Openconnect no-xmlpost
Peter Magnusson
pet.magnusson at gmail.com
Tue Nov 4 08:07:54 PST 2014
Just adding some more information. I just tested this with another
type of authentication (OTP) and this works fine. So the problem only
seems to be present when im authenticating with my smartcard.
On Tue, Nov 4, 2014 at 3:41 PM, Peter Magnusson <pet.magnusson at gmail.com> wrote:
> Hi David,
>
> Thank you for the reply. Ive enabled verbose log on cstub and compared
> the logs now. On the run where it is Not working (the second run)
> there are nothing at all being logged to the cstub.log.
> So it seems the hostscan parts are not being executed at all for some
> reason. On the run that is working(first run) i have alot of logentrys
> in cstub.log. Also when running with --no-xmlpost cstub.log looks
> normal aswell.
>
> There is no difference in the behavior if i kill the openconnect
> process with SIGTERM or SIGHUP. I can see that there are two
> openconnect processes (one is the parent of the other) and when i
> tested this i killed the parentprocess with SIGHUP/SIGTERM.
>
> Best regards
> Peter
>
>
> On Tue, Nov 4, 2014 at 1:27 PM, David Woodhouse <dwmw2 at infradead.org> wrote:
>> On Tue, 2014-11-04 at 11:15 +0100, Peter Magnusson wrote:
>>> In the server logs it says "Certificate was succesfully validated"
>>> over and over each time it loops trough the parts above. Nothing more.
>>>
>>> The interesting part is if i wait for exactly 2 minutes and try again
>>> it will work again like it did the first time. So this seems like a
>>> timeout of some sort.
>>>
>>> However, if i try the openconnect command with −−no−xmlpost it works
>>> perfectly every time. The problem is that in the next step i would
>>> like to use the Openconnect NetworkManager plugin and this does not
>>> seem to have support for the −−no−xmlpost flag. Also the manual
>>> (http://www.infradead.org/openconnect/manual.html) says to report if
>>> the −−no−xmlpost flag is needed.
>>>
>>> Can anyone give me any suggestions as to why this is not working as
>>> expected ? Please let me know if i can provide any more information.
>>
>> You should get a lot of log output in ~/.cisco/hostscan/log/cstub.log —
>> especially if you set '-log debug' in your csd-wrapper.sh.
>>
>> Can you compare those logs between successful and unsuccessful runs?
>>
>> Also, how are you killing openconnect? Does it make a difference if you
>> send it SIGHUP and let it sign off gracefully, vs. SIGTERM to just kill
>> it. You're looking for a message saying 'Send BYE packet:' in the
>> graceful termination case.
>>
>> --
>> dwmw2
More information about the openconnect-devel
mailing list