As easy as in Android???? Hopefully...

Kevin Cernekee cernekee at gmail.com
Tue Mar 31 10:51:50 PDT 2015 

On Tue, Mar 31, 2015 at 8:49 AM, Nicolás Escudero
<nicolasescudero at gmail.com> wrote:
> Hi Kevin,
>
> Tried it, still not working, here is the verbose output:
>
> pi at raspberrypi ~ $ sudo openconnect --csd-wrapper ~/.cisco/wrapper.sh
> --os android 32.59.2.56 -v
> POST https://32.59.2.56/
> Attempting to connect to server 32.59.2.56:443
> SSL negotiation with 32.59.2.56
> Server certificate verify failed: signer not found

Hmm, does your RasPi have curl installed?  This worked OK for me on a
PC with the attached wrapper script:

$ openconnect --no-cert-check --csd-wrapper /tmp/android_csd.sh --os
android -v 32.59.2.56
POST https://32.59.2.56/
Attempting to connect to server 32.59.2.56:443
SSL negotiation with 32.59.2.56
Server certificate verify failed: unable to get local issuer certificate
Connected to HTTPS on 32.59.2.56
Got HTTP response: HTTP/1.0 302 Object Moved
Content-Type: text/html; charset=utf-8
Content-Length: 0
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
Date: Tue, 31 Mar 2015 06:55:19 GMT
Location: /+webvpn+/index.html
Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
HTTP body length:  (0)
GET https://32.59.2.56/
Attempting to connect to server 32.59.2.56:443
SSL negotiation with 32.59.2.56
Server certificate verify failed: unable to get local issuer certificate
Connected to HTTPS on 32.59.2.56
Got HTTP response: HTTP/1.0 302 Object Moved
Content-Type: text/html; charset=utf-8
Content-Length: 0
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
Date: Tue, 31 Mar 2015 06:55:20 GMT
Location: /+webvpn+/index.html
Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
HTTP body length:  (0)
GET https://32.59.2.56/+webvpn+/index.html
SSL negotiation with 32.59.2.56
Server certificate verify failed: unable to get local issuer certificate
Connected to HTTPS on 32.59.2.56
Got HTTP response: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/xml
Cache-Control: max-age=0
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=1; secure
X-Transcend-Version: 1
HTTP body chunked (-2)
GET https://32.59.2.56/+CSCOE+/sdesktop/wait.html
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
Date: Tue, 31 Mar 2015 06:55:21 GMT
HTTP body chunked (-2)
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
<?xml version="1.0" encoding="ISO-8859-1"?>
<hostscan><status>TOKEN_SUCCESS</status></hostscan>
GET https://32.59.2.56/+CSCOE+/sdesktop/wait.html
SSL negotiation with 32.59.2.56
Server certificate verify failed: unable to get local issuer certificate
Connected to HTTPS on 32.59.2.56
Got HTTP response: HTTP/1.1 302 Moved Temporarily
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
Date: Tue, 31 Mar 2015 06:55:23 GMT
Location: /+webvpn+/index.html
Set-Cookie: sdesktop=5E19E6C112FBDBA818E087CB; path=/; secure
HTTP body chunked (-2)
GET https://32.59.2.56/+webvpn+/index.html
SSL negotiation with 32.59.2.56
Server certificate verify failed: unable to get local issuer certificate
Connected to HTTPS on 32.59.2.56
Got HTTP response: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/xml
Cache-Control: max-age=0
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=1; secure
X-Transcend-Version: 1
HTTP body chunked (-2)
Please enter your username and password.
Username:foo
Password:
POST https://32.59.2.56/+webvpn+/index.html
Got HTTP response: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/xml
Cache-Control: max-age=0
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=1; secure
X-Transcend-Version: 1
HTTP body chunked (-2)
Login failed.
Please enter your username and password.
Username:^Cfgets (stdin): Interrupted system call


FWIW it did take a couple of wait.html refreshes (maybe about 3
seconds' worth) before it proceeded to the login prompt.  openconnect
version is 6.00.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: android_csd.sh
Type: application/x-sh
Size: 814 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150331/751add44/attachment.sh>

More information about the openconnect-devel mailing list