From dpt at bostoncoop.net Thu Jul 3 06:19:38 2025 From: dpt at bostoncoop.net (Dylan Thurston) Date: Thu, 3 Jul 2025 09:19:38 -0400 Subject: Trouble connecting with 2FA Message-ID: Hello, I just started a job at Boston College, and I've been having trouble connecting to their AnyConnect VPN. They have a 2FA setup that seems to require me to choose between a text or phone call, then enter the response from that to get in, but I don't get to the point of entering anything. I'm a newcomer to openconnect, so may well be missing something obvious. Here's the log. dpt at geranium:~$ sudo openconnect -v eaglevpn.bc.edu POST https://eaglevpn.bc.edu/ Attempting to connect to server 136.167.9.37:443 Connected to 136.167.9.37:443 SSL negotiation with eaglevpn.bc.edu Connected to HTTPS on eaglevpn.bc.edu with ciphersuite (TLS1.2)-(ECDHE-X25519)-(RSA-SHA256)-(AES-256-GCM) Got HTTP response: HTTP/1.1 404 Not Found Cache-Control: no-store Pragma: no-cache Connection: Close Date: Thu, 03 Jul 2025 13:15:28 GMT X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1 Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; base-uri 'self'; block-all-mixed-content HTTP body http 1.0 (-1) TLS/DTLS socket closed uncleanly Unexpected 404 result from server GET https://eaglevpn.bc.edu/ Attempting to connect to server 136.167.9.37:443 Connected to 136.167.9.37:443 SSL negotiation with eaglevpn.bc.edu Connected to HTTPS on eaglevpn.bc.edu with ciphersuite (TLS1.2)-(ECDHE-X25519)-(RSA-SHA256)-(AES-256-GCM) Got HTTP response: HTTP/1.0 302 Temporary moved Set-Cookie: tg=0Q29tbXVuaXR5LXRn; path=/; secure Content-Length: 0 Cache-Control: no-store Pragma: no-cache Connection: Close Date: Thu, 03 Jul 2025 13:15:28 GMT X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1 Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; base-uri 'self'; block-all-mixed-content Location: /+webvpn+/index.html HTTP body length: (0) GET https://eaglevpn.bc.edu/+webvpn+/index.html SSL negotiation with eaglevpn.bc.edu Connected to HTTPS on eaglevpn.bc.edu with ciphersuite (TLS1.2)-(ECDHE-X25519)-(RSA-SHA256)-(AES-256-GCM) Got HTTP response: HTTP/1.1 200 OK Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1 Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; base-uri 'self'; block-all-mixed-content X-Frame-Options: SAMEORIGIN Transfer-Encoding: chunked Content-Type: text/xml; charset=utf-8 Cache-Control: no-store Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpn_as=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnlogin=1; secure X-Transcend-Version: 1 HTTP body chunked (-2) Please enter your username and password. Username:thurst Password: POST https://eaglevpn.bc.edu/+webvpn+/index.html Got HTTP response: HTTP/1.1 200 OK Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1 Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; base-uri 'self'; block-all-mixed-content X-Frame-Options: SAMEORIGIN Transfer-Encoding: chunked Content-Type: text/xml; charset=utf-8 Cache-Control: no-store X-Transcend-Version: 1 HTTP body chunked (-2) In "Answer" enter # (1-2) to select a 2-Step Verification option and Continue. If you get a TEXT passcode, enter it in the "Answer" box and Continue. 1. Call to X-2922 2. Text to X-2922 POST https://eaglevpn.bc.edu/+webvpn+/login/challenge.html Got HTTP response: HTTP/1.1 200 OK Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff X-XSS-Protection: 1 Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; base-uri 'self'; block-all-mixed-content X-Frame-Options: SAMEORIGIN Transfer-Encoding: chunked Content-Type: text/xml; charset=utf-8 Cache-Control: no-store Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpn_as=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnlogin=1; secure X-Transcend-Version: 1 HTTP body chunked (-2) Login failed. Please enter your username and password. Username:fgets (stdin): Resource temporarily unavailable