Cannot enter 2FA code
Ian Braithwaite
idb at tagvision.dk
Mon Sep 12 06:41:36 PDT 2022
On Tue May 17 15:56:25 PDT 2022 Daniel Lenski dlenski at gmail.com wrote:
> On Thu, May 12, 2022 at 2:19 PM Henry Luis <Henry.Luis at
networkedenergy.com> wrote:
> > Today, openconnect prompts me for the 2FA code but does not give me
the chance to enter it
> > (see the >"Enter PASSCODE" line below).
> > The same happens when I use the network manager Gnome GUI. This
used to work as of yesterday.
> Clearly, something must have changed on your *server*, because nothing
> changed about the client *software* that you're running… right?
> My educated guess from the limited information here is that the form
> field sent by the server to request the 2FA code has changed in such a
> way that OpenConnect doesn't recognize it as a fillable field anymore.
> But that's only a guess.
> 1. Use `openconnect -vvv --dump` to add copious additional debugging
> information. To figure this out, we'll particularly want to see the
> details of the "challenge"/2FA form, sent in response to
> the initial `POST https://my-vpn-dot-com/+webvpn+/index.html`.
I'm not the original poster, but I'm experiencing the same problem.
Here's the details of the challenge form as requested.
As you guessed, OpenConnect isn't recognizing that a field needs to be
filled in
and is just continuing without it.
I guess it's this one?
<input type="hidden" name="challenge_code" value="0" />
I don't know how OpenConnect is supposed to recognize it... weird it's
"hidden".
-+-+-+-
Got HTTP response: HTTP/1.1 200 OK
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline'
'unsafe-eval' data: blob:; frame-ancestors 'self'; base-uri 'self';
block-all-mixed-content
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: text/xml; charset=utf-8
Cache-Control: no-store
X-Transcend-Version: 1
HTTP body chunked (-2)
< <?xml version="1.0" encoding="UTF-8"?>
< <!--
< Copyright (c) 2007-2008, 2012 by Cisco Systems, Inc.
< All rights reserved.
< -->
< <auth id="challenge">
< <title>SSL VPN Service</title>
<
< <message>Indtast tilsendte engangskode</message>
<
< <form method="post" action="/+webvpn+/login/challenge.html">
<
<
< <input type="submit" name="Continue" value="Continue" />
< <input type="submit" name="Cancel" value="Cancel" />
<
< <input type="hidden" name="auth_handle" value="1482" />
< <input type="hidden" name="status" value="2" />
< <input type="hidden" name="username" value="kons-ibr" />
< <input type="hidden" name="serverType" value="0" />
< <input type="hidden" name="challenge_code" value="0" />
< </form>
< </auth>
<
<
Indtast tilsendte engangskode
POST https://konsulent.horsenskom.dk/+webvpn+/login/challenge.html
> POST /+webvpn+/login/challenge.html HTTP/1.1
-+-+-+-
Best regards
-Ian
More information about the openconnect-devel
mailing list