Here it is with -vv and set -x: > + sh connect.sh > [sudo] password for <USER>: > POST https://<HOSTNAME>/ > Attempting to connect to server <ADDRESS>:<PORT> > Connected to <ADDRESS>:<PORT> > SSL negotiation with <HOSTNAME> > Server certificate verify failed: signer not found > Connected to HTTPS on <HOSTNAME> > Got HTTP response: HTTP/1.1 200 OK > Content-Type: text/html; charset=utf-8 > Transfer-Encoding: chunked > Cache-Control: no-cache > Pragma: no-cache > Connection: Keep-Alive > Date: Mon, 08 Oct 2018 11:33:07 GMT > X-Frame-Options: SAMEORIGIN > X-Aggregate-Auth: 1 > HTTP body chunked (-2) > XML POST enabled > GET https://<HOSTNAME>/+CSCOE+/sdesktop/wait.html > --2018-10-08 04:33:07-- https://<HOSTNAME>/CACHE/sdesktop/hostscan/linux_x64/manifest > Resolving <HOSTNAME> (<HOSTNAME>)... Got HTTP response: HTTP/1.1 200 OK > Content-Type: text/html; charset=utf-8 > Transfer-Encoding: chunked > Cache-Control: no-cache > Pragma: no-cache > Connection: Close > Date: Mon, 08 Oct 2018 11:33:07 GMT > X-Frame-Options: SAMEORIGIN > HTTP body chunked (-2) > Refreshing +CSCOE+/sdesktop/wait.html after 1 second... > <ADDRESS> > Connecting to <HOSTNAME> (<HOSTNAME>)|<ADDRESS>|:<PORT>... connected. > WARNING: The certificate of ?<HOSTNAME>? is not trusted. > WARNING: The certificate of ?<HOSTNAME>? hasn't got a known issuer. > HTTP request sent, awaiting response... 200 OK > > The file is already fully retrieved; nothing to do. > > Got 6 files in manifes, locally found 6 > /home/<USER>/.cisco/hostscan/bin/cscan: OK > /home/<USER>/.cisco/hostscan/bin/cstub: OK > /home/<USER>/.cisco/hostscan/lib/libcsd.so: OK > /home/<USER>/.cisco/hostscan/lib/libhostscan.so: OK > /home/<USER>/.cisco/hostscan/lib/libinspector.so: OK > /home/<USER>/.cisco/hostscan/lib/tables.dat: OK > Launching: /home/<USER>/.cisco/hostscan/bin/cstub -log error -ticket "<TICKET>" -stub "0" -group "" -host "https://<HOSTNAME>/CACHE" -certhash "<CERTHASH>:" > No value set for `/system/proxy/secure_host' > No value set for `/system/http_proxy/host' > GET https://<HOSTNAME>/+CSCOE+/sdesktop/wait.html > SSL negotiation with <HOSTNAME> > Server certificate verify failed: signer not found > Connected to HTTPS on <HOSTNAME> > Got HTTP response: HTTP/1.1 200 OK > Content-Type: text/html; charset=utf-8 > Transfer-Encoding: chunked > Cache-Control: no-cache > Pragma: no-cache > Connection: Close > Date: Mon, 08 Oct 2018 11:33:09 GMT > X-Frame-Options: SAMEORIGIN > HTTP body chunked (-2) > Refreshing +CSCOE+/sdesktop/wait.html after 1 second... > GET https://<HOSTNAME>/+CSCOE+/sdesktop/wait.html > SSL negotiation with <HOSTNAME> > Server certificate verify failed: signer not found > Connected to HTTPS on <HOSTNAME> > Got HTTP response: HTTP/1.1 200 OK > Content-Type: text/html; charset=utf-8 > Transfer-Encoding: chunked > Cache-Control: no-cache > Pragma: no-cache > Connection: Close > Date: Mon, 08 Oct 2018 11:33:10 GMT > X-Frame-Options: SAMEORIGIN > HTTP body chunked (-2) > Refreshing +CSCOE+/sdesktop/wait.html after 1 second... > GET https://<HOSTNAME>/+CSCOE+/sdesktop/wait.html > SSL negotiation with <HOSTNAME> > Server certificate verify failed: signer not found > Connected to HTTPS on <HOSTNAME> > Got HTTP response: HTTP/1.1 200 OK > Content-Type: text/html; charset=utf-8 > Transfer-Encoding: chunked > Cache-Control: no-cache > Pragma: no-cache > Connection: Close > Date: Mon, 08 Oct 2018 11:33:11 GMT > X-Frame-Options: SAMEORIGIN > HTTP body chunked (-2) > Refreshing +CSCOE+/sdesktop/wait.html after 1 second... > GET https://<HOSTNAME>/+CSCOE+/sdesktop/wait.html > SSL negotiation with <HOSTNAME> > Server