Failed to obtain WebVPN cookie
Daniel Lenski
dlenski at gmail.com
Tue Jan 24 13:17:32 PST 2017
On Tue, Jan 24, 2017 at 12:16 PM, Dustin Hartung
<dustin.hartung at gmail.com> wrote:
> Thank you for the response and tip. I tried as you said - running it
> with --dump using a user agent and without as there appears to be
> different requirements/rules depending on the device type- the results
> are below:
Yes, this is pretty typical for Juniper. It appears that your VPN uses
authentication forms that are larded up with JavaScript.
You might also want to try --useragent ncsvc, which spoofs the UA of
Juniper's official desktop client, and often results in a simpler and
easier-to-parse HTML page.
For an example of where this works: I use a VPN which authenticates
with "SecureMatrix". With a mobile/desktop UA, it generates a pattern
of images using Java or ActiveX applets and I have to enter the
numbers shown in the applet… but with "ncsvc" it generates a simple
pure-text page that makes it easy to scrape and login automatically
with a Python script (https://github.com/dlenski/smxlogin).
Also, keep in mind that you can do "manual" external authentication as
described in the OpenConnect manual:
http://www.infradead.org/openconnect/juniper.html
Basically, just login via the web interface, then show the DSID cookie
in your browser, and run:
$ openconnect --juniper -C "DSID=foobar12345" vpn.example.com
-Dan
More information about the openconnect-devel
mailing list