False captive portal detect?
Steve
steve at thupdi.net
Sat Feb 8 11:00:50 EST 2014
Tested with startssl cert, no luck.
On Thu, Feb 6, 2014 at 2:22 PM, Kevin Cernekee <cernekee at gmail.com> wrote:
> On Wed, Feb 5, 2014 at 8:40 PM, Steve <steve at thupdi.net> wrote:
>> After several successful connected to ocserv, AnyConnect 3.1 on Mac
>> always complaints:
>>
>> The service provider in your current location is restricting access to
>> the Internet. You need to log on with the service provider before you
>> can establish a VPN session. You can try this by visiting any website
>> with your browser.
>>
>> Any fix or workaround for this issue?
>
> Hmm, that's really odd. I tried to reproduce your issue and I saw it
> several times. It even persisted when I tried to connect to an ASA on
> my LAN. Quitting and restarting the application didn't help (but this
> might not restart vpnagentd).
>
> I then connected to a couple of external sites, such as vpn.uci.edu.
> They did not show the warning. I didn't log in - just hit cancel at
> the prompt. After that, I wasn't able to see the error again.
>
> I thought maybe there was a regression between my ocserv Mac support
> commit (f928a11c) and the head of tree, but both revs seemed to
> exhibit the same behavior.
>
> The fact that I never see it when connecting to an external site, but
> I did see it connecting to a local ASA, makes me wonder if it might be
> timing-related? Or possibly related to the use of self-signed or
> otherwise unrecognized certificates. Some Linux versions of the
> client have major bugs involving server certificate validation so that
> code is suspect.
More information about the openconnect-devel
mailing list