XML response has no "auth" node

Will Crisp crispjw at gmail.com
Mon Apr 17 05:10:32 PDT 2017 

I'm getting the subject error message, "XML response has no "auth"
node", when attempting to connect to my work's VPN concentrator.  What
follows is output of my connection attempt.  I can establish SSL
connection, but I can't get further than that.  I will attempt to
connect using Windows (later today hopefully) and compare results, but
hoping someone on this list has some ideas what else I can try to
connect from Linux.

Thanks,
-Will

$ sudo openconnect -c
'pkcs11:token=CRISP.WILL.J.xxxxxxxxxx;id=%00%01;object=PIV%20ID%20Certificate'
--dump-http-traffic --verbose --os win vpn.amrdec.army.mil
POST https://vpn.amrdec.army.mil/
Attempting to connect to server 199.209.145.10:443
Using PKCS#11 certificate
pkcs11:token=CRISP.WILL.J.xxxxxxxxxx;id=%00%01;object=PIV%20ID%20Certificate;object-type=cert
PIN required for CRISP.WILL.J.xxxxxxxxxx
Enter PIN:
Using PKCS#11 key
pkcs11:token=CRISP.WILL.J.xxxxxxxxxx;id=%00%01;object=PIV%20ID%20Certificate;object-type=private
Using client certificate 'CRISP.WILL.J.xxxxxxxxxx'
Adding supporting CA 'DOD CA-31'
SSL negotiation with vpn.amrdec.army.mil
Connected to HTTPS on vpn.amrdec.army.mil
> POST / HTTP/1.1
> Host: vpn.amrdec.army.mil
> User-Agent: Open AnyConnect VPN Agent v7.06-1.el7
> Accept: */*
> Accept-Encoding: identity
> X-Transcend-Version: 1
> X-Aggregate-Auth: 1
> X-AnyConnect-Platform: win
> X-Support-HTTP-Auth: true
> X-Pad: 000000000000000000000000000000000000000000
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 214
>
> <?xml version="1.0" encoding="UTF-8"?>
> <config-auth client="vpn" type="init"><version who="vpn">v7.06-1.el7</version><device-id>win</device-id><group-access>https://vpn.amrdec.army.mil</group-access></config-auth>
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Mon, 17 Apr 2017 02:35:28 GMT
X-Frame-Options: SAMEORIGIN
X-Aggregate-Auth: 1
HTTP body chunked (-2)
< <?xml version="1.0" encoding="UTF-8"?>
< <config-auth client="vpn" type="auth-request" aggregate-auth-version="2">
< <client-cert-request></client-cert-request>
< </config-auth>
POST https://vpn.amrdec.army.mil/
SSL negotiation with vpn.amrdec.army.mil
Connected to HTTPS on vpn.amrdec.army.mil
> POST / HTTP/1.1
> Host: vpn.amrdec.army.mil
> User-Agent: Open AnyConnect VPN Agent v7.06-1.el7
> Accept: */*
> Accept-Encoding: identity
> X-Transcend-Version: 1
> X-Aggregate-Auth: 1
> X-AnyConnect-Platform: win
> X-Support-HTTP-Auth: true
> X-Pad: 000000000000000000000000000000000000000000
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 214
>
> <?xml version="1.0" encoding="UTF-8"?>
> <config-auth client="vpn" type="init"><version who="vpn">v7.06-1.el7</version><device-id>win</device-id><group-access>https://vpn.amrdec.army.mil</group-access></config-auth>
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Mon, 17 Apr 2017 02:35:30 GMT
X-Frame-Options: SAMEORIGIN
X-Aggregate-Auth: 1
HTTP body chunked (-2)
< <?xml version="1.0" encoding="UTF-8"?>
< <config-auth client="vpn" type="complete" aggregate-auth-version="2">
< <error id="15" param1="" param2="">Login failed.</error>
< </config-auth>
XML response has no "auth" node
GET https://vpn.amrdec.army.mil/
Attempting to connect to server 199.209.145.10:443
SSL negotiation with vpn.amrdec.army.mil
Connected to HTTPS on vpn.amrdec.army.mil
> GET / HTTP/1.1
> Host: vpn.amrdec.army.mil
> User-Agent: Open AnyConnect VPN Agent v7.06-1.el7
> Accept: */*
> Accept-Encoding: identity
> X-Transcend-Version: 1
> X-Support-HTTP-Auth: true
>
Got HTTP response: HTTP/1.0 302 Object Moved
Content-Type: text/html; charset=utf-8
Content-Length: 0
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
Date: Mon, 17 Apr 2017 02:36:22 GMT
X-Frame-Options: SAMEORIGIN
Location: /+webvpn+/index.html
Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
HTTP body length:  (0)
GET https://vpn.amrdec.army.mil/+webvpn+/index.html
SSL negotiation with vpn.amrdec.army.mil
Connected to HTTPS on vpn.amrdec.army.mil
> GET /+webvpn+/index.html HTTP/1.1
> Host: vpn.amrdec.army.mil
> User-Agent: Open AnyConnect VPN Agent v7.06-1.el7
> Accept: */*
> Accept-Encoding: identity
> X-Transcend-Version: 1
> X-Support-HTTP-Auth: true
>
Got HTTP response: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/xml
Cache-Control: max-age=0
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=1; secure
X-Frame-Options: SAMEORIGIN
X-Transcend-Version: 1
HTTP body chunked (-2)
< <?xml version="1.0" encoding="UTF-8"?>
< <!--
<   Copyright (c) 2013 by Cisco Systems, Inc.
<   All rights reserved.
<  -->
< <auth id="main">
< <title>SSL VPN Service</title>
< <ca status="disabled" href="/+CSCOCA+/login.html" />
<
<
<
< <banner></banner>
< <message>Please enter your username and password.</message>
<
<
< <error id="15" param1="" param2="">Login failed.</error>
< <form method="post" action="/+webvpn+/index.html">
<
<
<
<
<
<
<
< <input type="submit" name="Login" value="Login" />
< <input type="reset" name="Clear" value="Clear" />
<
<
< </form>
< </auth>
<
Please enter your username and password.
Login failed.
Failed to obtain WebVPN cookie

More information about the openconnect-devel mailing list