Unable to connect from AnyConnect 3.0 and 3.1 Windows Clients to ocserv 0.2.4 and git head

Thomas Glanzmann thomas at glanzmann.de
Sat Jan 11 18:32:23 EST 2014


Hello everyone,
here is another trace from an IOS router:

POST / HTTP/1.1
Cache-Control: no-cache
Connection: close
Pragma: no-cache
Host: lync.gmvl.de
User-Agent: AnyConnect Windows 3.1.05152
X-Transcend-Version: 1
X-Aggregate-Auth: 1
X-AnyConnect-Platform: win
Content-Length: 564

<?xml version="1.0" encoding="UTF-8"?>
<config-auth client="vpn" type="init" aggregate-auth-version="2">
<version who="vpn">3.1.05152</version>
<device-id device-type="Intel Pentium Processors= 4 x86" platform-version="6.1.7601 Service Pack 1" unique-id="B2B563176DCDE1E541C743464446CCC939B98C0E8CD59E8752E8B2814411EEBA">win</device-id>
<mac-address-list>
<mac-address>00-24-d7-11-74-00</mac-address>
<mac-address>00-26-2d-fc-e4-1e</mac-address></mac-address-list>
<group-select>full</group-select>
<group-access>https://lync.gmvl.de</group-access>
</config-auth>

HTTP/1.1 303 See Other
Content-Type: text/html
Content-Length: 0
Location: https://lync.gmvl.de:443/webvpn.html
Set-Cookie: webvpncontext=00 at tonline; path=/; Secure
Connection: Keep-Alive

GET /webvpn.html HTTP/1.1
Cache-Control: no-cache
Connection: close
Pragma: no-cache
Cookie: webvpncontext=00 at tonline;
Host: lync.gmvl.de:443
User-Agent: AnyConnect Windows 3.1.05152
X-Transcend-Version: 1
X-Aggregate-Auth: 1
X-AnyConnect-Platform: win


HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-Type: text/html
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; Secure
Set-Cookie: webvpncontext=00 at tonline; path=/; Secure
X-Transcend-Version: 1
Content-Length: 473
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<auth id="main">
	<title>Default Customization</title>
	<message>Please enter your username and password.</message>
	<form method="post" action="webvpn.html">
                <input type="text" label="USERNAME:" name="username" value="" />
		<input type="password" label="PASSWORD:" name="password" value="" />
		<input type="submit" name="Login" value="Login" />
		<input type="reset" name="Clear" value="Clear" />
	</form>
</auth>

POST /webvpn.html HTTP/1.1
Cache-Control: no-cache
Connection: Close
Pragma: no-cache
Cookie: webvpncontext=00 at tonline;
Host: lync.gmvl.de:443
User-Agent: AnyConnect Windows 3.1.05152
X-Transcend-Version: 1
X-Aggregate-Auth: 1
X-AnyConnect-Platform: win
Content-Length: 37

password=password&username=sithglan

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-Type: text/html
Set-Cookie: webvpncontext=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; Secure
Set-Cookie: webvpn=00 at 1311721029@00002 at 3598467018@1615302194 at tonline; path=/; Secure
Set-Cookie: webvpnc=p:t&bu:/CACHE/webvpn/stc/&iu:1/&sh:9C6A0C3F094BCC96EA12D8F98FB12772C64C0DDC&; path=/; Secure
X-Transcend-Version: 1
Content-Length: 130
Connection: close

<?xml version="1.0" encoding="UTF-8"?><auth id="success"><title>SSL VPN Service</title><message>Success</message><success/></auth>

GET /CACHE/webvpn/stc/1/index.html HTTP/1.1
Cache-Control: no-cache
Connection: Close
Pragma: no-cache
Cookie: webvpn=00 at 1311721029@00002 at 3598467018@1615302194 at tonline;webvpnc=p:t&bu:/CACHE/webvpn/stc/&iu:1/&sh:9C6A0C3F094BCC96EA12D8F98FB12772C64C0DDC&;
Host: lync.gmvl.de:443
User-Agent: AnyConnect Windows 3.1.05152
X-Transcend-Version: 1
X-Aggregate-Auth: 1
X-AnyConnect-Platform: win


HTTP/1.1 200 OK
Server: cisco-IOS
Connection: close
Content-Length: 5548
Content-Type: text/html
Cache-Control: max-age=0

