New release?

Thomas Danhorn tdanhorn at fastmail.fm
Thu Mar 20 23:10:33 PDT 2025 


On Thu, 20 Mar 2025, Cline, Wade wrote:

> On Wed, Mar 19, 2025 at 09:14:07PM -0600, Thomas Danhorn wrote:
>> Hi guys,
>>
>> Thank you for making a great tool.  I have been using it in conjunction with
>> the NetworkManager plugin to connect to a Palo Alto Global Protect VPN for
>> the last couple of years, and it worked great.  For the last few months I
>> have been using it with a YubiKey.  Recently, it suddenly stopped working
>> (512 server error after successful authentication), however, and through
>> trying different gl-saml-gui version, I am pretty sure that the problem is
>> that the SAML and cookie from the server response are now only in the
>> comment inside the HTML page, and no longer in its header.
>
> Hi Thomas,
>
> Have you tried adding '/portal:prelogin-cookie' to the 'Gateway' URL as
> suggested in:
>
> 	https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/-/issues/130#note_2367443
>
> Regards,
> Wade


Hi Wade,

Thank you very much for the quick respose.  I just tried with 
'/portal:prelogin-cookie', and the results are interesting.  The 
university has two VPN servers for two campuses, and it works on one (at 
the end of the process it asks me to choose a gateway, although there is 
only one choice), but it still fails with the 512 error on the other 
(I used identical configurations, except for the server name). 
Unfortuntely, the one that fails is the one I really need.  I have not 
looked at the SAML & cookie of the VPN server I can connect to, but I know 
that for the failing one those things are only in the comment (not the 
header).

Thanks,

Thomas


>
>> If I read the commit messages correctly, that seems to have been fixed 18
>> months ago (in commit 8c5d65889b), but there has been no new version tag
>> since 9.12 a few months earlier.  Since Linux distros and packaging services
>> (e.g. openSUSE build service) go by the tags (since they signal a stable
>> version), there is no newer package than 9.12 available, and that does not
>> have the fix for the SAML-in-comment problem.
>>
>> While I could probably compile the newest version from GitLab, it is
>> obviously easier to use a package, and I am not the only one with this
>> problem.  I would therefore really appreciate it, if you could release 9.13
>> in the not-to-distant future.  I'm getting by with gp-saml-gui, but it is
>> not as well integrated with NetworkManager and I don't have the options that
>> come with that, like routing only certain addresses through the VPN, so I'm
>> looking forward to the next version of opemconnect.
>>
>> Thank you very much!
>>
>> Thomas
>>
>> _______________________________________________
>> openconnect-devel mailing list
>> openconnect-devel at lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/openconnect-devel
>

More information about the openconnect-devel mailing list