Hi Daniel and list, in attach the dump. I tryied to add also --os=android but i received another error (dump in file _android attached) Thanks for support Il giorno gio, 16/08/2018 alle 08.29 -0700, Daniel Lenski ha scritto: > On Aug 16, 2018 7:00 AM, <alessandro.narzisi at gmail.com> wrote: > > > > Hi to all, > > > > i try to use openconnect to connect at my business vpn, untill few > > month ago i able to connect, but now, after an upgrade of server i > > receive an error of > > > > X-Aggregate-Auth: 1 > > HTTP body chunked (-2) > > Login denied, unauthorized connection mechanism, contact your > > administrator. > > You've given the final error message, but not the client/server > interactions which led up to it. You should run with `openconnect > --dump -vvvv` and post more of the log, if possible. > > > Seems that the authentication mode "EAP-Anyconnect" is not > > supported in > > this version of openconnect client. > > > > I would ask you if there is some option in openconnect to specify > > authentication mode EAP-Anyconnect. > > > > If i use app on android Cisco Anyconnect i have no problem. > > It appears that your server is expecting to be able to use some > external authentication mode, which is perhaps available through the > Cisco Windows or MacOS clients. > > You can use `openconnect --os=android` to spoof an Android client. > This might cause the server to fall back to a more "normal" HTTP- > based > authentication mode. > > Dan -------------- next part -------------- alessandro at stefania-VPCEH2N1E:~$ sudo openconnect --dump -vvvv -u myusername xxx.xxx.xxx.150 [sudo] password di alessandro: POST https://xxx.xxx.xxx.150/ Attempting to connect to server xxx.xxx.xxx.150:443 Connected to xxx.xxx.xxx.150:443 SSL negotiation with xxx.xxx.xxx.150 Server certificate verify failed: signer not found Certificate from VPN server "xxx.xxx.xxx.150" failed verification. Reason: signer not found To trust this server in future, perhaps add this to your command line: --servercert sha256:34971885c60017dfc2a8c6b582386cac93485d968d2b863bb6d0dd845ac76cf7 Enter 's?' to accept, 'no' to abort; anything else to view: s? Connected to HTTPS on xxx.xxx.xxx.150 > POST / HTTP/1.1 > Host: xxx.xxx.xxx.150 > User-Agent: Open AnyConnect VPN Agent v7.08 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > X-Aggregate-Auth: 1 > X-AnyConnect-Platform: linux-64 > X-Support-HTTP-Auth: true > X-Pad: 00000000000000000000000000000000000000000000000 > Content-Type: application/x-www-form-urlencoded > Content-Length: 209 > > <?xml version="1.0" encoding="UTF-8"?> > <config-auth client="vpn" type="init"><version who="vpn">v7.08</version><device-id>linux-64</device-id><group-access>https://xxx.xxx.xxx.150</group-access></config-auth> Got HTTP response: HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Cache-Control: no-cache Pragma: no-cache Connection: Keep-Alive Date: Thu, 16 Aug 2018 20:02:00 GMT X-Frame-Options: SAMEORIGIN X-Aggregate-Auth: 1 HTTP body chunked (-2) < <?xml version="1.0" encoding="UTF-8"?> < <config-auth client="vpn" type="auth-request"> < <opaque is-for="sg"> < <tunnel-group>TernaAnyConnect</tunnel-group> < <group-alias>VPNAnyConnect</group-alias> < <config-hash>1518074870349</config-hash> < </opaque> < <auth id="main"> < <title>Login</title> < <message>Please enter your username and password.</message> < <banner></banner> < <form> < <input type="text" name="username" label="Username:"></input> < <input type="password" name="password" label="Password:"></input> < <select name="group_list" label="GROUP:"> < <option selected="true">VPNAnyConnect</option> < <option>trn</option> < </select> < </form> < </auth> < </config-auth> POST XML abilitato Please enter your username and password. GROUP: [VPNAnyConnect|trn]:VPNAnyConnect POST https://xxx.xxx.xxx.150/ > POST / HTTP/1.1 > Host: xxx.xxx.xxx.150 > User-Agent: Open AnyConnect VPN Agent v7.08 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > X-Aggregate-Auth: 1 > X-AnyConnect-Platform: linux-64 > X-Support-HTTP-Auth: true > X-Pad: 0000 > Content-Type: application/x-www-form-urlencoded > Content-Length: 252 > > <?xml version="1.0" encoding="UTF-8"?