Juniper connection failure, HTTP/1.1 302 Found

Fri Aug 14 18:15:43 PDT 2015

Okay I was able to re-compile 7.06 source, this time adding in a call to 
"buf_hexdump(vpninfo, (void *)bytes, sizeof(bytes));" right before those 
validation checks (oncp.c:654) ...that printed the hex to screen, which 
I copied to file then awk'd to remove the "0000: " prefix stuff.

First 2 lines translated from hex were "MYHOSTNAME»"; I pasted 3+ in to 
an online Wireshark implementation at http://sadjad.me/phd and it did 
read some stuff correctly. Forwarded the hex dump on to my contact in 
the IT department to see if he can learn more from it. (No idea if this 
dump contains sensitive data, so holding off on posting here for now).

On 08/12/2015 08:32 PM, Nate Mow wrote:
>
>
>
> -------- Forwarded Message --------
> Subject:     Re: Juniper connection failure, HTTP/1.1 302 Found
> Date:     Wed, 12 Aug 2015 20:28:37 -0400
> From:     Nate Mow <natemow at gmail.com>
> To:     David Woodhouse <dwmw2 at infradead.org>
>
>
>
> I think I did try that at some point...trying it again, I'm seeing 
> this come next in the log:
>
>    Got HTTP response: HTTP/1.1 200 OK
>    Content-type: application/octet-stream
>    Pragma: no-cache
>    NCP-Version: 3
>    Set-Cookie: DSLastAccess=1439424998; path=/; Secure
>    Connection: close
>    X-Frame-Options: SAMEORIGIN
>    SSL negotiation with alias.example.com
>    No match for altname 'vpn.example.com'
>    No match for altname 'alias.example-europe.com'
>    Matched DNS altname 'alias.example.com'
>    Connected to HTTPS on alias.example.com
>    Got HTTP response: HTTP/1.1 200 OK
>    Content-type: application/octet-stream
>    Pragma: no-cache
>    NCP-Version: 3
>    Set-Cookie: DSLastAccess=1439424998; path=/; Secure
>    Connection: close
>    X-Frame-Options: SAMEORIGIN
>    0000: 14 00 00 04 00 00 00 07 00 45 4c 4b 48 41 52 54
>    0010: bb 01 00 00 00 00
>    Server response to hostname packet is error 0x08
>    Creating SSL connection failed
>
>
> To me it looks like host is responding with "here, install this 
> applet" now. Is there a way to get the raw response from the server? 
> (I'm not a C guy, so a bit out of my depth as far as tracing locally 
> goes).
>
>
> On 08/12/2015 08:08 PM, David Woodhouse wrote:
>> On Wed, 2015-08-12 at 20:06 -0400, Nate Mow wrote:
>>>     # Now attempt the actual connection.
>>>     echo "$COOKIE" | sudo openconnect "$JNC_HOST" \
>>>       --dump-http-traffic \
>>>       --disable-ipv6 \
>>>       --os="linux-64" \
>>>       --useragent="$_ua_string" \
>>>       --cookie-on-stdin \
>>> --cafile="./config/GlobalSignOrganizationValidationCA-SHA256-G2.ca" \
>>>       --servercert="$FINGERPRINT" \
>>>       --no-cert-check --background --pid-file=$VPN_PID_FILE \
>>>         >> $VPN_LOG_FILE 2>&1;
>> You'll want a --juniper in that one somewhere too.
>>
>
>
>