Available for support for F5 + MFA

Antonio Petrelli antonio.petrelli at gmail.com
Wed Aug 4 10:29:32 PDT 2021 

Il giorno mer 4 ago 2021 alle ore 18:08 Daniel Lenski
<dlenski at gmail.com> ha scritto:
>
me-origin
>
> Since you've already arrived at the "webtop" interface, you've already
> completed the login process and you already have the credential (the
> cookie named 'MRHSession') which OpenConnect requires to be able to
> actually configure and connect to the VPN tunnel.
>
> I believe you should be able to simply capture the value of
> <MRHSession-Cookie> (using the browser dev tools), and then run
> OpenConnect as follows:
>
>     openconnect --dump -vvvv --prot=f5 \
>       --cookie "MRHSession=<MRHSession-Cookie>" \
>       <corporate-vpn-host-name>
>
> (Important: do NOT close the browser window before running this
> command; that may cause it to logoff the session and invalidate the
> cookie)
>
> I'll wager 70% odds that this Just Works. If that doesn't work, then I
> guess we'll have to figure out what the "token" and
> "access-session-token" values mean, and how they get used by the f5vpn
> binary.

Ok I managed to run it but, unfortunately, the result is this one:

$> sudo ./openconnect --dump -vvvv --protocol=f5 --cookie
"MRHSession=<mrhsession-cookie>" <corporate-vpn-host-name>

GET https://<corporate-vpn-host-name>/vdesk/vpn/index.php3?outform=xml&client_version=2.0
Attempting to connect to server <corporate-vpn-ip-address>:443
Connected to <corporate-vpn-ip-address>:443
SSL negotiation with <corporate-vpn-host-name>
Matched peer certificate subject name '*.<corporate-domain>'
Connected to HTTPS on <corporate-vpn-host-name> with ciphersuite
TLSv1.3-TLS_AES_128_GCM_SHA256
> GET /vdesk/vpn/index.php3?outform=xml&client_version=2.0 HTTP/1.1
> Host: <corporate-vpn-host-name>
> User-Agent: Open AnyConnect VPN Agent v8.10-632-gc7403272
> Cookie: MRHSession=<mrhsession-cookie>
>
Got HTTP response: HTTP/1.0 302 Found
Server: BigIP
Cache-Control: no-cache, no-store
Content-Length: 0
Location: /my.logout.php3?errorcode=20
Set-Cookie: LastMRH_Session=<lastmrh-session-cookie>;path=/;secure
Set-Cookie: MRHSession=<elided>;path=/;secure
Connection: close
HTTP body length:  (0)
EPOLL_CTL_DEL: File o directory non esistente
Creating SSL connection failed
Unknown error; exiting.

-----

Obviously the web page has been open all the time but, after the
command, if I refresh the browser page, I've been logged out
Notice that I compiled the project only with necessary things.

Let me know what to do from here.

Thanks
Antonio

More information about the openconnect-devel mailing list