Trouble connecting with 2FA

Dylan Thurston dpt at bostoncoop.net
Thu Jul 3 06:19:38 PDT 2025 

Hello,

I just started a job at Boston College, and I've been having trouble
connecting to their AnyConnect VPN. They have a 2FA setup that seems
to require me to choose between a text or phone call, then enter the
response from that to get in, but I don't get to the point of entering
anything.

I'm a newcomer to openconnect, so may well be missing something
obvious.

Here's the log.

dpt at geranium:~$ sudo openconnect -v eaglevpn.bc.edu
POST https://eaglevpn.bc.edu/
Attempting to connect to server 136.167.9.37:443
Connected to 136.167.9.37:443
SSL negotiation with eaglevpn.bc.edu
Connected to HTTPS on eaglevpn.bc.edu with ciphersuite (TLS1.2)-(ECDHE-X25519)-(RSA-SHA256)-(AES-256-GCM)
Got HTTP response: HTTP/1.1 404 Not Found
Cache-Control: no-store
Pragma: no-cache
Connection: Close
Date: Thu, 03 Jul 2025 13:15:28 GMT
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; base-uri 'self'; block-all-mixed-content
HTTP body http 1.0 (-1)
TLS/DTLS socket closed uncleanly
Unexpected 404 result from server
GET https://eaglevpn.bc.edu/
Attempting to connect to server 136.167.9.37:443
Connected to 136.167.9.37:443
SSL negotiation with eaglevpn.bc.edu
Connected to HTTPS on eaglevpn.bc.edu with ciphersuite (TLS1.2)-(ECDHE-X25519)-(RSA-SHA256)-(AES-256-GCM)
Got HTTP response: HTTP/1.0 302 Temporary moved
Set-Cookie: tg=0Q29tbXVuaXR5LXRn; path=/; secure
Content-Length: 0
Cache-Control: no-store
Pragma: no-cache
Connection: Close
Date: Thu, 03 Jul 2025 13:15:28 GMT
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; base-uri 'self'; block-all-mixed-content
Location: /+webvpn+/index.html
HTTP body length:  (0)
GET https://eaglevpn.bc.edu/+webvpn+/index.html
SSL negotiation with eaglevpn.bc.edu
Connected to HTTPS on eaglevpn.bc.edu with ciphersuite (TLS1.2)-(ECDHE-X25519)-(RSA-SHA256)-(AES-256-GCM)
Got HTTP response: HTTP/1.1 200 OK
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; base-uri 'self'; block-all-mixed-content
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: text/xml; charset=utf-8
Cache-Control: no-store
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpn_as=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=1; secure
X-Transcend-Version: 1
HTTP body chunked (-2)
Please enter your username and password.
Username:thurst
Password:
POST https://eaglevpn.bc.edu/+webvpn+/index.html
Got HTTP response: HTTP/1.1 200 OK
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; base-uri 'self'; block-all-mixed-content
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: text/xml; charset=utf-8
Cache-Control: no-store
X-Transcend-Version: 1
HTTP body chunked (-2)
In "Answer" enter # (1-2) to select a 2-Step Verification option and Continue. If you get a TEXT passcode, enter it in the "Answer" box and Continue.

1. Call to X-2922
2. Text to X-2922

POST https://eaglevpn.bc.edu/+webvpn+/login/challenge.html
Got HTTP response: HTTP/1.1 200 OK
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'; base-uri 'self'; block-all-mixed-content
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: text/xml; charset=utf-8
Cache-Control: no-store
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpn_as=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=1; secure
X-Transcend-Version: 1
HTTP body chunked (-2)
Login failed.
Please enter your username and password.
Username:fgets (stdin): Resource temporarily unavailable

More information about the openconnect-devel mailing list