juniper SRX
Nejc Gašper
nejc at result.si
Mon Jan 4 13:15:19 PST 2016
Hello there,
I noticed that there is a new feature in openconnect, that is using it as a
client for "juniper", but what does juniper mean exactly? We are using a
Juniper SRX router and the software is not working.
As much as I see from the output either I am doing something wrong (support
experimental and all) or the support is actually for some other Juniper
solution. The version running on the router is 12.1X46-D35
---
# LANG=en_US; openconnect --juniper -u nejc -v xxx.xxx.xxx.xxx
WARNING: Juniper Network Connect support is experimental.
It will probably be superseded by Junos Pulse support.
GET https://xxx.xxx.xxx.xxx/
Attempting to connect to server xxx.xxx.xxx.xxx:443
Connected to xxx.xxx.xxx.xxx:443
SSL negotiation with xxx.xxx.xxx.xxx
Server certificate verify failed: signer not found
Certificate from VPN server "xxx.xxx.xxx.xxx" failed verification.
Reason: signer not found
Enter 'yes' to accept, 'no' to abort; anything else to view: yes
Connected to HTTPS on xxx.xxx.xxx.xxx
Got HTTP response: HTTP/1.1 301 Moved Permanently
Date: Mon, 04 Jan 2016 21:00:23 GMT
Server: Embedthis-Appweb/3.2.3
Cache-Control: max-age=5184000
Expires: Fri, 15 Jan 2016 03:57:37 GMT
Content-Length: 274
Content-Type: text/html
Connection: close
Location: https://xxx.xxx.xxx.xxx/dynamic-vpn/index.php
HTTP body length: (274)
GET https://xxx.xxx.xxx.xxx/dynamic-vpn/index.php
SSL negotiation with xxx.xxx.xxx.xxx
Server certificate verify failed: signer not found
Connected to HTTPS on xxx.xxx.xxx.xxx
Got HTTP response: HTTP/1.1 200 OK
Date: Mon, 04 Jan 2016 21:00:24 GMT
Server: Embedthis-Appweb/3.2.3
Cache-Control: no-cache
ETag: "1641d0-412-55550c09"
Content-Type: text/html
Connection: close
Last-Modified: Mon, 04 Jan 2016 21:00:23 GMT
Transfer-Encoding: chunked
HTTP body chunked (-2)
Failed to find or parse web form in login page
Failed to obtain WebVPN cookie
---
Standard modus operandi of SRX dynamic-vpn as far as I know is fetching vpn
details from a web service using the provided xauth info for authentication.
Openconnect seems to be trying to fetch the login form that does not exist (at
least not anymore, I remember in older versions there used to be a login form
so it might be that).
Any clues?
Regards
--
Nejc Gašper
More information about the openconnect-devel
mailing list