CSD use and impossible to connect (Linux)

Fromzy fromzy at gmail.com
Sat Jan 3 15:07:06 PST 2015


David,

I have found what you are talking about with CURL on a post in April;
I have tried the wrapper written by Kevin Cernekee
And I passed the CSD !! :)

Thanks a lot !

But now I'm blocked again because my credentials are not recognized.
Default Policy in action apparently :

Please enter your username and password.
GROUP: [MY-Home-Computer|My-Corporate-Laptop]:My-Corporate-Laptop
Username:MYUSERNAME
Password:****
Username:MYUSERNAME
Password:****
POST https://www.COMPANY_SITE.com/+webvpn+/index.html
Failed to write to SSL socket: Error in the push function.
Négociation SSL with www.COMPANY_SITE.com
Server certificate verify failed: signer not found
Connected to HTTPS on www.COMPANY_SITE.com
Login denied.  TERMINATED VIA DEFAULT POLICY
Please enter your username and password.
GROUP: [MY-Home-Computer|My-Corporate-Laptop]:

Thanks in advance

--
Fromzy

2015-01-03 22:57 GMT+01:00 David Woodhouse <dwmw2 at infradead.org>:
> On Sat, 2015-01-03 at 22:30 +0100, Fromzy wrote:
>>
>> As far as I understand I will never be able to connect to my company
>> VPN with OpenConnect because of this policies.
>
> No, not at all.
>
> All you need to do is persuade cscan that its requirements *are* met.
> Since you can run it in whatever environment you like, that shouldn't be
> hard.
>
> Perhaps even easier, all you *actually* need to do is post something
> back to the server which matches what cscan would post if it is happy.
>
> In the past, haven't some people achieved that with a simple script
> invoking 'curl'?
>
> I think the cstub trojan leaves detailed logs, doesn't it? Do you know
> what it's objecting to?
>
> --
> dwmw2



More information about the openconnect-devel mailing list