SSL huawei AR150 Series Enterprise Routers
Alfredo Tomasini
alto.tom at e-td55.com
Fri Apr 12 16:29:15 PDT 2024
I am trying to get a vpn connection to our pattern in China by using
openconnect
this is error
XML response has no "auth" node
Failed to complete authentication
never get to login and password
The server is not configure to use certificates
I am not an expert on this subject, but by looking at the header of the
dump
it seems the connection happen, but something is not interpreted
properly.
POST https://XXX.XXX.XXX.XXX:8899/
Attempting to connect to server XXX.XXX.XXX.XXX:8899
Connected to XXX.XXX.XXX.XXX:8899
SSL negotiation with XXX.XXX.XXX.XXX
Server certificate verify failed: signer not found
Connected to HTTPS on XXX.XXX.XXX.XXX with ciphersuite
(TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
> POST / HTTP/1.1
> Host: XXX.XXX.XXX.XXX:8899
> User-Agent: Open AnyConnect VPN Agent v9.01
> Accept: */*
> Accept-Encoding: identity
> X-Transcend-Version: 1
> X-Aggregate-Auth: 1
> X-Support-HTTP-Auth: true
> X-AnyConnect-STRAP-Pubkey:
> MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEUMWObTn3jAgtiQLz2C73lS89gSn3Pt0GfXMSaJI7Yb3qiEDDnoAKRXHgRDKALvLl6WVmDPVjuYLXfWObEFzxew==
> X-AnyConnect-STRAP-DH-Pubkey:
> MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEUqAFsVZWNlitfBF36ZN53ckZySpera+VNAmQeefFphe/x5z/6hSSS66mzeOFdBRzqGkRAULOFHEZjSKdeiRt8g==
> X-Pad: 0000000000000000000000000000000000000
> Content-Type: application/xml; charset=utf-8
> Content-Length: 411
>
> <?xml version="1.0" encoding="UTF-8"?>
> <config-auth client="vpn" type="init"
> aggregate-auth-version="2"><version
> who="vpn">v9.01</version><device-id>linux-64</device-id><capabilities><auth-method>single-sign-on</auth-method><auth
-method>single-sign-on-v2</auth-method><auth-method>single-sign-on-external-browser</auth-method></capabilities><group-access>https://XXX.XXX.XXX.XXX:8899/</group-access></config-auth>
Got HTTP response: HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src 'self';script-src 'self'
'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src
'self' data:;frame-ancestors 'self';
Content-Length: 95282
Connection: Keep-Alive
after this point is the HTML section
--
Alfredo Tomasini
www.e-td55.com/company
(408) 886 1666
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: xml_response.xml
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20240412/514402fe/attachment.ksh>
More information about the openconnect-devel
mailing list