Cannot enter 2FA code

Ian Braithwaite idb at
Mon Sep 12 06:41:36 PDT 2022

On Tue May 17 15:56:25 PDT 2022 Daniel Lenski dlenski at wrote:
 > On Thu, May 12, 2022 at 2:19 PM Henry Luis <Henry.Luis at> wrote:

 > > Today, openconnect prompts me for the 2FA code but does not give me 
the chance to enter it
 > > (see the >"Enter PASSCODE" line below).
 > >  The same happens when I use the network manager Gnome GUI. This 
used to work as of yesterday.

 > Clearly, something must have changed on your *server*, because nothing
 > changed about the client *software* that you're running… right?

 > My educated guess from the limited information here is that the form
 > field sent by the server to request the 2FA code has changed in such a
 > way that OpenConnect doesn't recognize it as a fillable field anymore.
 > But that's only a guess.

 > 1. Use `openconnect -vvv --dump` to add copious additional debugging
 > information. To figure this out, we'll particularly want to see the
 > details of the "challenge"/2FA form, sent in response to
 > the initial `POST https://my-vpn-dot-com/+webvpn+/index.html`.

I'm not the original poster, but I'm experiencing the same problem.
Here's the details of the challenge form as requested.
As you guessed, OpenConnect isn't recognizing that a field needs to be 
filled in
and is just continuing without it.

I guess it's this one?
    <input type="hidden" name="challenge_code" value="0" />

I don't know how OpenConnect is supposed to recognize it... weird it's 

Got HTTP response: HTTP/1.1 200 OK
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 
'unsafe-eval' data: blob:; frame-ancestors 'self'; base-uri 'self'; 
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: text/xml; charset=utf-8
Cache-Control: no-store
X-Transcend-Version: 1
HTTP body chunked (-2)
< <?xml version="1.0" encoding="UTF-8"?>
< <!--
<   Copyright (c) 2007-2008, 2012 by Cisco Systems, Inc.
<   All rights reserved.
<  -->
< <auth id="challenge">
< <title>SSL VPN Service</title>
< <message>Indtast tilsendte engangskode</message>
< <form method="post" action="/+webvpn+/login/challenge.html">
< <input type="submit" name="Continue" value="Continue" />
< <input type="submit" name="Cancel" value="Cancel" />
< <input type="hidden" name="auth_handle" value="1482" />
< <input type="hidden" name="status" value="2" />
< <input type="hidden" name="username" value="kons-ibr" />
< <input type="hidden" name="serverType" value="0" />
< <input type="hidden" name="challenge_code" value="0" />
< </form>
< </auth>
Indtast tilsendte engangskode
 > POST /+webvpn+/login/challenge.html HTTP/1.1

Best regards

More information about the openconnect-devel mailing list