Bug Report - OpenConnect VPN Connection Issue on Ubuntu 24

Daniel Lenski dlenski at gmail.com
Sat Jun 22 11:05:07 PDT 2024 

On Wed, Jun 19, 2024 at 7:05 PM Lee <309820282 at qq.com> wrote:
> Dear author,
> I hope this email finds you well. I am writing to report a bug that I have encountered while using the OpenConnect software on my Ubuntu 24 system.
> When attempting to connect to a VPN using OpenConnect, I am prompted to enter my password as expected. However, after entering the password, the application requests a real-time verification code that is sent to my email address. Unfortunately, the terminal does not provide me with an input field for this code, and the connection fails without any further explanation.
> I understand that this issue may be due to a limitation in the OpenConnect software or the underlying VPN infrastructure. However, I was wondering if there is any possibility of this bug being fixed in future updates or if there are any workarounds that I can use in the meantime to successfully connect to the VPN.
> Thank you for your attention to this matter. I look forward to hearing from you soon.
> Best regards,
> rugnag.li
>
>
> The output of the terminal is as follows:
>
> POST https://vpn2fa.hku.hk/
> Connected to 147.8.240.41:443
> SSL negotiation with vpn2fa.hku.hk
> Connected to HTTPS on vpn2fa.hku.hk with ciphersuite (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
> Got HTTP response: HTTP/1.1 404 Not Found
> Unexpected 404 result from server
> GET https://vpn2fa.hku.hk/
> Connected to 147.8.240.42:443
> SSL negotiation with vpn2fa.hku.hk
> Connected to HTTPS on vpn2fa.hku.hk with ciphersuite (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
> Got HTTP response: HTTP/1.0 302 Object Moved
> GET https://vpn2fa.hku.hk/+webvpn+/index.html
> SSL negotiation with vpn2fa.hku.hk
> Connected to HTTPS on vpn2fa.hku.hk with ciphersuite (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
> Please enter your username and password.
> Password:
> POST https://vpn2fa.hku.hk/+webvpn+/index.html
> -Please enter your token code
> POST https://vpn2fa.hku.hk/+webvpn+/login/challenge.html
> Login failed.
> Please enter your username and password.
> Password:

This is some variant of
https://gitlab.com/openconnect/openconnect/-/issues/665, with the
additional complication that your server doesn't like clients which
identify themselves as *Linux* systems. 🤷🏻‍♂️

Add '--os=win' and/or '--useragent=AnyConnect' to your command line to
workaround this.

Daniel

More information about the openconnect-devel mailing list