> > <config-auth client="vpn" type="init"><version who="vpn">v7.08</version><device-id>linux-64</device-id><group-access>https://xxx.xxx.xxx.150/</group-access><group-select>VPNAnyConnect</group-select></config-auth> Got HTTP response: HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Cache-Control: no-cache Pragma: no-cache Connection: Keep-Alive Date: Thu, 16 Aug 2018 20:02:08 GMT X-Frame-Options: SAMEORIGIN X-Aggregate-Auth: 1 HTTP body chunked (-2) < <?xml version="1.0" encoding="UTF-8"?> < <config-auth client="vpn" type="auth-request"> < <opaque is-for="sg"> < <tunnel-group>TernaAnyConnect</tunnel-group> < <group-alias>VPNAnyConnect</group-alias> < <config-hash>1518074870349</config-hash> < </opaque> < <auth id="main"> < <title>Login</title> < <message>Please enter your username and password.</message> < <banner></banner> < <form> < <input type="text" name="username" label="Username:"></input> < <input type="password" name="password" label="Password:"></input> < <select name="group_list" label="GROUP:"> < <option selected="true">VPNAnyConnect</option> < <option>trn</option> < </select> < </form> < </auth> < </config-auth> POST XML abilitato Please enter your username and password. Password: POST https://xxx.xxx.xxx.150/ > POST / HTTP/1.1 > Host: xxx.xxx.xxx.150 > User-Agent: Open AnyConnect VPN Agent v7.08 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > X-Aggregate-Auth: 1 > X-AnyConnect-Platform: linux-64 > X-Support-HTTP-Auth: true > X-Pad: 000000000000000 > Content-Type: application/x-www-form-urlencoded > Content-Length: 433 > > <?xml version="1.0" encoding="UTF-8"?> > <config-auth client="vpn" type="auth-reply"><version who="vpn">v7.08</version><device-id>linux-64</device-id><opaque is-for="sg"> > <tunnel-group>TernaAnyConnect</tunnel-group> > <group-alias>VPNAnyConnect</group-alias> > <config-hash>1518074870349</config-hash> > </opaque><auth><username>myusername</username><password>terna$023</password></auth><group-select>VPNAnyConnect</group-select></config-auth> Got HTTP response: HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Cache-Control: no-cache Pragma: no-cache Connection: Keep-Alive Date: Thu, 16 Aug 2018 20:02:13 GMT X-Frame-Options: SAMEORIGIN X-Aggregate-Auth: 1 HTTP body chunked (-2) < <?xml version="1.0" encoding="UTF-8"?> < <config-auth client="vpn" type="auth-request"> < <opaque is-for="sg"> < <tunnel-group>TernaAnyConnect</tunnel-group> < <group-alias>VPNAnyConnect</group-alias> < <config-hash>1518074870349</config-hash> < </opaque> < <auth id="main"> < <title>Login</title> < <message>Please enter your username and password.</message> < <banner></banner> < <error id="83" param1="" param2="">Login denied, unauthorized connection mechanism, contact your administrator.</error> < <form> < <input type="text" name="username" label="Username:"></input> < <input type="password" name="password" label="Password:"></input> < <select name="group_list" label="GROUP:"> < <option selected="true">VPNAnyConnect</option> < <option>trn</option> < </select> < </form> < </auth> < </config-auth> Login denied, unauthorized connection mechanism, contact your administrator. Please enter your username and password. Username:myusername Password: POST https://xxx.xxx.xxx.150/ > POST / HTTP/1.1 > Host: xxx.xxx.xxx.150 > User-Agent: Open AnyConnect VPN Agent v7.08 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > X-Aggregate-Auth: 1 > X-AnyConnect-Platform: linux-64 > X-Support-HTTP-Auth: true > X-Pad: 000000000000000 > Content-Type: application/x-www-form-urlencoded > Content-Length: 433 > > <?xml version="1.0" encoding="UTF-8"?