On Sat, Jun 2, 2018 at 11:00 AM, Stephen Davies <sdavies at sdc.com.au> wrote: > I am trying to connect to a client's VPN with openconnect. > > I successfully used openconnect to this site two years ago but obviously > things have changed since then. > > I have tried with the version provided by Centos 7 and with versions > compiled here with several different OpenSSL releases but to no avail. > > Here is what I see (edited to protect the innocent): > > [root at se5 ~]# openconnect --config=/etc/openconnect.conf remotehost > POST https://remotehost/vendor > Attempting to connect to server 1.2.3.4:443 > SSL negotiation with remotehost > Connected to HTTPS on remotehost > Got HTTP response: HTTP/1.1 404 Not Found > Unexpected 404 result from server > GET https://remotehost/vendor > Attempting to connect to server 1.2.3.4:443 > SSL negotiation with remotehost > Connected to HTTPS on remotehost > Got HTTP response: HTTP/1.0 302 Temporary moved > GET https://remotehost/+webvpn+/index.html > SSL negotiation with remotehost > Connected to HTTPS on remotehost > Got HTTP response: HTTP/1.1 301 Moved Permanently > GET https://remotehost/+CSCOU+/anyconnect_unsupported_version.html > Please upgrade your AnyConnect Client > Failed to obtain WebVPN cookie There's nothing wrong with the new version of openconnect; it's just that the server has decided to refuse connections from clients it doesn't recognize. This kind of gratuitous incompatibility is easily bypassed by spoofing the User-Agent string of an "acceptable" client. See manual (http://www.infradead.org/openconnect/manual.html) or try something like this: --useragent ?Cisco AnyConnect VPN Agent for Windows 4.6.01098? Dan
