OpenConnect v9.01 - "--protocol=pulse" does not work with TPM2
Schütz Dominik
Dominik.Schuetz at esolutions.de
Wed May 4 03:23:05 PDT 2022
Hi,
I have installed the new OpenConnect version 9.01 on Ubuntu 22.04 (packages from https://launchpad.net/ubuntu/+source/openconnect/9.01-1/+build/23596572). Username + Password and Smartcard works with "--protocol=nc" and "--protocol=pulse", but TPM2 works with "--protocol=nc" but not with "--protocol=pulse". What is the reason?
See output bellow:
dominik at host1:~$ sudo openconnect --script=/root/vpnc-script --certificate=/var/lib/802.1x/host1.pem --sslkey=/usr/local/wlan/host1.key --protocol=nc "https://vpn-gateway/linux"
GET https://vpn-gateway/linux
Connected to xxx.xxx.xxx.xxx:443
Using client certificate 'HOST1'
SSL negotiation with vpn-gateway
Connected to HTTPS on vpn-gateway with ciphersuite (TLS1.2)-(RSA)-(AES-128-GCM)
Got HTTP response: HTTP/1.1 302 Found
GET https://vpn-gateway/dana-na/auth/url_xxx/welcome.cgi
SSL negotiation with vpn-gateway
Connected to HTTPS on vpn-gateway with ciphersuite (TLS1.2)-(RSA)-(AES-128-GCM)
frmLogin
realm [REALM_xxx_Productive|REALM_xxx_Limited_Initial_Network|REALM_xxx_Limited_Machine_Network]:REALM_xxx_Limited_Machine_Network
frmLogin
username:
password:
POST https://vpn-gateway/dana-na/auth/url_xxx/login.cgi
Renegotiated SSL on vpn-gateway with ciphersuite (TLS1.2)-(RSA)-(AES-128-GCM)
Got HTTP response: HTTP/1.1 302 Moved
GET https://vpn-gateway/dana-na/auth/url_xxx/welcome.cgi?p=sn%2Dpostauth%2Dshow
You are now connected to the networker with limited access.
POST https://vpn-gateway/dana-na/auth/url_xxx/login.cgi
Got HTTP response: HTTP/1.1 302 Moved
GET https://vpn-gateway/dana/home/index.cgi
Set up UDP failed; using SSL instead
Configured as xxx.xxx.xxx.xxx, with SSL connected and ESP disabled
dominik at host1:~$ sudo openconnect --script=/root/vpnc-script --certificate=/var/lib/802.1x/host1.pem --sslkey=/usr/local/wlan/host1.key --protocol=pulse "https://vpn-gateway/linux"
Connected to xxx.xxx.xxx.xxx:443
Using client certificate 'HOST1'
SSL negotiation with vpn-gateway
Connected to HTTPS on vpn-gateway with ciphersuite (TLS1.2)-(RSA)-(AES-128-GCM)
Got HTTP response: HTTP/1.1 101 Switching Protocols
Bad EAP-TTLS packet (len 93, left 0)
Failed to establish EAP-TTLS session
Failed to complete authentication
dominik at host1:~$
Best Regards,
Dominik
e.solutions GmbH
Despag-Straße 4a, 85055 Ingolstadt,
Phone +49845833321287
Dominik.Schuetz at esolutions.de
Please, find my mail encryption keys at: https://secmail.esolutions.de
Registered Office:
e.solutions GmbH
Despag-Straße 4a, 85055 Ingolstadt, Germany
Managing Directors Uwe Reder, Rainer Lange
Register Court Ingolstadt HRB 5221
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6003 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20220504/f89619c9/attachment-0001.p7s>
More information about the openconnect-devel
mailing list