Unable to connect from AnyConnect 3.0 and 3.1 Windows Clients to ocserv 0.2.4 and git head
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sat Jan 11 17:34:05 EST 2014
On 01/11/2014 08:42 PM, Thomas Glanzmann wrote:
> Hello,
> Server:
> HTTP/1.1 200 OK
> Connection: Keep-Alive
> Content-Type: text/xml
> Content-Length: 213
> X-Transcend-Version: 1
> <?xml version="1.0" encoding="UTF-8"?>
> <auth id="main">
> <message>Please enter your password</message>
> <form method="post" action="/auth">
> <input type="password" name="password" label="Password:" />
> </form></auth>
>
> Client:
> POST /auth HTTP/1.1
> Cache-Control: no-cache
> Connection: Close
> Pragma: no-cache
> User-Agent: AnyConnect Windows 3.0.07059
> X-Transcend-Version: 1
> X-Aggregate-Auth: 1
> X-AnyConnect-Platform: win
> Content-Length: 19
> Host: lync.gmvl.de
>
> password=password
>
> HTTP/1.1 200 OK
> Connection: Keep-Alive
> Content-Type: text/xml
> Content-Length: 209
> X-Transcend-Version: 1
There is something fishy at this point. Could you try the current
version from repository? It wouldn't fix the issue but at least it has
some debugging to trace the issue down (use only -d for debugging).
> <?xml version="1.0" encoding="UTF-8"?>
> <auth id="main">
> <message>Please enter your username</message>
> <form method="post" action="/auth">
> <input type="text" name="username" label="Username:" />
> </form></auth>
> What I don't like here is that it is just using a post but on [1] it says it
> should use a format similiar to:
> <config-auth client="vpn" type="auth-reply">
> <version who="vpn">v5.01</version>
> <device-id>linux-64</device-id>
> <auth><username>test</username></auth>
> </config-auth>
The format you see on the wire is from an older version of the
anyconnect protocol. Either you client is old, or it has detected the
server as old and uses the old format. Nevertheless, that shouldn't
cause any issue.
regards,
Nikos
More information about the openconnect-devel
mailing list