SSL huawei AR150 Series Enterprise Routers
Daniel Lenski
dlenski at gmail.com
Sun Apr 14 16:02:15 PDT 2024
On Fri, Apr 12, 2024 at 4:29 PM Alfredo Tomasini <alto.tom at e-td55.com> wrote:
> I am trying to get a vpn connection to our pattern in China
What does this mean? (Maybe your meant PARTNER in China… maybe not?)
> by using
> openconnect
Specifically, you're using OpenConnect v9.01 according to your logs.
Released just about 2 years ago, and bundled with many Linux
distributions.
> this is error
>
> XML response has no "auth" node
>
> Failed to complete authentication
>
> never get to login and password
>
> The server is not configure to use certificates
>
> I am not an expert on this subject, but by looking at the header of the
> dump
> it seems the connection happen, but something is not interpreted
> properly.
It appears very likely that this is
https://gitlab.com/openconnect/openconnect/-/issues/665.
Try adding `--user-agent="AnyConnect"` to the command-line.
If that makes it work, then yes it is this frustrating issue caused by
Cisco changing their servers’ authentication process in a
backwards-incompatible way… not just incompatible with all previous
versions of OpenConnect, but also with very old versions of their
*own* software. This is fixed in the master branch as of
https://gitlab.com/openconnect/openconnect/-/merge_requests/497, but
not yet in any released version of OpenConnect.
More information about the openconnect-devel
mailing list