Failed to obtain WebVPN cookie

Daniel Lenski dlenski at gmail.com
Tue Jan 24 13:17:32 PST 2017


On Tue, Jan 24, 2017 at 12:16 PM, Dustin Hartung
<dustin.hartung at gmail.com> wrote:
> Thank you for the response and tip.  I tried as you said - running it
> with --dump using a user agent and without as there appears to be
> different requirements/rules depending on the device type- the results
> are below:

Yes, this is pretty typical for Juniper. It appears that your VPN uses
authentication forms that are larded up with JavaScript.

You might also want to try --useragent ncsvc, which spoofs the UA of
Juniper's official desktop client, and often results in a simpler and
easier-to-parse HTML page.

For an example of where this works: I use a VPN which authenticates
with "SecureMatrix". With a mobile/desktop UA, it generates a pattern
of images using Java or ActiveX applets and I have to enter the
numbers shown in the applet… but with "ncsvc" it generates a simple
pure-text page that makes it easy to scrape and login automatically
with a Python script (https://github.com/dlenski/smxlogin).

Also, keep in mind that you can do "manual" external authentication as
described in the OpenConnect manual:
http://www.infradead.org/openconnect/juniper.html

Basically, just login via the web interface, then show the DSID cookie
in your browser, and run:

    $ openconnect --juniper -C "DSID=foobar12345" vpn.example.com

-Dan



More information about the openconnect-devel mailing list