On Fri, Oct 5, 2018 at 12:01 PM Ray Lambert <codemonkey at interthingy.net> wrote: > > On 10/5/18 2:22 PM, David Woodhouse wrote: > > OK so the patch works. You see TOKEN_SUCCESS when you post a resposer > > regardless of whether it's acceptable or not. You have more work to do, to > > work out what the real hostscan would be asking for and what the correct > > answers are. > > Okay, thanks for confirming. > > Do you have any pointers on figuring out what hostscan wants to see? I don't > have access to a working one that I peek at. Corey Gilks wrote a tool that tries to figure out what your VPN's hostscan wants to receive: https://github.com/Gilks/hostscan-bypass You might want to see this thread from August: http://lists.infradead.org/pipermail/openconnect-devel/2018-August/005024.html "In some cases hostscan can be looking for the existence of specific registry keys or software. Without the correct values the connection may be rejected. On the other hand, failure to provide the correct values may result in a successful connection but could result in being placed in a restricted vlan. It really comes down to how the administrators configured hostscan. If you find yourself in a scenario where the static CSD files (such as the one you linked) are not allowing you to connect then you will need to MITM the correct values from an AnyConnect client. That's where hostscan-bypass comes in handy!"