> > <config-auth client="vpn" type="auth-reply"><version who="vpn">v7.08</version><device-id>linux-64</device-id><opaque is-for="sg"> > <tunnel-group>TernaAnyConnect</tunnel-group> > <group-alias>VPNAnyConnect</group-alias> > <config-hash>1518074870349</config-hash> > </opaque><auth><username>myusername</username><password>terna$023</password></auth><group-select>VPNAnyConnect</group-select></config-auth> Got HTTP response: HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Cache-Control: no-cache Pragma: no-cache Connection: Keep-Alive Date: Thu, 16 Aug 2018 20:03:13 GMT X-Frame-Options: SAMEORIGIN X-Aggregate-Auth: 1 HTTP body chunked (-2) < <?xml version="1.0" encoding="UTF-8"?> < <config-auth client="vpn" type="auth-request"> < <opaque is-for="sg"> < <tunnel-group>TernaAnyConnect</tunnel-group> < <group-alias>VPNAnyConnect</group-alias> < <config-hash>1518074870349</config-hash> < </opaque> < <auth id="main"> < <title>Login</title> < <message>Please enter your username and password.</message> < <banner></banner> < <error id="83" param1="" param2="">Login denied, unauthorized connection mechanism, contact your administrator.</error> < <form> < <input type="text" name="username" label="Username:"></input> < <input type="password" name="password" label="Password:"></input> < <select name="group_list" label="GROUP:"> < <option selected="true">VPNAnyConnect</option> < <option>trn</option> < </select> < </form> < </auth> < </config-auth> Login denied, unauthorized connection mechanism, contact your administrator. Please enter your username and password. -------------- next part -------------- alessandro at stefania-VPCEH2N1E:~$ sudo openconnect --dump --os=android xxx.xxx.xxx.150 POST https://xxx.xxx.xxx.150/ Attempting to connect to server xxx.xxx.xxx.150:443 Connected to xxx.xxx.xxx.150:443 SSL negotiation with xxx.xxx.xxx.150 Server certificate verify failed: signer not found Certificate from VPN server "xxx.xxx.xxx.150" failed verification. Reason: signer not found To trust this server in future, perhaps add this to your command line: --servercert sha256:34971885c60017dfc2a8c6b582386cac93485d968d2b863bb6d0dd845ac76cf7 Enter 's?' to accept, 'no' to abort; anything else to view: s? Connected to HTTPS on xxx.xxx.xxx.150 > POST / HTTP/1.1 > Host: xxx.xxx.xxx.150 > User-Agent: Open AnyConnect VPN Agent v7.08 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > X-Aggregate-Auth: 1 > X-AnyConnect-Platform: android > X-Support-HTTP-Auth: true > X-AnyConnect-Identifier-ClientVersion: v7.08 > X-AnyConnect-Identifier-Platform: android > X-AnyConnect-Identifier-PlatformVersion: 1.0 > X-AnyConnect-Identifier-DeviceType: android > X-AnyConnect-Identifier-Device-UniqueID: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > X-Pad: 00000000000000 > Content-Type: application/x-www-form-urlencoded > Content-Length: 306 > > <?xml version="1.0" encoding="UTF-8"?> > <config-auth client="vpn" type="init"><version who="vpn">v7.08</version><device-id platform-version="1.0" device-type="android" unique-id="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA">android</device-id><group-access>https://xxx.xxx.xxx.150</group-access></config-auth> Got HTTP response: HTTP/1.0 302 Object Moved Content-Type: text/html; charset=utf-8 Content-Length: 0 Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Thu, 16 Aug 2018 20:12:27 GMT X-Frame-Options: SAMEORIGIN Location: /+webvpn+/index.html Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure HTTP body length: (0) GET https://xxx.xxx.xxx.150/ Attempting to connect to server xxx.xxx.xxx.150:443 Connected to xxx.xxx.xxx.150:443 SSL negotiation with xxx.xxx.xxx.150 Server certificate verify failed: signer not found Connected to HTTPS on xxx.xxx.xxx.150 > GET / HTTP/1.1 > Host: xxx.xxx.xxx.150 > User-Agent: Open AnyConnect VPN Agent v7.08 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > X-Support-HTTP-Auth: true > X-AnyConnect-Identifier-ClientVersion: v7.08 > X-AnyConnect-Identifier-Platform: