On Fri, Apr 20, 2012 at 10:18 AM, chua wei yang <noobishyang at gmail.com> wrote: > Hi David, > > Ok, off to download and try now and will post result, thanks so much. > > On Fri, Apr 20, 2012 at 8:17 AM, David Woodhouse <dwmw2 at infradead.org> wrote: >> http://david.woodhou.se/openconnect-3.16-21-g05c92b4.tar.gz should fix >> all the issues with Solaris 10. I'll probably make it a 3.17 release >> shortly. >> >> You'll also want the latest vpnc-script from the git repository; there >> were some fixes required for that too. Hi David, What I have done, 1. installed openconnect-3.16-21-g05c92b4.tar.gz. 2. replaced my vpnc-script with the latest from git (updated by you). 3. added proxy server (so sorry I forgot we are using a proxy). 4. ran following command, openconnect --script /etc/vpnc/vpnc-script https://sam.ncs.com.sg --proxy ourProxyServer *Output START* Attempting to connect to ourProxyServer:80 Requesting HTTP proxy connection to sam.ncs.com.sg:443 Unexpected continuation line after CONNECT response: 'Proxy-agent: BlueCoat-Security-Appliance' SSL negotiation with sam.ncs.com.sg Server certificate verify failed: unable to get local issuer certificate Certificate from VPN server "sam.ncs.com.sg" failed verification. Reason: unable to get local issuer certificate Enter 'yes' to accept, 'no' to abort; anything else to view: yes Connected to HTTPS on sam.ncs.com.sg GET https://sam.ncs.com.sg/ Got HTTP response: HTTP/1.0 302 Object Moved Requesting HTTP proxy connection to sam.ncs.com.sg:443 Unexpected continuation line after CONNECT response: 'Proxy-agent: BlueCoat-Security-Appliance' SSL negotiation with sam.ncs.com.sg Server certificate verify failed: unable to get local issuer certificate Connected to HTTPS on sam.ncs.com.sg GET https://sam.ncs.com.sg/+webvpn+/index.html GET https://sam.ncs.com.sg/CACHE/sdesktop/install/binaries/sfinst Error: Server asked us to download and run a 'Cisco Secure Desktop' trojan. This facility is disabled by default for security reasons, so you may wish to enable it.Failed to obtain WebVPN cookie *Output END* 5. Then I referenced this url on CSD, http://www.infradead.org/openconnect/csd.html and tried following command with --csd-user option; take note of this part, have a question at point 6, "This support currently only works when the server has a Linux binary installed, and only when that Linux binary runs on the client machine.", openconnect --script /etc/vpnc/vpnc-script https://sam.ncs.com.sg --proxy ourProxyServer --csd-user root *Output START* Attempting to connect to ourProxyServer:80 Requesting HTTP proxy connection to sam.ncs.com.sg:443 Unexpected continuation line after CONNECT response: 'Proxy-agent: BlueCoat-Security-Appliance' SSL negotiation with sam.ncs.com.sg Server certificate verify failed: unable to get local issuer certificate Certificate from VPN server "sam.ncs.com.sg" failed verification. Reason: unable to get local issuer certificate Enter 'yes' to accept, 'no' to abort; anything else to view: yes Connected to HTTPS on sam.ncs.com.sg GET https://sam.ncs.com.sg/ Got HTTP response: HTTP/1.0 302 Object Moved Requesting HTTP proxy connection to sam.ncs.com.sg:443 Unexpected continuation line after CONNECT response: 'Proxy-agent: BlueCoat-Security-Appliance' SSL negotiation with sam.ncs.com.sg Server certificate verify failed: unable to get local issuer certificate Connected to HTTPS on sam.ncs.com.sg GET https://sam.ncs.com.sg/+webvpn+/index.html GET https://sam.ncs.com.sg/CACHE/sdesktop/install/binaries/sfinst Warning: you are running insecure CSD code with root privileges Use command line option "--csd-user" /tmp/csdFoaalx: syntax error at line 3: `MARKER=$' unexpected Trying to run Linux CSD trojan script.GET https://sam.ncs.com.sg/+CSCOE+/sdesktop/wait.html Refreshing +CSCOE+/sdesktop/wait.html after 1 second... GET https://sam.ncs.com.sg/+CSCOE+/sdesktop/wait.html ... (refreshing and get repeated several times) Refreshing +CSCOE+/sdesktop/wait.html after 1 second... GET https://sam.ncs.com.sg/+CSCOE+/sdesktop/wait.html Error fetching HTTPS response *Output END* 6. I also found this old discussion with similar error message, http://mail.opensolaris.org/pipermail/desktop-discuss/2009-November/014576.html, and you mentioned, "You can download the script yourself (or copy it from /tmp/csd* before it gets deleted) and work out what's going wrong. You'll need to be able to run Linux binaries, but SunOS can manage that, right?". I do have the script at /tmp/csdFoaalx but I have no idea what it's trying to do; at the binary part. And regarding "be able to run Linux binaries", also referencing my point 5, "This support currently only works when the server has a Linux binary installed, and only when that Linux binary runs on the client machine.", so does that mean the CSD part will "work" if my Solaris 10 is capable of running Linux binaries? I am looking at this Brandz thing at http://hub.opensolaris.org/bin/view/Community+Group+brandz/brandz_lae_faq, will it work or is it relevant for my situation?
