openconnect stuck in wait.html loop

Vladi Gergov vladi at aresgate.net
Fri Jun 23 10:11:36 PDT 2017 

Hi, I am trying to connect to my corp vpn via linux. I have my user
certificate in pfx format. The windows side uses a pin to log in. And then a
on-demand token is sent to my email which i need to use. Any ideas what is wrong?

The command I use to try and connect is:

openconnect -c cert.pfx -u corpaduser --csd-user \
vladi --csd-wrapper ~/csd_wrapper.sh \
https://vpn2.domain.com


csd_wrapper.sh is:

#!/bin/sh -x
shift
while [ "$1" ]; do
  case $1 in
    -ticket)    shift; ticket=$1;;
    -stub)      shift; stub=$1;;
    -group)     shift; group=$1;;
    -certhash)  shift; certhash=$1;;
    -url)       shift; url=$1;;
  esac
  shift;
done
args=" -log debug -ticket $ticket -stub $stub -group $group -host $url -certhash $certhash"
exec "~/cstub" $args

output of command is:

POST https://vpn2.domain.com/
Connected to xx.30.xx.202:443
Enter PEM pass phrase:
Client certificate has expired at: Tue, 20 Jun 2017 05:04:46 GMT
Using client certificate 'vladigergov at fico.com'
SSL negotiation with vpn2.domain.com
Connected to HTTPS on vpn2.domain.com
Got HTTP response: HTTP/1.0 302 Object Moved
GET https://vpn2.domain.com/
Connected to xx.30.xx.202:443
SSL negotiation with vpn2.domain.com
Connected to HTTPS on vpn2.domain.com
Got HTTP response: HTTP/1.0 302 Object Moved
GET https://vpn2.domain.com/+webvpn+/index.html
SSL negotiation with vpn2.domain.com
Connected to HTTPS on vpn2.domain.com
GET https://vpn2.domain.com/CACHE/sdesktop/install/binaries/sfinst
SSL negotiation with vpn2.domain.com
Connected to HTTPS on vpn2.domain.com
GET https://vpn2.domain.com/+CSCOE+/sdesktop/wait.html
+ shift
+ '[' -ticket ']'
+ case $1 in
+ shift
+ ticket='"48FCBD0C0F64403F1585D45E"'
+ shift
+ '[' -stub ']'
+ case $1 in
+ shift
+ stub='"0"'
+ shift
+ '[' -group ']'
+ case $1 in
+ shift
+ group='""'
+ shift
+ '[' -certhash ']'
+ case $1 in
+ shift
+ certhash='"7514AE90639F2C90375A3F63CC0C33AD:7B037EB7E7A62C4CC3846747B0B3D76D"'
+ shift
+ '[' -url ']'
+ case $1 in
+ shift
+ url='"https://vpn2.domain.com/CACHE/sdesktop/install/result.htm"'
+ shift
+ '[' -langselen ']'
+ case $1 in
+ shift
+ '[' '' ']'
+ args=' -log debug -ticket "48FCBD0C0F64403F1585D45E" -stub "0" -group "" -host "https://vpn2.domain.com/CACHE/sdesktop/install/result.htm" -certhash "7514AE90639F2C90375A3F63CC0C33AD:7B037EB7E7A62C4CC3846747B0B3D76D"'
+ exec '~/cstub' -log debug -ticket '"48FCBD0C0F64403F1585D45E"' -stub '"0"' -group '""' -host '"https://vpn2.domain.com/CACHE/sdesktop/install/result.htm"' -certhash '"7514AE90639F2C90375A3F63CC0C33AD:7B037EB7E7A62C4CC3846747B0B3D76D"'
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
^CGET https://vpn2.domain.com/+CSCOE+/sdesktop/wait.html

-- 

,-| Vladi
`-| Gergov

More information about the openconnect-devel mailing list