> So if I use --juniper I get a "Dumping unknown HTTP form".
What does that unknown form look like?
Handling Juniper auth automatically is notoriously difficult because
Juniper VPNs allow free-form web pages as part of the authentication
process. They can use anything from simple HTML forms to JavaScript to
ActiveX controls (!!!) to do the authentication.
> I guess I'd need to script it somehow to route through a browser so I can log in that way.
The easiest way to get started with a Juniper VPN+OpenConnect is
usually to do the login in the web browser, and then "steal" the DSID
cookie from the resulting Juniper web portal page, after a successful
login.
Then start openconnect using that cookie, and bypass the
authentication-form-scraping entirely:
openconnect --cookie "DSID=deadbeefdeadbeefdeadbeef" --protocol=nc
junipervpn.company.com
Dan
On Thu, Feb 9, 2017 at 7:05 AM, Cary Robbins <carymrobbins at gmail.com> wrote:
> So if I use --juniper I get a "Dumping unknown HTTP form". I guess I'd
> need to script it somehow to route through a browser so I can log in
> that way.
>
> Also, once I get that output I then get "Failed to read from SSL
> socket: Error in the pull function." for a while. Possibly this is
> just due to some sort of cache issue.
>
> On Sat, Feb 4, 2017 at 8:48 PM, Daniel Lenski <dlenski at gmail.com> wrote:
>> On Thu, Feb 2, 2017 at 7:05 PM, Cary Robbins <carymrobbins at gmail.com> wrote:
>>>
>>> Attempting to connect to a VPN server yields the following error: XML
>>> response has no "auth" node
>>>
>>> From the looks of it, it seems like maybe it's in some sort of redirect loop.
>>>
>>> Any clues on how we might be able to resolve this issue?
>>
>> Run with --dump-http-traffic to see what XML form is causing
>> OpenConnect to get confused.
