AnyConnect on Windows fails to connect to Cisco ASA but openconnect gui will connect
Ľubomír Carik
lubomir.carik at gmail.com
Thu Aug 6 15:52:20 EDT 2020
Using official and unofficial clients on the same OS may cause sometimes issues.
Reinstall tap network adapter may help (or remove and re-create new one)
Lubo.
št 6. 8. 2020 o 19:32 Daniel Lenski <dlenski at gmail.com> napísal(a):
>
> On Wed, Aug 5, 2020 at 5:38 PM D. Scott Shepard <revdshepard at gmail.com> wrote:
> > I realize this mailing list is for issues with Openconnect, but I've
> > run out of other places to look.
>
> Do keep in mind the "Motivation" section of the OpenConnect homepage:
> https://www.infradead.org/openconnect. OpenConnect was written because
> of frustration with AnyConnect :)
>
> Many years after OpenConnect was written, I started
> reverse-engineering the GlobalProtect protocol and then incorporating
> it into OpenConnect
> (https://lists.infradead.org/pipermail/openconnect-devel/2016-October/004010.html)
> because the official GlobalProtect clients are 🤬 terrible in terms of
> exposing and diagnosing what's going wrong when something goes mind,
> and OpenConnect is good at it.
>
> > What is Openconnect doing differently than AnyConnect (especially on Windows 10)?
>
> Not being stupid?
>
> Only doing what it *says* it's doing?
>
> Detailed CLI log with `-vvv --dump` will show you just about
> everything that OpenConnect is sending and receiving from the server
> during the authentication and tunnel setup. Might be useful to compare
> this with a *server*-side log of connection attempt with the
> AnyConnect client.
>
> > How can I fix it?
>
> You're going to have to find some more detailed logging of the
> connection, whether from the client side or on the server side. In my
> (blessedly limited) experiences with the Cisco AnyConnect client
> software on Windows… the security scanner is the most frequent culprit
> for connection issues.
>
> Dan
>
> _______________________________________________
> openconnect-devel mailing list
> openconnect-devel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/openconnect-devel
More information about the openconnect-devel
mailing list