openconnect with Belgian EID

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I try to connect to cisco with openconnect and my Belgian EID card. My access is ok and no user/pw is needed. This is verified with my card and using the anyconnect on windows.
I'm using Fedora 18.

% openconnect --version
OpenConnect version v4.08
Using GnuTLS. Features present: TPM, PKCS#11, DTLS (using OpenSSL)

also configured this so I could use the p11-tool :
% cat /etc/pkcs11/modules/opensc.module
module: opensc-pkcs11.so

I can run the p11tool with --login and my EID pin is asked and my certs are displayed. So after identifying the right id I can run openconnect, but still cant get my WebVPN cookie:


% openconnect -v --no-cert-check -c 'pkcs11:token=BELPIC%20%28Basic%20PIN%29;id=%02' https://vpn1
Attempting to connect to server xxxxxxxx:443
Using PKCS#11 certificate pkcs11:token=BELPIC%20%28Basic%20PIN%29;id=%02;object-type=cert;pin-source=openconnect%3a0x166e930
PIN required for BELPIC (Basic PIN)
Enter PIN:
Using PKCS#11 key pkcs11:token=BELPIC%20%28Basic%20PIN%29;id=%02;object-type=private;pin-source=openconnect%3a0x166e930
Using client certificate 'Christof Haerens (Authentication)'
SSL negotiation with vpn1
Connected to HTTPS on vpn1
GET https://vpn1/
Got HTTP response: HTTP/1.0 302 Object Moved
Content-Type: text/html
Content-Length: 0
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
Date: Tue, 05 Nov 2013 10:17:01 GMT
Location: /+webvpn+/index.html
Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
HTTP body length:  (0)
SSL negotiation with vpn1
Connected to HTTPS on vpn1
GET https://vpn1/+webvpn+/index.html
Got HTTP response: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/xml
Cache-Control: max-age=0
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=1; secure
Set-Cookie: ClientCertAuthFailed=1; path=/; secure
SSL certificate authentication failed
X-Transcend-Version: 1
HTTP body chunked (-2)
Fixed options give
Please enter your username and password.
Certificate Validation Failure
Failed to obtain WebVPN cookie


Any ideas about what I'm still missing?

thxs
Christof
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux