OK, it seems that 4.07 is getting a redirect, while 5.01 does not: Failing output of openconnect 5.01: POST https://213.172.3.40/ Attempting to connect to server 213.172.3.40:443 SSL negotiation with 213.172.3.40 Server certificate verify failed: signer not found Certificate from VPN server "213.172.3.40" failed verification. Reason: signer not found Enter 'yes' to accept, 'no' to abort; anything else to view: yes Connected to HTTPS on 213.172.3.40 Got HTTP response: HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Cache-Control: no-cache Pragma: no-cache Connection: Keep-Alive Date: Wed, 25 Dec 2013 16:11:18 GMT X-Aggregate-Auth: 1 HTTP body chunked (-2) XML POST enabled GROUP: [ADMBankier|ADMCborne|ADMCborne-new|ADMNetwork|ADMOther|ADMPhones|ADMW2K|MobileMGR|WssDocs]:ADMCborne Username:cborne Password: POST https://213.172.3.40/ Got HTTP response: HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Cache-Control: no-cache Pragma: no-cache Connection: Keep-Alive Date: Wed, 25 Dec 2013 16:11:33 GMT X-Aggregate-Auth: 1 HTTP body chunked (-2) Login failed. GROUP: [ADMBankier|ADMCborne|ADMCborne-new|ADMNetwork|ADMOther|ADMPhones|ADMW2K|MobileMGR|WssDocs]: Successful output with openconnect 4.07: Attempting to connect to 213.172.3.40:443 SSL negotiation with 213.172.3.40 Server certificate verify failed: signer not found Certificate from VPN server "213.172.3.40" failed verification. Reason: signer not found Enter 'yes' to accept, 'no' to abort; anything else to view: yes Connected to HTTPS on 213.172.3.40 GET https://213.172.3.40/ Got HTTP response: HTTP/1.0 302 Object Moved Content-Type: text/html; charset=utf-8 Content-Length: 0 Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Wed, 25 Dec 2013 16:05:02 GMT Location: /+webvpn+/index.html Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure HTTP body length: (0) SSL negotiation with 213.172.3.40 Server certificate verify failed: signer not found Connected to HTTPS on 213.172.3.40 GET https://213.172.3.40/+webvpn+/index.html Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnlogin=1; secure X-Transcend-Version: 1 HTTP body chunked (-2) Fixed options give Please enter your username and password. GROUP: [ADMBankier|ADMCborne|ADMCborne-new|ADMNetwork|ADMOther|ADMPhones|ADMW2K|MobileMGR|WssDocs]:ADMCborne Username:cborne Password: POST https://213.172.3.40/+webvpn+/index.html Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpnlogin=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpn=<elided>; path=/; secure Set-Cookie: webvpnc=bu:/CACHE/stc/&p:t&iu:1/&sh:9AA6F4978ABEAEC4EB82EDB65A87391F3171214D&lu:/+CSCOT+/translation-table?textdomain%3DAnyConnect%26type%3Dmanifest; path=/; secure Set-Cookie: webvpnx= Set-Cookie: webvpnaac=1; path=/; secure X-Transcend-Version: 1 HTTP body chunked (-2) TCP_INFO rcv mss 1368, snd mss 1368, adv mss 1448, pmtu 1500 Got CONNECT response: HTTP/1.1 200 OK .... On Wed, Dec 25, 2013 at 5:58 PM, Kevin Cernekee <cernekee at gmail.com> wrote: > On Wed, Dec 25, 2013 at 7:53 AM, Anton Keks <anton at codeborne.com> wrote: >> Hello and happy holidays! >> >> we are sorry to inform that we have an Anyconnect server that worked >> perfectly with openconnect 4.07, but no longer works with openconnect >> 5.01. >> We discovered it after upgrade to Ubuntu 13.10. Downgrading >> openconnect back to 4.07 solves the issue. >> >> By not working I mean it cannot estabilish the conneciton, but it >> doesn't give any meaningful error messages except for "connection >> failed" after the password has been entered. >> >> Which debugging info can I provide in order to trace this problem? > > Please post the output from running "openconnect -v <hostname>" > > Also you might want to try my "jni-20131224" branch from > git://github.com/cernekee/openconnect as this fixes a number of > outstanding bugs. -- Anton //codeborne