certificate verify failed: signer not found > Connected to HTTPS on <HOSTNAME> > Got HTTP response: HTTP/1.1 200 OK > Content-Type: text/html; charset=utf-8 > Transfer-Encoding: chunked > Cache-Control: no-cache > Pragma: no-cache > Connection: Close > Date: Mon, 08 Oct 2018 11:33:12 GMT > X-Frame-Options: SAMEORIGIN > HTTP body chunked (-2) > Refreshing +CSCOE+/sdesktop/wait.html after 1 second... On Wed, Oct 03, 2018 at 04:18:55AM -0700, Neil E. Hodges wrote: > Hello, > > I've been trying to connect to my workplace's VPN for the first time all > morning and haven't had much luck: it just spins in "refreshing > ...wait.html after 1 second" indefinitely. Here's the script I've put > together based on everything I've found: > > > exec sudo openconnect \ > > --user <USERNAME> \ > > --cert-expire-warning 15 \ > > --servercert '<CERTKEY>' \ > > --os win \ > > --csd-user <USERNAME> \ > > --csd-wrapper '/usr/local/bin/csd-wrapper.sh' \ > > https://<HOSTNAME> > > The --servercert argument is what openconnect told me to set it as after > the first time, and csd-wrapper.sh has been updated with the > CSD_HOSTNAME=<HOSTNAME>. The log output is at the bottom of this > message. > > I've heard folks saying that if the VPN admins disable Linux support, a > different certificate is needed, and that they grabbed the certificate > from a Windows box via JailBreak. I have JailBreak installed and a > Windows box that has connected to the same VPN host, but I have no idea > what to look for in the certificate store. Does this seem like it might > help? If so, where in the certificate store should I look, and what > should I look for with respect to the certificate name? If not, what > else should I try? > > Here's the version info. It's on a Debian 9.5 system that was just set > up a few days ago. > > > OpenConnect version v7.08 > > Using GnuTLS. Features present: PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS > > Thank you, > > - Neil > > > POST https://<HOSTNAME>/ > > Connected to <SERVER_IP>:443 > > SSL negotiation with <HOSTNAME> > > Server certificate verify failed: signer not found > > Connected to HTTPS on <HOSTNAME> > > XML POST enabled > > GET https://<HOSTNAME>/+CSCOE+/sdesktop/wait.html > > --2018-10-03 04:07:56-- https://<HOSTNAME>/CACHE/sdesktop/hostscan/linux_x64/manifest > > Resolving <HOSTNAME> (<HOSTNAME>)... <SERVER_IP> > > Connecting to <HOSTNAME> (<HOSTNAME>)|<SERVER_IP>|:443... Refreshing +CSCOE+/sdesktop/wait.html after 1 second... > > connected. > > WARNING: The certificate of ?<HOSTNAME>? is not trusted. > > WARNING: The certificate of ?<HOSTNAME>? hasn't got a known issuer. > > HTTP request sent, awaiting response... 200 OK > > > > The file is already fully retrieved; nothing to do. > > > > Got 6 files in manifes, locally found 6 > > /home/<USERNAME>/.cisco/hostscan/bin/cscan: OK > > /home/<USERNAME>/.cisco/hostscan/bin/cstub: OK > > /home/<USERNAME>/.cisco/hostscan/lib/libcsd.so: OK > > /home/<USERNAME>/.cisco/hostscan/lib/libhostscan.so: OK > > /home/<USERNAME>/.cisco/hostscan/lib/libinspector.so: OK > > /home/<USERNAME>/.cisco/hostscan/lib/tables.dat: OK > > Launching: /home/<USERNAME>/.cisco/hostscan/bin/cstub -log error -ticket "<TICKET>" -stub "0" -group "" -host "https://<HOSTNAME>/CACHE" -certhash "<CERTHASH>" > > No value set for `/system/proxy/secure_host' > > No value set for `/system/http_proxy/host' > > GET https://<HOSTNAME>/+CSCOE+/sdesktop/wait.html > > SSL negotiation with <HOSTNAME> > > Server certificate verify failed: signer not found > > Connected to HTTPS on <HOSTNAME> > > Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
