Available for support for F5 + MFA

Antonio Petrelli antonio.petrelli at gmail.com
Wed Aug 4 10:40:56 PDT 2021 

Il giorno mer 4 ago 2021 alle ore 19:29 Antonio Petrelli
<antonio.petrelli at gmail.com> ha scritto:
>
> Il giorno mer 4 ago 2021 alle ore 18:08 Daniel Lenski
> <dlenski at gmail.com> ha scritto:
> >
> me-origin
> >
> > Since you've already arrived at the "webtop" interface, you've already
> > completed the login process and you already have the credential (the
> > cookie named 'MRHSession') which OpenConnect requires to be able to
> > actually configure and connect to the VPN tunnel.
> >
> > I believe you should be able to simply capture the value of
> > <MRHSession-Cookie> (using the browser dev tools), and then run
> > OpenConnect as follows:
> >
> >     openconnect --dump -vvvv --prot=f5 \
> >       --cookie "MRHSession=<MRHSession-Cookie>" \
> >       <corporate-vpn-host-name>
> >
> > (Important: do NOT close the browser window before running this
> > command; that may cause it to logoff the session and invalidate the
> > cookie)
> >
> > I'll wager 70% odds that this Just Works. If that doesn't work, then I
> > guess we'll have to figure out what the "token" and
> > "access-session-token" values mean, and how they get used by the f5vpn
> > binary.
>
> Ok I managed to run it but, unfortunately, the result is this one:
>
> $> sudo ./openconnect --dump -vvvv --protocol=f5 --cookie
> "MRHSession=<mrhsession-cookie>" <corporate-vpn-host-name>
>
> GET https://<corporate-vpn-host-name>/vdesk/vpn/index.php3?outform=xml&client_version=2.0
> Attempting to connect to server <corporate-vpn-ip-address>:443
> Connected to <corporate-vpn-ip-address>:443
> SSL negotiation with <corporate-vpn-host-name>
> Matched peer certificate subject name '*.<corporate-domain>'
> Connected to HTTPS on <corporate-vpn-host-name> with ciphersuite
> TLSv1.3-TLS_AES_128_GCM_SHA256
> > GET /vdesk/vpn/index.php3?outform=xml&client_version=2.0 HTTP/1.1
> > Host: <corporate-vpn-host-name>
> > User-Agent: Open AnyConnect VPN Agent v8.10-632-gc7403272
> > Cookie: MRHSession=<mrhsession-cookie>
> >
> Got HTTP response: HTTP/1.0 302 Found
> Server: BigIP
> Cache-Control: no-cache, no-store
> Content-Length: 0
> Location: /my.logout.php3?errorcode=20
> Set-Cookie: LastMRH_Session=<lastmrh-session-cookie>;path=/;secure
> Set-Cookie: MRHSession=<elided>;path=/;secure
> Connection: close
> HTTP body length:  (0)
> EPOLL_CTL_DEL: File o directory non esistente
> Creating SSL connection failed
> Unknown error; exiting.
>
> -----
>

OMG IT WORKED! It seems that the error before happens sometimes, but
it happens anyway sometimes because something is wrong server side.
Wait a bit, ignore the previous email, in the next one I will post another log.

Antonio

More information about the openconnect-devel mailing list