Connecting to anyconnect vpn - system verification
Daniel Lenski
dlenski at gmail.com
Thu Feb 2 12:54:20 PST 2023
I'm afraid tuning parameters does not help at all. I unsuccessfully
>
> tried various combinantions.
> Then I dumped the /opt/cisco/anyconnect/bin/vpnui traffic, tried what
> the official client sends and still no success.
Hmmm. So you can see all (or almost all) of the traffic between the
official client and the server, and you see NO differences between
what OpenConnect sends and what the official clients send…?
> What can I do more? What to dump?
It's quite difficult to say without seeing some of this traffic and
comparing carefully. It sounds like you've already read
https://www.infradead.org/openconnect/mitm.html, and have a good idea
of how to capture the traffic from the official client.
> I'm able to dump (SSLKEYLOGFILE) ui's traffic and partly also the
> vpnagentd's traffic but there are still some tls streams unreadable.
Any idea about the *timing* or *quantity* of those TLS streams which
you can't see, relative to other requests which you can see?
Dan
More information about the openconnect-devel
mailing list