On 03/06/18 16:56, Daniel Lenski wrote: > On Sun, Jun 3, 2018 at 4:27 AM, Stephen Davies <sdavies at sdc.com.au> wrote: >> On 02/06/18 18:50, Daniel Lenski wrote: >>> On Sat, Jun 2, 2018 at 11:00 AM, Stephen Davies <sdavies at sdc.com.au> >>> wrote: >> Down with paranoia! >> >> I love simple solutions like this but unfortunately, it did not work for me. >> >> I added --useragent="Cisco AnyConnect VPN Agent for Windows 4.6.01098" to my >> command line and then to my config file but neither made any difference to >> the output. >> >> I tried 7.06 (from Centos 7) and 7.08 built here with OpenSSL 1.1.0h. >> >> The results were the same except that 7.08 gave additional messages re the >> issuer certificate. >> >> I then managed to find that the Windoze AnyConnect client that they use is >> 4.2.01035 so I tried that in the useragent but still no joy. >> >> Is there something different in that old version of AnyConnect? > Drat! I was excessively confident about the correct solution there. > > 1. What exactly is in your config file? > 2. If you run `openconnect --dump -vvvv`, you should get a ton of > additional information that helps pinpoint exactly where the server > decides it doesn't like your client. > > Dan Here is the debug output:[root at se5 ~]# openconnect -vvvv --config=/etc/openconnect.conf --useragent="Cisco AnyConnect VPN Agent for Windows 4.2.01035" remotehost POST https://remotehost/vendor Attempting to connect to server 1.2.3.4:443 SSL negotiation with remotehost Connected to HTTPS on remotehost Got HTTP response: HTTP/1.1 404 Not Found Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Sun, 03 Jun 2018 10:22:24 GMT X-Frame-Options: SAMEORIGIN HTTP body http 1.0 (-1) SSL socket closed uncleanly Unexpected 404 result from server GET https://remotehost/vendor Attempting to connect to server 1.2.3.4:443 SSL negotiation with remotehost Connected to HTTPS on remotehost Got HTTP response: HTTP/1.0 302 Temporary moved Set-Cookie: tg=string; path=/; secure Content-Length: 0 Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Sun, 03 Jun 2018 10:22:24 GMT X-Frame-Options: SAMEORIGIN Location: /+webvpn+/index.html HTTP body length:? (0) GET https://remotehost/+webvpn+/index.html SSL negotiation with remotehost Connected to HTTPS on remotehost Got HTTP response: HTTP/1.1 301 Moved Permanently X-Transcend-Version: 1 Location: https://remotehost/+CSCOU+/anyconnect_unsupported_version.html Content-Type: text/html Content-Length: 0 HTTP body length:? (0) GET https://remotehost/+CSCOU+/anyconnect_unsupported_version.html Got HTTP response: HTTP/1.1 200 OK Content-Type: text/xml Transfer-Encoding: chunked Cache-Control: no-cache Pragma: no-cache Connection: Keep-Alive Date: Sun, 03 Jun 2018 10:22:24 GMT X-Frame-Options: SAMEORIGIN HTTP body chunked (-2) Please upgrade your AnyConnect Client Failed to obtain WebVPN cookie Here is the config file: [root at se5 ~]# cat /etc/openconnect.conf usergroup=gggg user=xxxx interface=tun0 Cheers, Stephen
