As easy as in Android???? Hopefully...

Nicolás Escudero nicolasescudero at gmail.com
Tue Mar 31 11:19:46 PDT 2015


Wow, no clue...

Yes, I have curl:

pi at raspberrypi ~ $ curl --version
curl 7.38.0 (arm-unknown-linux-gnueabihf) libcurl/7.38.0
OpenSSL/1.0.1k zlib/1.2.8 libidn/1.29 libssh2/1.4.3 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps
pop3 pop3s rtmp rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API SPNEGO NTLM NTLM_WB SSL
libz TLS-SRP

and:
pi at raspberrypi ~ $ openconnect --version
OpenConnect version v6.00
Using GnuTLS. Features present: PKCS#11, RSA software token, HOTP
software token, TOTP software token, DTLS
pi at raspberrypi ~ $


Tried letting it run for several minutes and the resfresh loop never ends...

I'm not even sure I'm getting what the issue is here.. No idea how to
further troubleshoot this...

Any ideas??



On Tue, Mar 31, 2015 at 2:51 PM, Kevin Cernekee <cernekee at gmail.com> wrote:
> On Tue, Mar 31, 2015 at 8:49 AM, Nicolás Escudero
> <nicolasescudero at gmail.com> wrote:
>> Hi Kevin,
>>
>> Tried it, still not working, here is the verbose output:
>>
>> pi at raspberrypi ~ $ sudo openconnect --csd-wrapper ~/.cisco/wrapper.sh
>> --os android 32.59.2.56 -v
>> POST https://32.59.2.56/
>> Attempting to connect to server 32.59.2.56:443
>> SSL negotiation with 32.59.2.56
>> Server certificate verify failed: signer not found
>
> Hmm, does your RasPi have curl installed?  This worked OK for me on a
> PC with the attached wrapper script:
>
> $ openconnect --no-cert-check --csd-wrapper /tmp/android_csd.sh --os
> android -v 32.59.2.56
> POST https://32.59.2.56/
> Attempting to connect to server 32.59.2.56:443
> SSL negotiation with 32.59.2.56
> Server certificate verify failed: unable to get local issuer certificate
> Connected to HTTPS on 32.59.2.56
> Got HTTP response: HTTP/1.0 302 Object Moved
> Content-Type: text/html; charset=utf-8
> Content-Length: 0
> Cache-Control: no-cache
> Pragma: no-cache
> Connection: Close
> Date: Tue, 31 Mar 2015 06:55:19 GMT
> Location: /+webvpn+/index.html
> Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
> HTTP body length:  (0)
> GET https://32.59.2.56/
> Attempting to connect to server 32.59.2.56:443
> SSL negotiation with 32.59.2.56
> Server certificate verify failed: unable to get local issuer certificate
> Connected to HTTPS on 32.59.2.56
> Got HTTP response: HTTP/1.0 302 Object Moved
> Content-Type: text/html; charset=utf-8
> Content-Length: 0
> Cache-Control: no-cache
> Pragma: no-cache
> Connection: Close
> Date: Tue, 31 Mar 2015 06:55:20 GMT
> Location: /+webvpn+/index.html
> Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
> HTTP body length:  (0)
> GET https://32.59.2.56/+webvpn+/index.html
> SSL negotiation with 32.59.2.56
> Server certificate verify failed: unable to get local issuer certificate
> Connected to HTTPS on 32.59.2.56
> Got HTTP response: HTTP/1.1 200 OK
> Transfer-Encoding: chunked
> Content-Type: text/xml
> Cache-Control: max-age=0
> Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
> Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
> Set-Cookie: webvpnlogin=1; secure
> X-Transcend-Version: 1
> HTTP body chunked (-2)
> GET https://32.59.2.56/+CSCOE+/sdesktop/wait.html
> Got HTTP response: HTTP/1.1 200 OK
> Content-Type: text/html; charset=utf-8
> Transfer-Encoding: chunked
> Cache-Control: no-cache
> Pragma: no-cache
> Connection: Close
> Date: Tue, 31 Mar 2015 06:55:21 GMT
> HTTP body chunked (-2)
> Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
> <?xml version="1.0" encoding="ISO-8859-1"?>
> <hostscan><status>TOKEN_SUCCESS</status></hostscan>
> GET https://32.59.2.56/+CSCOE+/sdesktop/wait.html
> SSL negotiation with 32.59.2.56
> Server certificate verify failed: unable to get local issuer certificate
> Connected to HTTPS on 32.59.2.56
> Got HTTP response: HTTP/1.1 302 Moved Temporarily
> Content-Type: text/html; charset=utf-8
> Transfer-Encoding: chunked
> Cache-Control: no-cache
> Pragma: no-cache
> Connection: Close
> Date: Tue, 31 Mar 2015 06:55:23 GMT
> Location: /+webvpn+/index.html
> Set-Cookie: sdesktop=5E19E6C112FBDBA818E087CB; path=/; secure
> HTTP body chunked (-2)
> GET https://32.59.2.56/+webvpn+/index.html
> SSL negotiation with 32.59.2.56
> Server certificate verify failed: unable to get local issuer certificate
> Connected to HTTPS on 32.59.2.56
> Got HTTP response: HTTP/1.1 200 OK
> Transfer-Encoding: chunked
> Content-Type: text/xml
> Cache-Control: max-age=0
> Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
> Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
> Set-Cookie: webvpnlogin=1; secure
> X-Transcend-Version: 1
> HTTP body chunked (-2)
> Please enter your username and password.
> Username:foo
> Password:
> POST https://32.59.2.56/+webvpn+/index.html
> Got HTTP response: HTTP/1.1 200 OK
> Transfer-Encoding: chunked
> Content-Type: text/xml
> Cache-Control: max-age=0
> Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
> Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
> Set-Cookie: webvpnlogin=1; secure
> X-Transcend-Version: 1
> HTTP body chunked (-2)
> Login failed.
> Please enter your username and password.
> Username:^Cfgets (stdin): Interrupted system call
>
>
> FWIW it did take a couple of wait.html refreshes (maybe about 3
> seconds' worth) before it proceeded to the login prompt.  openconnect
> version is 6.00.



More information about the openconnect-devel mailing list