As easy as in Android???? Hopefully...

Nicolás Escudero nicolasescudero at gmail.com
Tue Mar 31 08:49:47 PDT 2015 

Hi Kevin,

Tried it, still not working, here is the verbose output:

pi at raspberrypi ~ $ sudo openconnect --csd-wrapper ~/.cisco/wrapper.sh
--os android 32.59.2.56 -v
POST https://32.59.2.56/
Attempting to connect to server 32.59.2.56:443
SSL negotiation with 32.59.2.56
Server certificate verify failed: signer not found

Certificate from VPN server "32.59.2.56" failed verification.
Reason: signer not found
Enter 'yes' to accept, 'no' to abort; anything else to view: yes
Connected to HTTPS on 32.59.2.56
Got HTTP response: HTTP/1.0 302 Object Moved
Content-Type: text/html; charset=utf-8
Content-Length: 0
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
Date: Tue, 31 Mar 2015 04:36:36 GMT
Location: /+webvpn+/index.html
Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
HTTP body length:  (0)
GET https://32.59.2.56/
Attempting to connect to server 32.59.2.56:443
SSL negotiation with 32.59.2.56
Server certificate verify failed: signer not found
Connected to HTTPS on 32.59.2.56
Got HTTP response: HTTP/1.0 302 Object Moved
Content-Type: text/html; charset=utf-8
Content-Length: 0
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
Date: Tue, 31 Mar 2015 04:36:37 GMT
Location: /+webvpn+/index.html
Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
HTTP body length:  (0)
GET https://32.59.2.56/+webvpn+/index.html
SSL negotiation with 32.59.2.56
Server certificate verify failed: signer not found
Connected to HTTPS on 32.59.2.56
Got HTTP response: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/xml
Cache-Control: max-age=0
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=1; secure
X-Transcend-Version: 1
HTTP body chunked (-2)
GET https://32.59.2.56/+CSCOE+/sdesktop/wait.html
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
Date: Tue, 31 Mar 2015 04:36:38 GMT
HTTP body chunked (-2)
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://32.59.2.56/+CSCOE+/sdesktop/wait.html
SSL negotiation with 32.59.2.56
Server certificate verify failed: signer not found
Connected to HTTPS on 32.59.2.56
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
Date: Tue, 31 Mar 2015 04:36:40 GMT
HTTP body chunked (-2)
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...

And it keeps reapeting forever those same lines between "Refreshing
+CSCOE+/sdesktop/wait.html after 1 second..."

This looks identical to the output from your post on the suggested
thread, and alto to the output I'm seeing on a successfull conection
from my android... any ideas? Any place where I can check more
detailed logs?

Please feel free to try yourself with the server 32.59.2.56 and also .57

Thanks a lot,
Nico

On Sun, Mar 29, 2015 at 4:23 AM, Kevin Cernekee <cernekee at gmail.com> wrote:
> On Sat, Mar 28, 2015 at 11:24 PM, Nicolás Escudero
> <nicolasescudero at gmail.com> wrote:
>> Hi,
>>
>> I'm experiencing the exact same issue posted on the original thread
>> from KajMagnus:
>> http://lists.infradead.org/pipermail/openconnect-devel/2014-November/002370.html
>>
>> In short, I'm getting these 4 lines repeatedly over and over forever
>> no matter what arguments or wrapper I use:
>>
>> GET https://vpn.server.com/+CSCOE+/sdesktop/wait.html
>> SSL negotiation with vpn.server.com
>> Connected to HTTPS on vpn.server.com
>> Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
>>
>> Tried everything, with/without wrapper, --no-xml-post, binaries, all
>> same hard work and reasearch KajMagnus did, same poor luck.
>>
>> I'm running openconnect v6.00, on a RaspberryPi running raspbian Jessie.
>
> An ARM host won't be able to run the x86 trojan binary directly, so a
> wrapper script is probably your best bet.
>
>> In the other hand, I'm perfectly able to connect to the same server
>> using both Windows Anyconnect and Android Openconnect. Both of them
>> with 100% default settings, just entered server+username and then,
>> when prompted, the passcode from my RSA Hard-Token.
>
> Try this:
>
> http://lists.infradead.org/pipermail/openconnect-devel/2013-October/001225.html
>
>> COLOR NOTE: I cannot connect using AnyConnect for Android, I'm getting
>> a server response saying the server doesn't have an active "Mobile
>> License"....
>
> This is checked (or not checked, in our case) on the client side, so
> you should be OK using OpenConnect.  See:
>
> http://lists.infradead.org/pipermail/openconnect-devel/2013-November/001326.html

More information about the openconnect-devel mailing list