On Wed, 2019-12-04 at 14:40 -0500, James Ralston wrote: > I took the new Pulse Connect Secure support (thanks David!) for a > spin, on Fedora 31, using the system default openconnect-8.05-1.fc31 > package. Our Pulse server requires Duo MFA. > > When testing a connection, after I supply my username/password, I am > prompted for a secondary authentication code. After entering "push" > (which pushes an approval request to my phone), and approving the push > request on my phone, openconnect immediately dies with this error > message: > > Unhandled Pulse authentication packet, or authentication failure > > …followed by 3 lines of hex-dumped data. > > Is this a known issue? If not, is there anything I can do to help get > this working? (I’m a Fedora packager, and am familiar with GitHub, > GitLab, et. al., so I can easily pluck commits off of development > branches and test them locally.) > > Scanning the full log (including the entire hex dump), I clearly see > my username/password in plaintext, so I’m not sure if there’s any > other sensitive data that might be in there. But if the > username/password is the only sensitive data, I can excise that, and > send the full log. Yes please, we need to see the full log with the username/password elided — including the hex version not just the plain text on the right! If you put it into a gitlab issue at https://gitlab.com/openconnect/openconnect/issues then it's less likely to get lost. Apologies for the delayed response. If you can also set up a MITM proxy like http://david.woodhou.se/proxy.go and convince the official client to connect through it, that would show us the expected response... although we might be able to guess.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
