: Viscosity Windows 1.7.12 (1581)
Oct 31 11:51:15 AM: Running on Microsoft Windows 10 Pro
Oct 31 11:51:15 AM: Running on .NET Framework Version 4.7.03056.461808
Oct 31 11:51:15 AM: Bringing up interface...
Oct 31 11:51:16 AM: OpenVPN 2.4.6 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 31 2018
Oct 31 11:51:16 AM: library versions: OpenSSL 1.0.2p 14 Aug 2018, LZO 2.09Oct 31 11:51:17 AM: Checking remote host "is reachable...
Oct 31 11:51:18 AM: Checking remote host "is reachable...

Oct 31 11:51:19 AM: No usable connection profiles are present
Oct 31 11:51:19 AM: State changed to Disconnected

Thanks!

Mike
Hi mbedford,

While OpenVPN and Anyconnect are both SSL, they are very different protocols, they cannot interconnect. I'm afraid Viscosity won't be able to connect to your Cisco VPN connection.

Regards,
Eric
Eric,

Thank you for the reply, but that is unfortunate news. Here is what we are thinking now (because we really want to use a different VPN/client). We could ask Rackspace if they could setup an OpenVPN connection on our firewall but we think they cannot.

Therefore, we will look in to setting up an OpenVPN server on our Rackspace server.

Thanks!

Mike
3 posts Page 1 of 1

Copyright © 2016 SparkLabs Pty Ltd. All Rights Reserved. Privacy Policy