Support for Symantec VIP Access.

Fung Chai Lim fungchai.lim at kaisquare.com
Thu Jan 14 06:08:28 EST 2021


Re-run with additional flags.

> I run the following on a host running RebornOS (archlinux):
>
> echo MY-SECRET-PASSWD | sudo openconnect -v \
>     -u USER-NAME \
>     --protocol=anyconnect \
>     --passwd-on-stdin \
>     --token-mode=totp \
>     --token-secret=abcdefgh,158870 \
--csd-user=alice \
--csd-wrapper=/usr/lib/openconnect/csd-wrapper.sh \
>     VPN-SERVER

This time, things went further, but I think things are still not working.

> POST https://VPN-SERVER/
> Attempting to connect to server A.B.C.D:443
> Connected to A.B.C.D:443
> SSL negotiation with VPN-SERVER
> Connected to HTTPS on VPN-SERVER with ciphersuite
> (TLS1.2)-(RSA)-(AES-256-CBC)-(SHA1)
> Got HTTP response: HTTP/1.1 200 OK
> Content-Type: text/html; charset=utf-8
> Transfer-Encoding: chunked
> Cache-Control: no-store
> Pragma: no-cache
> Connection: Keep-Alive
> Date: Thu, 14 Jan 2021 08:08:38 GMT
> X-Frame-Options: SAMEORIGIN
> Strict-Transport-Security: max-age=31536000; includeSubDomains
> X-Aggregate-Auth: 1
> HTTP body chunked (-2)
> OK to generate INITIAL tokencode
> XML POST enabled
Downloading: cscan                                  File not found
Downloading: cstub
Downloading: libcsd.so
Downloading: libhostscan.so
Downloading: libinspector.so
Downloading: libwaapi.so
Downloading: libwacollector.so                  File not found
Downloading: libwaheap.so.4                    File not found
Downloading: libwalocal.so                        File not found
Downloading: libwalocal.so.4                     File not found
Downloading: libwaresource.so                 File not found
Downloading: libwautils.so                         File not found
Downloading: libwautils.so.4                      File not found
Downloading: license.cfg
Downloading: wadiagnose                         File not found
Launching: /home/alice/.cisco/hostscan/bin/cstub -log error -ticket
"4CAAD96D073B7D845F8C5797" -stub "0" -group "" -host
"https://A.B.C.D/CACHE" -certhash
GET https://VPN-server/+CSCOE+/sdesktop/wait.html
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-store
Pragma: no-cache
Connection: Close
Date: Thu, 14 Jan 2021 08:59:30 GMT
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
HTTP body chunked (-2)
Refreshing +CSCOE+/sdesktop/wait.html after 1
second..."F3909304A3FBF475FFC201B00045C581:"
SSL negotiation with VPN-server
Connected to HTTPS on VPN-server with ciphersuite
(TLS1.2)-(RSA)-(AES-256-CBC)-(SHA1)
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-store
Pragma: no-cache
Connection: Close
[Snipped: lots of repeating blocks of text from "Refreshing ..." to
"Connection: Close" every second]
^-C
Socket connect cancelled
Failed to reconnect to host VPN-SERVER: Interrupted system call
Failed to open HTTPS connection to VPN-SERVER
Failed to obtain WebVPN cookie

I noted that ~alice/.cisco/hostscan/bin/cscan and other files (such as
libinspector.so) are text files containing the text "File not found".
The md5sum of these files do not match the entries in
~alice/.cisco/hostscan/manifest.  When I rerun the above command,
those files were re-downloaded, but they still end up the same.

Best regards,



More information about the openconnect-devel mailing list