Connecting to anyconnect vpn - system verification
Info Skymem
info at skymem.com
Sun Jan 29 15:46:20 PST 2023
Hi,
thank you for your information.
On our website you can find email addresses of companies and people.
https://www.skymem.info
In short, it’s like Google for emails.
Best regards,
Robert,
Skymem team
On Sat, Jan 28, 2023 at 5:58 PM Zbyněk Kačer <zbynek.kacer at pitris.info> wrote:
>
> Daniel Lenski wrote:
> > On Fri, Jan 27, 2023 at 3:58 AM Zbyněk Kačer <zbynek.kacer at pitris.info> wrote:
> >> So I tried openconnect
> > openconnect --version?
> >
> >> So I tried
> >> openconnect --dump-http-traffic --csd-wrapper=/tmp/csd-post.sh
> >> gateway.host.some.server.com
> >>
> >> but the csd-post script seems never be called (I've inserted some echos
> >> at the beginning).
> > Are you 100% sure the `csd-post.sh` is an executable shell script, and
> > that you're not missing an error about it being non-executable, or
> > otherwise failing? Until we made improvements in recent releases
> > (https://gitlab.com/openconnect/openconnect/-/commits/7083a0ac52a95e02b2c75180888bc29bcc9f3bae/auth.c),
> > these errors were very easy to miss.
> >
> > Assuming the script is indeed executable, it's possible that your
> > server detects that you're using a non-Cisco client, or running a
> > not-supported OS, and simply skips over CSD and goes straight to the
> > "limited access" mode.
> >
> > Try adding combinations of the following to the command line and see
> > if they make any difference…
> >
> > --useragent 'AnyConnect Windows 4.10.05095'
> > --os=win
> > --local-hostname=HOSTNAME_OF_YOUR_OFFICIALLY_SUPPORTED_WINDOWS_LAPTOP
> >
> > Rinse/repeat/experiment until you hopefully find the magical
> > combination of options/versions/identifiers (refer to
> > https://www.infradead.org/openconnect/manual.html).
> >
> >> Do I have to force openconnect to post the "scan" result to the gateway
> >> somehow?
> > No.
> > As far as we know, the Cisco servers either (a) require that you
> > complete CSD before authentication will complete and you'll be able to
> > connect the VPN tunnel, or (b) skip it.
> >
> > Dan
> >
> It's debian's v9.01-2.
> Yes, it's executable, I can run it from a terminal.
> The parameters do not help, it's the same. I'll try to play with this a
> little more. Is there any way how to debug it?
>
> Thanks.
>
> _______________________________________________
> openconnect-devel mailing list
> openconnect-devel at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/openconnect-devel
More information about the openconnect-devel
mailing list