False captive portal detect?
Kevin Cernekee
cernekee at gmail.com
Thu Feb 6 01:22:58 EST 2014
On Wed, Feb 5, 2014 at 8:40 PM, Steve <steve at thupdi.net> wrote:
> After several successful connected to ocserv, AnyConnect 3.1 on Mac
> always complaints:
>
> The service provider in your current location is restricting access to
> the Internet. You need to log on with the service provider before you
> can establish a VPN session. You can try this by visiting any website
> with your browser.
>
> Any fix or workaround for this issue?
Hmm, that's really odd. I tried to reproduce your issue and I saw it
several times. It even persisted when I tried to connect to an ASA on
my LAN. Quitting and restarting the application didn't help (but this
might not restart vpnagentd).
I then connected to a couple of external sites, such as vpn.uci.edu.
They did not show the warning. I didn't log in - just hit cancel at
the prompt. After that, I wasn't able to see the error again.
I thought maybe there was a regression between my ocserv Mac support
commit (f928a11c) and the head of tree, but both revs seemed to
exhibit the same behavior.
The fact that I never see it when connecting to an external site, but
I did see it connecting to a local ASA, makes me wonder if it might be
timing-related? Or possibly related to the use of self-signed or
otherwise unrecognized certificates. Some Linux versions of the
client have major bugs involving server certificate validation so that
code is suspect.
More information about the openconnect-devel
mailing list