Hi Daniel, I've seen this section you refer, however it seams not applicable with the server setup I'm going to connect to. I run the authentication as below and get the verbose output added too. openconnect -vvv --authenticate --user="MyVPNUserName" --key-password="MyVPNPassword" https://remote.vpnserver.de/sdla-ras POST https://remote.vpnserver.de/sdla-ras Attempting to connect to server x.x.x.x:443 Connected to x.x.x.x:443 SSL negotiation with remote.vpnserver.de Connected to HTTPS on remote.vpnserver.de Got HTTP response: HTTP/1.1 200 OK Date: Wed, 03 Jul 2019 18:24:41 GMT X-Powered-By: PHP/5.3.3 Content-Length: 3251 Connection: close Content-Type: text/html; charset=ISO-8859-1 Set-Cookie: TS01a3b48b=0195ed2da377ae286d8c5ab0ec5c6334cd6a0fbf0dcda86a6edb782ff7251c53e1ef573ffaac67f82d02b56c6753f3180a5a1032f0; Path=/ HTTP body length: (3251) XML response has no "auth" node GET https://remote.vpnserver.de/sdla-ras Attempting to connect to server x.x.x.x:443 Connected to x.x.x.x:443 SSL negotiation with remote.vpnserver.de Connected to HTTPS on remote.vpnserver.de Got HTTP response: HTTP/1.1 200 OK Date: Wed, 03 Jul 2019 18:24:41 GMT X-Powered-By: PHP/5.3.3 Content-Length: 3251 Connection: close Content-Type: text/html; charset=ISO-8859-1 Set-Cookie: TS01a3b48b=0195ed2da377ae286d8c5ab0ec5c6334cd6a0fbf0dcda86a6edb782ff7251c53e1ef573ffaac67f82d02b56c6753f3180a5a1032f0; Path=/ HTTP body length: (3251) XML response has no "auth" node Failed to obtain WebVPN cookie As told before, the Authentication process has been defined absolutely independent and could be started from a different device. At the end, even the Cookie is not required to connect by openconnect - I just need to refer a server and a client certificate. openconnect --certificate=clientcert.p12 --cafile=Server.crt gateway.vpnserver.de Best Regards Steffen Löser -----Ursprüngliche Nachricht----- Von: Daniel Lenski [mailto:dlenski@xxxxxxxxx] Gesendet: Montag, 1. Juli 2019 16:31 An: Steffen Loeser Cc: openconnect-devel Betreff: Re: Skipt Phase 1 when connecting using openconnect On Fri, Jun 28, 2019 at 4:45 AM Steffen Loeser <s.loeser@xxxxxxxxx> wrote: > Unfortunately I could not find any option to skip phase one with openconnect. With the official client of Cisco it is working. Take a look at the manual (https://www.infradead.org/openconnect/manual.html), in particular the --authenticate and --cookie options. In brief, you can use the --authenticate option to do the authentication phase only, capture the resulting cookie, and then use the --cookie or --cookie-on-stdin options to pass in that cookie and do the connection/tunnel phase separately. Dan _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
