Unable to connect to GlobalProtect VPN

Anthony Becker abecker at sigcorp.com
Mon Aug 14 08:31:15 PDT 2023 

I am unable to connect to a GlobalProtect VPN.  I start with the command:
 
eval $( ./.local/bin/gp-saml-gui grizzvpn.oakland.edu --allow-insecure-crypto )
 
A web form requests my username and password and sends me a Duo push.  The login succeeds and gives me a cookie to use when connecting.  I then enter the command:
 
echo $MYCOOKIE |  sudo openconnect --protocol=gp --user=$MYUSERNAME --os=linux-64 --usergroup=portal:prelogin-cookie --passwd-on-stdin grizzvpn.oakland.edu
 
The login fails with:
 
POST https://grizzvpn.oakland.edu/global-protect/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Linux
Attempting to connect to server 141.210.72.2:443
Connected to 141.210.72.2:443
SSL negotiation with grizzvpn.oakland.edu
Connected to HTTPS on grizzvpn.oakland.edu with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
Got HTTP response: HTTP/1.1 200 OK
Date: Mon, 14 Aug 2023 14:33:26 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 6720
Connection: keep-alive
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: SESSID=83c144c4-908c-4b32-889c-3c81d660f2f6; Path=/; HttpOnly; Secure
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';
HTTP body length:  (6720)
Destination form field prelogin-cookie was specified; assuming SAML POST authentication is complete.
Prelogin form _login: "Username: " user(TEXT)=(null), "prelogin-cookie: " prelogin-cookie(PASSWORD)
Enter login credentials
POST https://grizzvpn.oakland.edu/global-protect/getconfig.esp
Got HTTP response: HTTP/1.1 200 OK
Date: Mon, 14 Aug 2023 14:33:26 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 11407
Connection: keep-alive
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: SESSID=824acd3b-32ae-41a7-b8e8-e59bf37533c6; Path=/; HttpOnly; Secure
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';
HTTP body length:  (11407)
Portal set HIP report interval to 60 minutes).
1 gateway servers available:
  OU_VPN_Gateway (grizzvpn.oakland.edu)
Please select GlobalProtect gateway.
GATEWAY: [OU_VPN_Gateway]:OU_VPN_Gateway
POST https://grizzvpn.oakland.edu/ssl-vpn/login.esp
Got HTTP response: HTTP/1.1 200 OK
Date: Mon, 14 Aug 2023 14:33:26 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 69
Connection: keep-alive
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: SESSID=824acd3b-32ae-41a7-b8e8-e59bf37533c6; Path=/; HttpOnly; Secure
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';
HTTP body length:  (69)
Failed to parse server response
Response was: <html>
  <body>Error: Login fails (invalid session id)</body>
</html>
Failed to complete authentication
 
Can you provide assistance, please?


Thanks!
Anthony Becker
|
Senior Consultant





Strata Information Group 





M  248.563.6987  
O  619.296.0170





sigcorp.com
 |  
LinkedIn  |  
Twitter

More information about the openconnect-devel mailing list