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <link rel="stylesheet" type="text/css" href="style.css" />
  <meta name="expires" content="Sat, 01 Jan 2000 24:00:00 GMT"/>
  <title>Installation</title>
  <script type="text/javascript" language="JavaScript1.1" src="binaries/pkginit.js"></script>
  <script type="text/javascript" language="JavaScript1.1" src="binaries/main.js"></script>
  <script type="text/javascript" language="JavaScript1.1" src="strings.js"></script>
  <script type="text/javascript" language="JavaScript1.1">
    function openTipsWindow() {
      var x = 310;
      window.open('tips.htm', 'tips',
        'width=' + x + ',scrollbars=yes,toolbar=no,directories=no,' +
          'status=no,menubar=no,top=0,screenY=0,resizable,' +
          'left=' + (screen.width - x) + ',screenX=' + (screen.width - x));
    }

 < 2014/01/11 23:10:19.190547  length=1016 from=1016 to=2031
   function skipToManualInstall() {
      iStatus=-70;
      Launch();
    }

    // preload images
    var preloadedImgs = new Array();

    preloadedImgs[0] = new Image(100, 75);
    preloadedImgs[0].src = "images/company-logo.png";

    preloadedImgs[1] = new Image(24, 24);
    preloadedImgs[1].src = "images/anyconnect-24.png";

    preloadedImgs[2] = new Image(160, 67);
    preloadedImgs[2].src = "images/buttons.gif";

    preloadedImgs[3] = new Image(282, 88);
    preloadedImgs[3].src = "images/infobar.gif";

    preloadedImgs[3] = new Image(172, 14);
    preloadedImgs[3].src = "images/loading.gif";

    preloadedImgs[4] = new Image(498,75);
    preloadedImgs[4].src = "images/header.jpg";

  </script>
</head>
<body onload='loadPackage();'>
<div align="center">
<table width="500" border="0" cellpadding="0" cellspacing="0" class="cuesHeaderBg wizard">

  <tr>
    <td colspan="2" style="border-bottom: 1px solid #666666;" class="cuesHeaderTitleLogo">
      <img id="companylogo" src="images/company-logo.png" align="absmiddle" title="Cisco Logo" alt="Cisco Logo" width="100" height="75">AnyConnect Secure Mobility Client
    </td>
  </tr>

  <tr>
    <td class="cuesWizardStepPanel">
      <table border="0" cellpadding="0" cellspacing="0" class="wizard-steps-title">
        <tr>
          <td class="cuesWizardIcon">
            <img src="images/anyconnect-24.png" border="0" alt="AnyConnect Icon" title="AnyConnect Icon" width="24" height="24" />
          </td>
          <td class="cuesWizardTitle">WebLaunch</td>
        </tr>
      </table>
      <table border="0" cellpadding="0" cellspacing="0" width="100%" class="wizard-steps">
        <tr>
          <td id="state1no" class="cuesWizardStepSelectedNo"><input id="state1check" type="checkbox" tabindex="-1" disabled="true"/></td>
          <td id="state1dash" class="cuesWizardStepSelectedDash">-</td>
          <td id="state1phase" class="cuesWizardStepSelected">Platform Detection</td>
        </tr>
       <tr>
          <td id="state10no" class="cuesWizardStepFutureNo"><input id="state10check" type="checkbox" tabindex="-1" disabled="true"/></td>
          <td id="state10dash" class="cuesWizardStepFutureDash">-</td>
          <td id="state10phase" class="cuesWizardStepFuture">ActiveX</td>
        </tr>
        <tr>
          <td id="state20no" class="cuesWizardStepFutureNo"><input id="state20check" type="checkbox" tabindex="-1" disabled="true"/></td>
          <td id="state20dash" class="cuesWizardStepFutureDash">-</td>
          <td id="state20phase"class="cuesWizardStepFuture">Java Detection</td>
        </tr>   
        <tr>
          <td id="state40no" class="cuesWizardStepFutureNo"><input id="state40check" type="checkbox" tabindex="-1" disabled="true"/></td>
          <td id="state40dash" class="cuesWizardStepFutureDash">-</td>
          <td id="state40phase" class="cuesWizardStepFuture">Java</td>
        </tr>
        <tr>
          <td id="state70no" class="cuesWizardStepFutureNo"><input id="state70check" type="checkbox" tabindex="-1" disabled="true"/></td>
          <td id="state70dash" class="cuesWizardStepFutureDash">-</td>
          <td id="state70phase" class="cuesWizardStepFuture">Download</td>
        </tr>
        <tr>
          <td id="state100no" class="cuesWizardStepFutureNo"><input id="state100check" type="checkbox" tabindex="-1" disabled="true"/></td>
          <td id="state100dash" class="cuesWizardStepFutureDash">-</td>
          <td id="state100phase" class="cuesWizardStepFuture">Connected</td>
        </tr>   
      </table>
    </td>
    <td class="cuesWizardContent">
      <div id="cuesWizardStepTitle">Platform Detection</div>
      <div id="cuesWizardContentBody" style="height:180">
        <div id="idDivMessage" name="idDivMessage">The installer is detecting your operating system and CPU.  Please wait...</div>  
      </div>
      <div id="cuesWizardContentNavButtons">
        <input id="helpButton" type="Submit" value="Help" class="cuesButton" onclick="openTipsWindow(); return false" onkeypress="openTipsWindow(); return false"/>
        <input id="manualInstallButton" type="button" value="Download" class="cuesWizardCancelButton" onclick="skipToManualInstall(); return false" onkeypress="skipToManualInstall(); return false"/>
      </div>
    </td>
  </tr>
</table>
</div>
<iframe id="idiFrameMain" name="idiFrameMain" border="0" src="empty.html" width="20" height="0" MarginHeight="0" MarginWidth="0" FrameBorder="0"></iframe>
<div id="idDivMain" name="idDivMain" style="position:relative"></div>
</body>
</html>

