OpenConnect / Cisco Anyconnect.

Daniel Lenski dlenski at gmail.com
Mon Dec 18 12:04:40 PST 2017


On Mon, Dec 18, 2017 at 11:37 AM, Torben Nielsen
<nielsens at protonmail.com> wrote:
> Hi,
>
> I'm lost.
>
> Using OpenConnect to connect to a Cisco Anyconnect appliance at my hosting provider from my 64-bit computer running Linux Mint 17 works perfect. Trying to do the same thing from my 32-bit laptop running Linux Mint 18 fails.
>
> The 64-bit OpenConnect version is 5.02 the 32-bit is 7.06. The 32-bit client used to work, but stopped doing so after the Cisco appliance was updated, requiring a more recent client.

Lemme get this straight:

- OpenConnect v7.06 on 32-bit Linux used to work.
- OpenConnect v7.06 on 32-bit Linux doesn't work now that the server
was updated.
- OpenConnect v5.02 on 64-bit Linux doesn't work.

Huh… why are you using such an ancient 64-bit version of OpenConnect?
v5.02 dates back to 2014. You should upgrade your 64-bit system to the
latest v7.08.

The only significant difference between v5.02 and v7.06 which should
be visible to the server at this early point in the connection is the
HTTPS User-Agent string. OpenConnect sends the string "Open AnyConnect
VPN Agent vX.YZ", while the official AnyConnect clients sends
something like "Cisco AnyConnect VPN Agent for Windows 2.2.0133".

If needed, you can spoof the User-Agent sent by one of the official
clients as described in the manual for OpenConnect, e.g.

   openconnect --useragent 'Cisco AnyConnect VPN Agent for Windows 2.2.0133'

-Dan



More information about the openconnect-devel mailing list