not properly disconnected sessions with openconnect
Horváth Szabolcs
hszhsz at gmail.com
Wed Sep 16 12:17:17 EDT 2009
David Woodhouse <dwmw2 at infradead.org> írta (2009. szeptember 16. 16:56):
> On Wed, 2009-09-16 at 16:49 +0200, Horváth Szabolcs wrote:
>>
>> //vpninfo->quit_reason = "Client received SIGINT";
>> vpninfo->quit_reason = "\xb0The user has requested to disconnect the
>> connection.";
>
> Aha. I assume that it's just the 0xB0 at the beginning which makes the
> difference, and the text isn't relevant?
>
> Normally, we find that a session can be re-used. If you first
> authenticate by using 'openconnect --cookieonly', then you can connect
> as many times as you like using that same cookie until it expires.
>
> With your change, does the session expire after you disconnect the first
> time? If so, we might need to give some thought to when we do this.
Yes.
First I did "openconnect --cookieonly". I got the cookie.
Then I did "openconnect -C 2736652[...]". I successfully connected.
Then I disconnected by pressing control-c. Properly disconnected
session on the ASA.
Then I tried to connect with "openconnect -C 2736652[...]" again
(re-using the cookie).
Attempting to connect to vpn.company.hu
SSL negotiation with vpn.company.hu
Connected to HTTPS on vpn.company.hu
Got inappropriate HTTP CONNECT response: HTTP/1.1 401 Unauthorized
Szabolcs
More information about the openconnect-devel
mailing list