[HELP] Option for token-field

Tyson Vinson tyson at ninjut.su
Wed Apr 4 09:46:14 PDT 2018


I'm connecting to a VPN endpoint that uses a non-standard field name
for the oath/totp challenge. There was a set of patches to openconnect
here http://lists.infradead.org/pipermail/openconnect-devel/2015-December/003330.html
that add a token-field option. These still apply cleanly and the patch
resolves my issue replying with a token. Can this patchset be applied
to HEAD? If there was some reason this wasn't merged I'd be happy to
help get it in to a state where it can be.

Here's the challenge, dumped with --dump-http-traffic, I'm seeing:

Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: **redacted**
X-Frame-Options: SAMEORIGIN
X-Aggregate-Auth: 1
HTTP body chunked (-2)
< <?xml version="1.0" encoding="UTF-8"?>
< <config-auth client="vpn" type="auth-request" aggregate-auth-version="2">
< <opaque is-for="sg">
< <tunnel-group>**redacted**</tunnel-group>
< <auth-handle>**redacted**</auth-handle>
< <group-alias>**redacted**</group-alias>
< <config-hash>**redacted**</config-hash>
< </opaque>
< <auth id="challenge">
< <title>Login</title>
< <message id="2" param1="Enter your security code:" param2="">%s</message>
< <form>
< <input type="password" name="answer" label="Response:"></input>
< <input type="submit" name="Continue" label="continue"></input>
< </form>
< </auth>
< </config-auth>

- Tyson



More information about the openconnect-devel mailing list