I'm getting the subject error message, "XML response has no "auth" node", when attempting to connect to my work's VPN concentrator. What follows is output of my connection attempt. I can establish SSL connection, but I can't get further than that. I will attempt to connect using Windows (later today hopefully) and compare results, but hoping someone on this list has some ideas what else I can try to connect from Linux. Thanks, -Will $ sudo openconnect -c 'pkcs11:token=CRISP.WILL.J.xxxxxxxxxx;id=%00%01;object=PIV%20ID%20Certificate' --dump-http-traffic --verbose --os win vpn.amrdec.army.mil POST https://vpn.amrdec.army.mil/ Attempting to connect to server 199.209.145.10:443 Using PKCS#11 certificate pkcs11:token=CRISP.WILL.J.xxxxxxxxxx;id=%00%01;object=PIV%20ID%20Certificate;object-type=cert PIN required for CRISP.WILL.J.xxxxxxxxxx Enter PIN: Using PKCS#11 key pkcs11:token=CRISP.WILL.J.xxxxxxxxxx;id=%00%01;object=PIV%20ID%20Certificate;object-type=private Using client certificate 'CRISP.WILL.J.xxxxxxxxxx' Adding supporting CA 'DOD CA-31' SSL negotiation with vpn.amrdec.army.mil Connected to HTTPS on vpn.amrdec.army.mil > POST / HTTP/1.1 > Host: vpn.amrdec.army.mil > User-Agent: Open AnyConnect VPN Agent v7.06-1.el7 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > X-Aggregate-Auth: 1 > X-AnyConnect-Platform: win > X-Support-HTTP-Auth: true > X-Pad: 000000000000000000000000000000000000000000 > Content-Type: application/x-www-form-urlencoded > Content-Length: 214 > > <?xml version="1.0" encoding="UTF-8"?> > <config-auth client="vpn" type="init"><version who="vpn">v7.06-1.el7</version><device-id>win</device-id><group-access>https://vpn.amrdec.army.mil</group-access></config-auth> Got HTTP response: HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Cache-Control: no-cache Pragma: no-cache Connection: Keep-Alive Date: Mon, 17 Apr 2017 02:35:28 GMT X-Frame-Options: SAMEORIGIN X-Aggregate-Auth: 1 HTTP body chunked (-2) < <?xml version="1.0" encoding="UTF-8"?> < <config-auth client="vpn" type="auth-request" aggregate-auth-version="2"> < <client-cert-request></client-cert-request> < </config-auth> POST https://vpn.amrdec.army.mil/ SSL negotiation with vpn.amrdec.army.mil Connected to HTTPS on vpn.amrdec.army.mil > POST / HTTP/1.1 > Host: vpn.amrdec.army.mil > User-Agent: Open AnyConnect VPN Agent v7.06-1.el7 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > X-Aggregate-Auth: 1 > X-AnyConnect-Platform: win > X-Support-HTTP-Auth: true > X-Pad: 000000000000000000000000000000000000000000 > Content-Type: application/x-www-form-urlencoded > Content-Length: 214 > > <?xml version="1.0" encoding="UTF-8"?> > <config-auth client="vpn" type="init"><version who="vpn">v7.06-1.el7</version><device-id>win</device-id><group-access>https://vpn.amrdec.army.mil</group-access></config-auth> Got HTTP response: HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Cache-Control: no-cache Pragma: no-cache Connection: Keep-Alive Date: Mon, 17 Apr 2017 02:35:30 GMT X-Frame-Options: SAMEORIGIN X-Aggregate-Auth: 1 HTTP body chunked (-2) < <?xml version="1.0" encoding="UTF-8"?> < <config-auth client="vpn" type="complete" aggregate-auth-version="2"> < <error id="15" param1="" param2="">Login failed.</error> < </config-auth> XML response has no "auth" node GET https://vpn.amrdec.army.mil/ Attempting to connect to server 199.209.145.10:443 SSL negotiation with vpn.amrdec.army.mil Connected to HTTPS on vpn.amrdec.army.mil > GET / HTTP/1.1 > Host: vpn.amrdec.army.mil > User-Agent: Open AnyConnect VPN Agent v7.06-1.el7 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > X-Support-HTTP-Auth: true > Got HTTP response: HTTP/1.0 302 Object Moved Content-Type: text/html; charset=utf-8 Content-Length: 0 Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Mon, 17 Apr 2017 02:36:22 GMT X-Frame-Options: SAMEORIGIN Location: /+webvpn+/index.html Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure HTTP body length: (0) GET https://vpn.amrdec.army.mil/+webvpn+/index.html SSL negotiation with vpn.amrdec.army.mil Connected to HTTPS on vpn.amrdec.army.mil > GET /+webvpn+/index.html HTTP/1.1 > Host: vpn.amrdec.army.mil > User-Agent: Open AnyConnect VPN Agent v7.06-1.el7 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > X-Support-HTTP-Auth: true > Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnlogin=1; secure X-Frame-Options: SAMEORIGIN X-Transcend-Version: 1 HTTP body chunked (-2) < <?xml version="1.0" encoding="UTF-8"?> < <!-- < Copyright (c) 2013 by Cisco Systems, Inc. < All rights reserved. < --> < <auth id="main"> < <title>SSL VPN Service</title> < <ca status="disabled" href="/+CSCOCA+/login.html" /> < < < < <banner></banner> < <message>Please enter your username and password.</message> < < < <error id="15" param1="" param2="">Login failed.</error> < <form method="post" action="/+webvpn+/index.html"> < < < < < < < < <input type="submit" name="Login" value="Login" /> < <input type="reset" name="Clear" value="Clear" /> < < < </form> < </auth> < Please enter your username and password. Login failed. Failed to obtain WebVPN cookie
