On 5/30/2013 4:25 AM, David Woodhouse wrote: > You could try updating just openconnect, perhaps? Although you might > need a newer OpenSSL for that... I upgraded my router to Attitude Adjustment and Openconnect 4.08. It now behaves differently with the Duo Security (https://www.duosecurity.com/) product. I now know a little bit more about why they are doing what they are doing. Duo Security had us load this javascript file on the web interface: https://gist.github.com/anonymous/5709611 I have changed the sensitive values. This allows the various VPN clients to pop up a message on your smart phone or have your smart phone generate a code that becomes your second password. I assume this javascript is not agreeing with openconnect even for groups that do not have this feature enabled. The Duo Security feature is enable per VPN group. I have a script that contains the username and password for the VPN connection. On the older version of openconnect, it would prompt for additional username and password, and would let me in as long as I put in junk values. on 4.08, I get this: ------------ Please enter your username and password. Username:Failed to obtain WebVPN cookie root at OpenWrt:~# ------------ If I take the username and password out of the script, I get prompted for username and password. Once I enter valid credentials, I am prompted a second time. Again, I just have to put in junk values. This is all for a group that is not secured by Duo Security. This is obviously not a shortcoming of openconnect. I just didn't want to leave this issue without explaining what happened. If there is any way I could make open connect behave like a browser in this case, that would be really cool, but it is not something I would expect to work.
