Openconnect 5.01 no longer connects

Anton Keks anton at codeborne.com
Thu Dec 26 04:35:54 EST 2013 

5.01 with --no-xmlpost works (see output below), however git master
still fails without --no-xmlpost, just like 5.01.

$ sudo openconnect -v 213.172.3.40 --no-xmlpost
GET https://213.172.3.40/
Attempting to connect to server 213.172.3.40:443
SSL negotiation with 213.172.3.40
Server certificate verify failed: signer not found

Certificate from VPN server "213.172.3.40" failed verification.
Reason: signer not found
Enter 'yes' to accept, 'no' to abort; anything else to view: yes
Connected to HTTPS on 213.172.3.40
Got HTTP response: HTTP/1.0 302 Object Moved
Content-Type: text/html; charset=utf-8
Content-Length: 0
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
Date: Thu, 26 Dec 2013 09:16:50 GMT
Location: /+webvpn+/index.html
Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
HTTP body length:  (0)
GET https://213.172.3.40/+webvpn+/index.html
SSL negotiation with 213.172.3.40
Server certificate verify failed: signer not found
Connected to HTTPS on 213.172.3.40
Got HTTP response: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/xml
Cache-Control: max-age=0
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=1; secure
X-Transcend-Version: 1
HTTP body chunked (-2)
Please enter your username and password.
GROUP: [ADMBankier|ADMCborne|ADMCborne-new|ADMNetwork|ADMOther|ADMPhones|ADMW2K|MobileMGR|WssDocs]:ADMCborne
Username:cborne
Password:
POST https://213.172.3.40/+webvpn+/index.html
Got HTTP response: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/xml
Cache-Control: max-age=0
Set-Cookie: webvpnlogin=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpn=<elided>; path=/; secure
Set-Cookie: webvpnc=bu:/CACHE/stc/&p:t&iu:1/&sh:9AA6F4978ABEAEC4EB82EDB65A87391F3171214D&lu:/+CSCOT+/translation-table?textdomain%3DAnyConnect%26type%3Dmanifest;
path=/; secure
Set-Cookie: webvpnx=
Set-Cookie: webvpnaac=1; path=/; secure
X-Transcend-Version: 1
HTTP body chunked (-2)
TCP_INFO rcv mss 1368, snd mss 1368, adv mss 1448, pmtu 1500
Got CONNECT response: HTTP/1.1 200 OK


On Wed, Dec 25, 2013 at 8:02 PM, Kevin Cernekee <cernekee at gmail.com> wrote:
> On Wed, Dec 25, 2013 at 8:16 AM, Anton Keks <anton at codeborne.com> wrote:
>> OK, it seems that 4.07 is getting a redirect, while 5.01 does not:
> [...]
>> XML POST enabled
>> GROUP: [ADMBankier|ADMCborne|ADMCborne-new|ADMNetwork|ADMOther|ADMPhones|ADMW2K|MobileMGR|WssDocs]:ADMCborne
>
> In current releases, XML POST does not work correctly with a
> non-default authgroup.
>
> As a temporary workaround you can try passing "--no-xmlpost" if it is
> supported in the version you are running.
>
> There's also a fix in the git tree I referenced earlier.  But I don't
> actually use a VPN gateway that requires an authgroup, so it would be
> helpful if you tested it and let me know if everything works as
> expected.
>
> Thanks.



-- 
Anton
//codeborne

More information about the openconnect-devel mailing list