android > X-AnyConnect-Identifier-PlatformVersion: 1.0 > X-AnyConnect-Identifier-DeviceType: android > X-AnyConnect-Identifier-Device-UniqueID: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > Got HTTP response: HTTP/1.0 302 Object Moved Content-Type: text/html; charset=utf-8 Content-Length: 0 Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Thu, 16 Aug 2018 20:12:27 GMT X-Frame-Options: SAMEORIGIN Location: /+webvpn+/index.html Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure HTTP body length: (0) GET https://xxx.xxx.xxx.150/+webvpn+/index.html SSL negotiation with xxx.xxx.xxx.150 Server certificate verify failed: signer not found Connected to HTTPS on xxx.xxx.xxx.150 > GET /+webvpn+/index.html HTTP/1.1 > Host: xxx.xxx.xxx.150 > User-Agent: Open AnyConnect VPN Agent v7.08 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > X-Support-HTTP-Auth: true > X-AnyConnect-Identifier-ClientVersion: v7.08 > X-AnyConnect-Identifier-Platform: android > X-AnyConnect-Identifier-PlatformVersion: 1.0 > X-AnyConnect-Identifier-DeviceType: android > X-AnyConnect-Identifier-Device-UniqueID: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnlogin=1; secure X-Frame-Options: SAMEORIGIN X-Transcend-Version: 1 HTTP body chunked (-2) < <?xml version="1.0" encoding="UTF-8"?> < <auth id="main"> < <title>SSL VPN Service</title> < <ca status="disabled" href="/+CSCOCA+/login.html" /> < < < < <banner></banner> < <message>Please enter your username and password.</message> < < < <form method="post" action="/+webvpn+/index.html"> < < <input type="text" name="username" label="Username:" /> < <input type="password" name="password" label="Password:" /> < < < <select name="group_list" label="GROUP:"> < <option value="TernaAnyConnect" noaaa="0" >VPNAnyConnect</option><option value="trn" noaaa="0" >trn</option></select> < < <input type="submit" name="Login" value="Login" /> < <input type="reset" name="Clear" value="Clear" /> < < < </form> < </auth> < Please enter your username and password. GROUP: [VPNAnyConnect|trn]:VPNAnyConnect Please enter your username and password. Username:myusername Password: POST https://xxx.xxx.xxx.150/+webvpn+/index.html > POST /+webvpn+/index.html HTTP/1.1 > Host: xxx.xxx.xxx.150 > User-Agent: Open AnyConnect VPN Agent v7.08 > Cookie: webvpnlogin=1 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > X-Support-HTTP-Auth: true > X-AnyConnect-Identifier-ClientVersion: v7.08 > X-AnyConnect-Identifier-Platform: android > X-AnyConnect-Identifier-PlatformVersion: 1.0 > X-AnyConnect-Identifier-DeviceType: android > X-AnyConnect-Identifier-Device-UniqueID: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA > X-Pad: 0000000000000000000000000000000000000000000000000000000000000000 > Content-Type: application/x-www-form-urlencoded > Content-Length: 64 > > group_list=TernaAnyConnect&username=myusername&password=terna%24023 Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnlogin=1; secure X-Frame-Options: SAMEORIGIN X-Transcend-Version: 1 HTTP body chunked (-2) < <?xml version="1.0" encoding="UTF-8"?> < <auth id="main"> < <title>SSL VPN Service</title> < <ca status="disabled" href="/+CSCOCA+/login.html" /> < < < < <banner></banner> < <message>Please enter your username and password.</message> < < < <error id="89" param1="" param2="">AnyConnect is not enabled on the VPN server</error> < <form method="post" action="/+webvpn+/index.html"> < < <input type="text" name="username" label="Username:" /> < <input type="password" name="password" label="Password:" /> < < < <select name="group_list" label="GROUP:"> < <option value="TernaAnyConnect" noaaa="0" >VPNAnyConnect</option><option value="trn" noaaa="0" >trn</option></select> < < <input type="submit" name="Login" value="Login" /> < <input type="reset" name="Clear" value="Clear" /> < < < </form> < </auth> < AnyConnect is not enabled on the VPN server Please enter your username and password. Username:
