-------- Forwarded Message --------
Subject: Re: Juniper connection failure, HTTP/1.1 302 Found
Date: Wed, 12 Aug 2015 20:28:37 -0400
From: Nate Mow <natemow at gmail.com>
To: David Woodhouse <dwmw2 at infradead.org>
I think I did try that at some point...trying it again, I'm seeing this
come next in the log:
Got HTTP response: HTTP/1.1 200 OK
Content-type: application/octet-stream
Pragma: no-cache
NCP-Version: 3
Set-Cookie: DSLastAccess=1439424998; path=/; Secure
Connection: close
X-Frame-Options: SAMEORIGIN
SSL negotiation with alias.example.com
No match for altname 'vpn.example.com'
No match for altname 'alias.example-europe.com'
Matched DNS altname 'alias.example.com'
Connected to HTTPS on alias.example.com
Got HTTP response: HTTP/1.1 200 OK
Content-type: application/octet-stream
Pragma: no-cache
NCP-Version: 3
Set-Cookie: DSLastAccess=1439424998; path=/; Secure
Connection: close
X-Frame-Options: SAMEORIGIN
0000: 14 00 00 04 00 00 00 07 00 45 4c 4b 48 41 52 54
0010: bb 01 00 00 00 00
Server response to hostname packet is error 0x08
Creating SSL connection failed
To me it looks like host is responding with "here, install this applet"
now. Is there a way to get the raw response from the server? (I'm not a
C guy, so a bit out of my depth as far as tracing locally goes).
On 08/12/2015 08:08 PM, David Woodhouse wrote:
> On Wed, 2015-08-12 at 20:06 -0400, Nate Mow wrote:
>> # Now attempt the actual connection.
>> echo "$COOKIE" | sudo openconnect "$JNC_HOST" \
>> --dump-http-traffic \
>> --disable-ipv6 \
>> --os="linux-64" \
>> --useragent="$_ua_string" \
>> --cookie-on-stdin \
>> --cafile="./config/GlobalSignOrganizationValidationCA-SHA256-G2.ca" \
>> --servercert="$FINGERPRINT" \
>> --no-cert-check --background --pid-file=$VPN_PID_FILE \
>> >> $VPN_LOG_FILE 2>&1;
> You'll want a --juniper in that one somewhere too.
>