GET /CACHE/webvpn/stc/1/Windows HTTP/1.1
Cache-Control: no-cache
Connection: Close
Pragma: no-cache
Cookie: webvpn=00 at 1311721029@00002 at 3598467018@1615302194 at tonline;webvpnc=p:t&bu:/CACHE/webvpn/stc/&iu:1/&sh:9C6A0C3F094BCC96EA12D8F98FB12772C64C0DDC&;
Host: lync.gmvl.de:443
User-Agent: AnyConnect Windows 3.1.05152
X-Transcend-Version: 1
X-Aggregate-Auth: 1
X-AnyConnect-Platform: win


HTTP/1.1 200 OK
Server: cisco-IOS
Connection: close
Content-Length: 0
Cache-Control: max-age=0


GET /CACHE/webvpn/stc/1/binaries/update.txt HTTP/1.1
Cache-Control: no-cache
Connection: Close
Pragma: no-cache
Cookie: webvpn=00 at 1311721029@00002 at 3598467018@1615302194 at tonline;webvpnc=p:t&bu:/CACHE/webvpn/stc/&iu:1/&sh:9C6A0C3F094BCC96EA12D8F98FB12772C64C0DDC&;
Host: lync.gmvl.de:443
User-Agent: AnyConnect Windows 3.1.05152
X-Transcend-Version: 1
X-Aggregate-Auth: 1
X-AnyConnect-Platform: win


HTTP/1.1 200 OK
Server: cisco-IOS
Connection: close
Content-Length: 11
Content-Type: text/plain
Cache-Control: max-age=0

3,1,05152

GET /CACHE/webvpn/stc/1/VPNManifest.xml HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Cookie: webvpn=00 at 1311721029@00002 at 3598467018@1615302194 at tonline;
Host: lync.gmvl.de
User-Agent: AnyConnect Downloader 3.1.05152


HTTP/1.1 200 OK
Server: cisco-IOS
Content-Length: 1727
Content-Type: text/xml
Cache-Control: max-age=0

<?xml version="1.0" encoding="UTF-8"?>
<vpn rev="1.0">
  <file version="3.1.05152" id="VPNCore" is_core="yes" type="exe" action="install">
    <uri>binaries/anyconnect-win-3.1.05152-web-deploy-k9.exe</uri>
    <display-name>AnyConnect Secure Mobility Client</display-name>
  </file>
  <file version="3.1.05152" id="gina" is_core="no" type="exe" action="install" module="vpngina">
    <uri>binaries/anyconnect-gina-win-3.1.05152-web-deploy-k9.exe</uri>
    <display-name>AnyConnect SBL</display-name>
  </file>
  <file version="3.1.05152" id="DART" is_core="no" type="msi" action="install" module="dart">
    <uri>binaries/anyconnect-dart-win-3.1.05152-k9.msi</uri>
    <display-name>AnyConnect DART</display-name>
  </file>
  <file version="3.1.05152" id="NAM" is_core="no" type="msi" action="install" module="nam">
    <uri>binaries/anyconnect-nam-win-3.1.05152-k9.msi</uri>
    <display-name>AnyConnect Network Access Manager</display-name>
  </file>
  <file version="3.1.05152" id="WebSecurity" is_core="no" type="exe" action="install" module="websecurity">
    <uri>binaries/anyconnect-websecurity-win-3.1.05152-web-deploy-k9.exe</uri>
    <display-name>AnyConnect Web Security</display-name>
  </file>
  <file version="3.1.05152" id="Posture" is_core="no" type="msi" action="install" module="posture">
    <uri>binaries/anyconnect-posture-win-3.1.05152-web-deploy-k9.msi</uri>
    <display-name>AnyConnect Posture</display-name>
  </file>
  <file version="3.1.05152" id="Telemetry" is_core="no" type="exe" action="install" module="telemetry">
    <uri>binaries/anyconnect-telemetry-win-3.1.05152-web-deploy-k9.exe</uri>
    <display-name>AnyConnect Telemetry</display-name>
  </file>
</vpn>

