Feature Request: --os=android

Jason Greathouse jgreat at aquillius.net
Thu Mar 21 17:56:12 EDT 2013 

I'd like to request the ability to report that my system is "android"
or maybe "ios". --os="android". This appears to just require adjusting
the headers and xml that is sent in the initial POST.

This is a capture of the initial POST from my android tablet
(identifying info edited):

POST / HTTP/1.1
User-Agent: AnyConnect Android 3.0.09129
Host: xxx.xxx.xxx.xxx
Accept: */*
Accept-Encoding: identity
X-Transcend-Version: 1
X-Transcend-Version: 1
X-AnyConnect-Identifier-ClientVersion: 3.0.09129
X-AnyConnect-Identifier-Platform: android
X-AnyConnect-Identifier-PlatformVersion: 4.2.2
X-AnyConnect-Identifier-DeviceType: asus Nexus 7
X-AnyConnect-Identifier-Device-UniqueID:
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA (This should be 40 characters
of Hex)
X-Aggregate-Auth: 1
Connection: close
Content-Length: 355
Content-Type: application/x-www-form-urlencoded

<?xml version="1.0" encoding="UTF-8"?>
<config-authclient="vpn" type="init">
<device-id platform-version="4.2.2" device-type="asus Nexus 7"
unique-id="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA">android</device-id>
<version who="vpn">3.0.09129</version>
<group-access>https://xxx.xxx.xxx.xxx</group-access>
</config-auth>

I think the important bits are the "X-AnyConnect-Identifier-Platform:
android" header and device-id xml. Just changing the
"X-AnyConnect-Platform" header doesn't seem to work for me.

I'd post the code, but really I just made made some ugly hacks to
permanently change the headers in http.c and the xml in auth.c. I'm
not sure how you guys would want to do it dynamically.

With the additional X-AnyConnect-Identifier headers I manged to
convince the vpn that I was indeed an "android" client and didn't
require any of the CSD nonsense. More importantly, our network admins
decided not to support Linux and didn't install it.

Here's the POST that openconnect now sends:

POST / HTTP/1.1
Host: 0.0.0.0
User-Agent: Open AnyConnect VPN Agent v4.99-unknown
Accept: */*
Accept-Encoding: identity
X-Transcend-Version: 1
X-Transcend-Version: 1
X-AnyConnect-Identifier-ClientVersion: v4.99-unknown
X-AnyConnect-Identifier-Platform: android
X-AnyConnect-Identifier-PlatformVersion: v4.99-unknown
X-AnyConnect-Identifier-DeviceType: openconnect
X-AnyConnect-Identifier-Device-UniqueID:
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
X-Aggregate-Auth: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 325

<?xml version="1.0" encoding="UTF-8"?><config-auth client="vpn"
type="init"><version who="vpn">v4.99-unknown</version><device-id
platform-version="v4.99-unknown" device-type="openconnect"
unique-id="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA">android</device-id><group-access>https://0.0.0.0</group-access></config-auth>

Thanks,
-Jason Greathouse

More information about the openconnect-devel mailing list