ocserv: iOS Anyconnect unexpected POST URL /VPN?

Frank H.Y. Wang gladandong at gmail.com
Thu Sep 1 05:56:44 PDT 2016 

On 8/31/16 6:53 PM, Nikos Mavrogiannopoulos wrote:

> Could you be more specific on which feature are you referring to and
> what are you trying to achieve? If it is about selecting groups on
> login, I don't see why this cannot be automated from the openconnect
> command line (see --authgroup).
>
> regards,
> Nikos

Thanks Nikos,

On the client side I am using Cisco AnyConnect. And I have created a 
custom profile.xml with server list like this:

         <ServerList>
                 <HostEntry>
                         <HostName>Example (Forwarding)</HostName>
<HostAddress>vpn.example.com</HostAddress>
<UserGroup>Forwarding</UserGroup>
                 </HostEntry>
                 <HostEntry>
                         <HostName>Example (Split-Tunneling)</HostName>
<HostAddress>vpn.example.com</HostAddress>
<UserGroup>Split-Tunneling</UserGroup>
                 </HostEntry>
         </ServerList>

The goal is to show the user two separated VPN connections in the 
AnyConnect GUI to the same ocserv server, but with different group 
pre-specified. For example when the user want to connect with the 
"Forwarding" group, they can simply choose the "Example (Forwarding)" 
connection.

The problem is that ocserv doesn't expect the group name in the 
authentication URL and rejected the authentication request. So I am 
wondering if we can take the authentication URL as another source of the 
group name.


ocserv[29387]: main: x.x.x.x:51561 main received worker's message 
'session info' of 6 bytes
ocserv[29392]: TLS[<5>]: REC[0x22d2010]: SSL 3.3 Application Data packet 
received. Epoch 0, length: 283
ocserv[29392]: TLS[<5>]: REC[0x22d2010]: Expected Packet Application 
Data(23)
ocserv[29392]: TLS[<5>]: REC[0x22d2010]: Received Packet Application 
Data(23) with length: 283
ocserv[29392]: TLS[<5>]: REC[0x22d2010]: Decrypted Packet[1] Application 
Data(23) with length: 259
ocserv[29392]: worker: x.x.x.x HTTP processing: Cache-Control: no-cache
ocserv[29392]: worker: x.x.x.x HTTP processing: Connection: close
ocserv[29392]: worker: x.x.x.x HTTP processing: Pragma: no-cache
ocserv[29392]: worker: x.x.x.x HTTP processing: Host: 
sgwlaxpri.vastorigin.com
ocserv[29392]: worker: x.x.x.x HTTP processing: User-Agent: AnyConnect 
Windows 4.3.01095
ocserv[29392]: worker: x.x.x.x User-agent: 'AnyConnect Windows 4.3.01095'
ocserv[29392]: worker: x.x.x.x HTTP processing: X-Transcend-Version: 1
ocserv[29392]: worker: x.x.x.x HTTP processing: X-Aggregate-Auth: 1
ocserv[29392]: worker: x.x.x.x HTTP processing: X-AnyConnect-Platform: win
ocserv[29392]: worker: x.x.x.x HTTP processing: Content-Length: 618
ocserv[29392]: worker: x.x.x.x HTTP POST /Forwarding
ocserv[29392]: TLS[<5>]: REC[0x22d2010]: SSL 3.3 Application Data packet 
received. Epoch 0, length: 642
ocserv[29392]: TLS[<5>]: REC[0x22d2010]: Expected Packet Application 
Data(23)
ocserv[29392]: TLS[<5>]: REC[0x22d2010]: Received Packet Application 
Data(23) with length: 642
ocserv[29392]: TLS[<5>]: REC[0x22d2010]: Decrypted Packet[2] Application 
Data(23) with length: 618
ocserv[29392]: worker: x.x.x.x unexpected POST URL /Forwarding


Frank

More information about the openconnect-devel mailing list