GET /+CSCOT+/translation-table?type=combined-manifest&textdomain=AnyConnect HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Cookie: webvpn=00 at 1311721029@00002 at 3598467018@1615302194 at tonline;
Host: lync.gmvl.de
User-Agent: AnyConnect Downloader 3.1.05152


HTTP/1.1 404 Not Found
Date: Sat, 11 Jan 2014 22:10:21 GMT
Content-Length:  0   
Content-Type: text/html
Connection: Keep-Alive


GET /+CSCOT+/translation-table?type=mst-manifest&textdomain=AnyConnect HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Cookie: webvpn=00 at 1311721029@00002 at 3598467018@1615302194 at tonline;
Host: lync.gmvl.de
User-Agent: AnyConnect Downloader 3.1.05152


HTTP/1.1 404 Not Found
Date: Sat, 11 Jan 2014 22:10:21 GMT
Content-Length:  0   
Content-Type: text/html
Connection: Keep-Alive


GET /+CSCOT+/oem-customization?app=AnyConnect&type=manifest&platform=win HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Cookie: webvpn=00 at 1311721029@00002 at 3598467018@1615302194 at tonline;
Host: lync.gmvl.de
User-Agent: AnyConnect Downloader 3.1.05152


HTTP/1.1 404 Not Found
Date: Sat, 11 Jan 2014 22:10:21 GMT
Content-Length:  0   
Content-Type: text/html
Connection: Keep-Alive


CONNECT /CSCOSSLC/tunnel HTTP/1.1
Host: lync.gmvl.de
User-Agent: Cisco AnyConnect VPN Agent for Windows 3.1.05152
Cookie: webvpn=00 at 1311721029@00002 at 3598467018@1615302194 at tonline
X-CSTP-Version: 1
X-CSTP-Hostname: lenovo
X-CSTP-MTU: 1299
X-CSTP-Address-Type: IPv6,IPv4
X-CSTP-Local-Address-IP4: 192.168.0.249
X-CSTP-Base-MTU: 1400
X-CSTP-Remote-Address-IP4: 1.2.3.4
X-CSTP-Full-IPv6-Capability: true
X-DTLS-Master-Secret: secret
X-DTLS-CipherSuite: AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA
X-DTLS-Accept-Encoding: lzs
X-DTLS-Header-Pad-Length: 0
X-CSTP-Accept-Encoding: lzs,deflate
X-CSTP-Protocol: Copyright (c) 2004 Cisco Systems, Inc.


HTTP/1.1 200 OK
Server: Cisco IOS SSLVPN
X-CSTP-Version: 1
X-CSTP-Address: 10.50.0.2
X-CSTP-Netmask: 255.255.255.0
X-CSTP-Keep: true
X-CSTP-DNS: 8.8.8.8
X-CSTP-NBNS: 1.2.3.4
X-CSTP-Lease-Duration: 43200
X-CSTP-MTU: 1299
X-CSTP-Default-Domain: gmvl.de
X-CSTP-Split-Exclude: 0.0.0.0/255.255.255.255
X-CSTP-Rekey-Time: 3600
X-CSTP-Rekey-Method: new-tunnel
X-CSTP-DPD: 3600
X-CSTP-Disconnected-Timeout: 2100
X-CSTP-Idle-Timeout: 2100
X-CSTP-Session-Timeout: 0
X-CSTP-Keepalive: 30
X-DTLS-Session-ID: whatever
X-DTLS-Port: 443
X-DTLS-CipherSuite: AES256-SHA
X-DTLS-DPD: 3600
X-DTLS-KeepAlive: 30
X-DTLS-Rekey-Time: 3600

Cheers,
        Thomas



More information about the openconnect-devel mailing list