Openconnect supporting SafeNet eToken 5300
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Tue Jun 28 07:02:13 PDT 2022
On Tue, Jun 28, 2022 at 3:53 PM Pavel Gavronsky <kamm555 at hotmail.com> wrote:
>
> Hi Dimitri,
>
> Sorry for the late response, I had no access to my system to try the new installation.
>
> Finally, I have installed 9.00:
>
> openconnect -V
> OpenConnect version v9.00
> Using OpenSSL 1.1.1n 15 Mar 2022. Features present: TPM (OpenSSL ENGINE not present), PKCS#11, HOTP software token, TOTP software token, DTLS, ESP
> Supported protocols: anyconnect (default), nc, gp, pulse, f5, fortinet, array
> Default vpnc-script (override with --script): /usr/share/vpnc-scripts/vpnc-script
>
> Unfortunately, I am not able to connect, the following error appears when I try to use a SmartCard or USB Token:
>
> Failed to enumerate PKCS#11 slots
> 140593529243456:error:81071054:PKCS#11 module:pkcs11_init_slot:Function not supported:p11_slot.c:428:
> Loading certificate failed. Aborting.
> Failed to complete authentication
Often the creators of the proprietary pkcs11 modules make them
implement the minimum necessary functionality to do 1-2 things and
most other use cases will fail. It may be the same here. You can debug
further pkcs11 by setting P11_KIT_DEBUG=all but I suspect there is
little one can do with openconnect, as it is the pkcs11 module that
misbehaves. You can try contacting the creator of the proprietary
module, and if you have a (big) contract with them you may be able to
solve it.
regards,
Nikos
More information about the openconnect-devel
mailing list