openconnect with Belgian EID

Christof Haerens christof at haerens.be
Tue Nov 5 05:20:55 EST 2013


Hi,

I try to connect to cisco with openconnect and my Belgian EID card. My access is ok and no user/pw is needed. This is verified with my card and using the anyconnect on windows.
I'm using Fedora 18.

% openconnect --version
OpenConnect version v4.08
Using GnuTLS. Features present: TPM, PKCS#11, DTLS (using OpenSSL)

also configured this so I could use the p11-tool :
% cat /etc/pkcs11/modules/opensc.module
module: opensc-pkcs11.so

I can run the p11tool with --login and my EID pin is asked and my certs are displayed. So after identifying the right id I can run openconnect, but still cant get my WebVPN cookie:


% openconnect -v --no-cert-check -c 'pkcs11:token=BELPIC%20%28Basic%20PIN%29;id=%02' https://vpn1
Attempting to connect to server xxxxxxxx:443
Using PKCS#11 certificate pkcs11:token=BELPIC%20%28Basic%20PIN%29;id=%02;object-type=cert;pin-source=openconnect%3a0x166e930
PIN required for BELPIC (Basic PIN)
Enter PIN:
Using PKCS#11 key pkcs11:token=BELPIC%20%28Basic%20PIN%29;id=%02;object-type=private;pin-source=openconnect%3a0x166e930
Using client certificate 'Christof Haerens (Authentication)'
SSL negotiation with vpn1
Connected to HTTPS on vpn1
GET https://vpn1/
Got HTTP response: HTTP/1.0 302 Object Moved
Content-Type: text/html
Content-Length: 0
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
Date: Tue, 05 Nov 2013 10:17:01 GMT
Location: /+webvpn+/index.html
Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
HTTP body length:  (0)
SSL negotiation with vpn1
Connected to HTTPS on vpn1
GET https://vpn1/+webvpn+/index.html
Got HTTP response: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/xml
Cache-Control: max-age=0
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=1; secure
Set-Cookie: ClientCertAuthFailed=1; path=/; secure
SSL certificate authentication failed
X-Transcend-Version: 1
HTTP body chunked (-2)
Fixed options give
Please enter your username and password.
Certificate Validation Failure
Failed to obtain WebVPN cookie


Any ideas about what I'm still missing?

thxs
Christof




More information about the openconnect-devel mailing list