On Mon, Feb 13, 2017 at 9:21 AM, Cary Robbins <carymrobbins at gmail.com> wrote: > So, that seems like it sort of works, but I'm not entirely sure. > There's an Okta workflow to log into the VPN, so I try it from my > browser then steal the cookie, using it on the command line. Note that > I'm using the entire Set-Cookie header, which seems to contain a few > cookies; although, none of them are DSID. > > --------------- > % sudo openconnect --cookie "<cookie>" --protocol=nc https://vpn.company.com > Connected to xx.xx.xx.xx > SSL negotiation with vpn.company.com > Connected to HTTPS on vpn.company.com > --------------- > > It stays there for a while. For whatever reason, a request with an invalid cookie is taking a long to respond, but the Juniper VPN definitely won't be letting you connect without a valid DSID cookie. If the web login flow hasn't arrived at a page that gives you a cookie named DSID then you haven't gotten far enough. (There will be a bunch of other DS* cookies as well, but you don't need those). -Dan
