Determining webvpn cookie lifetime?

David Woodhouse dwmw2 at infradead.org
Tue Dec 22 00:05:58 PST 2015


On Tue, 2015-12-22 at 00:33 +0000, Daniel Lenski wrote:
> 
> However, if I use one process to get the webvpn cookie, and another
> process to feed the cookie to the gateway, it is rejected, even if 
> the cookie is used IMMEDIATELY:
> 
> $ echo -n password \
> | openconnect gateway.com -u USER --passwd-on-stdin --cookie-only \
> | openconnect gateway.com --cookie-on-stdin --dump-http-traffic
> 
> Is there some other piece of "state" which is preserved within each
> openconnect process, which changes when I try to use the cookie from
> another process?

No, there really shouldn't be anything. Certainly nothing deliberate.
The requests should be identical.

If you compare the requests with --dump-http-traffic can you see any
differences? Also use tcpdump to capture the traffic on the wire, and
we'll see if there's any unexpected difference in the TLS negotiation.
When your single process repeats the connection, is it coming from the
same local port number?

-- 
dwmw2


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5691 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20151222/8530d521/attachment.bin>


More information about the openconnect-devel mailing list