Error in the push function.

Daniel Lenski dlenski at gmail.com
Sat Nov 20 18:04:29 PST 2021 

> I can offer a bit of context. I had possession of this laptop originally, running Ubuntu 18.04. I initially configured the VPN connection a few years ago, and it worked successfully on a day-to-day basis up until I last tested it a few weeks ago. (I have forgotten any headaches that may have been involved in the initial setup.) It should be the current version in the Ubuntu 18.04 repos, so... openconnect 7.08?
>
> In case it's relevant, the VPN connection requires a smart card with a PIN for authentication.
>
> Upon leaving the organization, I transferred the laptop to Amirali (created a new user, deleted my old one), and unfortunately the VPN connection didn't "just work" for him. We tried bypassing the GUI by running openconnect from the command line, which resulted in the output Amirali has shown previously. I'm confident I've never seen the "Error in the push function" message before, so I suggested Amirali reach out to the OpenConnect community for assistance.

Huh. So, running the EXACT SAME openconnect binary on the EXACT SAME
laptop and connecting to the EXACT SAME organization's VPN… it
work(ed,s) for one of you, but not for the other? 🤷🏻‍♂️

That's interesting and exceedingly strange, but we'd still need a
bunch more information here in order to make any progress.

The CLI is indeed much better than the GUI for logging and debugging.
Please confirm *exactly* what version you're running (`openconnect
--version`) including what crypto library it's built against.

If it is OpenConnect v7.08, that's very old, and there  have been a
bunch of smartcard-related fixes since then. Try building the latest
development version from source
(https://gitlab.com/openconnect/openconnect/commits/master), or
failing that, at least upgrade to v8.10 (the latest release, although
it's now >> 1 year old).

If upgrading to a newer version doesn't help, a detailed log
(`openconnect -vvv --dump-http-traffic`) will likely provide more
information.

-Dan

On Thu, Nov 18, 2021 at 7:17 PM Mitchell Dorrell <mwd at udel.edu> wrote:
>
> Hello Dan,
>
> I can offer a bit of context. I had possession of this laptop originally, running Ubuntu 18.04. I initially configured the VPN connection a few years ago, and it worked successfully on a day-to-day basis up until I last tested it a few weeks ago. (I have forgotten any headaches that may have been involved in the initial setup.) It should be the current version in the Ubuntu 18.04 repos, so... openconnect 7.08?
>
> In case it's relevant, the VPN connection requires a smart card with a PIN for authentication.
>
> Upon leaving the organization, I transferred the laptop to Amirali (created a new user, deleted my old one), and unfortunately the VPN connection didn't "just work" for him. We tried bypassing the GUI by running openconnect from the command line, which resulted in the output Amirali has shown previously. I'm confident I've never seen the "Error in the push function" message before, so I suggested Amirali reach out to the OpenConnect community for assistance.
>
> I hope this additional context helps!
> Mitchell Dorrell
>
> On Thu, Nov 18, 2021, 20:25 Daniel Lenski <dlenski at gmail.com> wrote:
>>
>> On Thu, Nov 18, 2021 at 1:33 PM Amirali Hossein <amirali.h71 at gmail.com> wrote:
>> > How should I resolve "Error in the push function."?
>>
>> Can you give us more information? Start with the complete output of
>> `openconnect --version`, and what operating system you're running on.
>>
>> All I can tell from the messages ("SSL connection failure" and "Failed
>> to obtain WebVPN cookie") is that you're using a GnuTLS-based build,
>> and it must be older than
>> https://gitlab.com/openconnect/openconnect/-/commit/ce8c6968f524aaa6d8387a3c63e9cdbce88f3c59.
>>
>> > VPN Log:
>>
>> What is this "VPN Log"? How was it generated? It doesn't appear to
>> contain any useful information at all.
>>
>> Dan
>>
>> _______________________________________________
>> openconnect-devel mailing list
>> openconnect-devel at lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/openconnect-devel

More information about the openconnect-devel mailing list