SSL huawei AR150 Series Enterprise Routers
Alfredo Tomasini
alto.tom at e-td55.com
Mon Apr 15 10:35:40 PDT 2024
OOPS That was a typo , yes PARTNER.
Note: the router is not a cisco but huawei AR150, in spite most likely
they use the same protocol, maybe!
tried
/usr/sbin/openconnect --useragent="AnyConnect" ....
XML response has no "auth" node
Failed to complete authentication
did not work
Also, tried all the following
--protocol=anyconnect Compatible with Cisco AnyConnect SSL VPN, as well
as ocserv (default)
--protocol=nc Compatible with Juniper Network Connect
--protocol=gp Compatible with Palo Alto Networks (PAN) GlobalProtect SSL
VPN
--protocol=pulse Compatible with Pulse Connect Secure SSL VPN
--protocol=f5 Compatible with F5 BIG-IP SSL VPN
--protocol=fortinet Compatible with FortiGate SSL VPN
--protocol=array Compatible with Array Networks SSL VPN
No success
In case you have time and interest, this is the server 58.246.39.91:8899
(better not to post this, I guess)
The only protocol that get me to login and password is
--protocol=fortinet
then it fails with
POST https://58.246.39.91:8899/remote/logincheck
Got HTTP response: HTTP/1.1 404 Not Found
Unexpected 404 result from server
I did try to change vpninfo inside fortinet.c
from
vpninfo->urlpath = strdup("remote/logincheck")
to
vpninfo->urlpath = strdup("logincheck")
vpninfo->urlpath = strdup("login")
and some other combination, no luck. I used --dump-http-traffic but too
much
stuff is coming back for a non java savvy person to find out whether the
information
I am looking for is there of not.
I do not know if this help:
The official tools is call
UNIVPN CLIENT
http://www.leagsoft.com/doc/article/103107.html
(used S3.translator to see the info)
They have a version for linux but it does not work on my slackware 14.2
because of libraries issue.
It does work on slackware 15.0 but, other SW do not work (cad stuff), I
cannot do the migration right now.
---
Alfredo Tomasini
www.e-td55.com/company
(408) 886 1666
On 2024-04-14 16:02, Daniel Lenski wrote:
> On Fri, Apr 12, 2024 at 4:29 PM Alfredo Tomasini <alto.tom at e-td55.com>
> wrote:
>
>> I am trying to get a vpn connection to our pattern in China
>
> What does this mean? (Maybe your meant PARTNER in China... maybe not?)
>
>> by using
>> openconnect
>
> Specifically, you're using OpenConnect v9.01 according to your logs.
> Released just about 2 years ago, and bundled with many Linux
> distributions.
>
>> this is error
>>
>> XML response has no "auth" node
>>
>> Failed to complete authentication
>>
>> never get to login and password
>>
>> The server is not configure to use certificates
>>
>> I am not an expert on this subject, but by looking at the header of
>> the
>> dump
>> it seems the connection happen, but something is not interpreted
>> properly.
>
> It appears very likely that this is
> https://gitlab.com/openconnect/openconnect/-/issues/665.
>
> Try adding `--user-agent="AnyConnect"` to the command-line.
>
> If that makes it work, then yes it is this frustrating issue caused by
> Cisco changing their servers' authentication process in a
> backwards-incompatible way... not just incompatible with all previous
> versions of OpenConnect, but also with very old versions of their
> *own* software. This is fixed in the master branch as of
> https://gitlab.com/openconnect/openconnect/-/merge_requests/497, but
> not yet in any released version of OpenConnect.
More information about the openconnect-devel
mailing list