Captive Portal Detection when using Cisco AnyConnect

Justin cattyhouse at gmail.com
Tue Sep 8 16:53:46 PDT 2015 

Hello Antairez

I'm also a Mac user, there is Anyconnect 4.1 for Mac now, if you would
like to upgrade to the latest version.

As for me, I don't use AnyConnect client anymore, because it is not as
good as OpenConnect Client. If you have installed Homebrew on your
Mac, you can just "brew install openconnect". it works much better
than Anyconnect, it has only a command line interface, but you can
create a Launch Daemon for it so that It can keep alive in the
background and automatically reconnect on network change, also you can
add your own routes to the script included, I've been using it for 2
weeks, works just perfect. I'd recommend to give openconnect client a
try, if you have issues, then I may help with my experiences.


Regards
Justin He


On Wed, Sep 9, 2015 at 5:43 AM, Antairez <alexsu1113 at icloud.com> wrote:
> Server is running the latest server software 0.10.8, all certificates have been verified to be installed correctly, authentication method is radius.
>
> On my Mac machine, both running AnyConnect 3.0 and 3.1 yield the same result in console after network interface has changed (restart WiFi switch or waking up laptop from sleep):
>
> 9/8/15 5:21:31.020 PM UserEventAgent[40]: Captive: CNPluginHandler en0: Inactive
> 9/8/15 5:21:36.576 PM UserEventAgent[40]: Captive: [CNInfoNetworkActive:1709] en0: SSID 'Cheng 5Ghz' making interface primary (cache indicates network not captive)
> 9/8/15 5:21:36.577 PM UserEventAgent[40]: Captive: CNPluginHandler en0: Evaluating
> 9/8/15 5:21:36.596 PM UserEventAgent[40]: Captive: en0: Not probing 'Cheng 5Ghz' (cache indicates not captive)
> 9/8/15 5:21:36.598 PM UserEventAgent[40]: Captive: CNPluginHandler en0: Authenticated
> 9/8/15 5:21:41.375 PM acvpnagent[42779]: Function: TestNetEnv File: NetEnvironment.cpp Line: 334 Captive portal detected. Retesting connectivity to the secure gateway in 10 seconds.
> 9/8/15 5:21:41.375 PM acvpnagent[42779]: Current network state: Captive portal detected
>
> Have tried both including and excluding profile.xml on client connection to no avail. Playing with settings inside numerous times yield no results as well.
>
> Both 3.0 and 3.1 clients produce the following message on GUI: “Web authentication required”, but 3.0 will continue the login process while 3.1 will reject user from any further login attempts.
>
> As far as I can see ocserv seems to only support AnyConnect 3.0 at this moment, I guess this is Cisco’s way of stopping user from using their products if they are not licensed and ripped off? Will ocserv support the new clients anytime soon?
>
> Same rules apply to Windows machine. 3.0 Ok 3.1 No go.
> _______________________________________________
> openconnect-devel mailing list
> openconnect-devel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/openconnect-devel

More information about the openconnect-devel mailing list