> On Wed, Mar 25, 2020 at 9:53 PM Daniel Lenski <dlenski@xxxxxxxxx> wrote: > > > > I can connect successfully to my company's cisco vpn like this: > > > > echo '<password>' | sudo openconnect --csd-user=john --csd-wrapper=/home/john/cisco/csd-post.sh --user=johnid --authgroup=MyCoGroup --no-xmlpost --os=android --passwd-on-stdin mcra.mclaneco.com > > > > But if I try to set it up using the Network Manager GUI (including the csd-post.sh wrapper) I end up getting an error like this: > > GET https://vpn.mycompany.com/CACHE/sdesktop/install/binaries/sfinst > > Got HTTP response: HTTP/1.1 404 Not Found > > > > I believe I overcame this issue on command line by adding --os=android. > > But I cannot seem to find how to achieve that thru the GUI settings. > > I found a settings file in /etc/NetworkManager/system-connections but the settings there don't correspond to the command line flags. > > > > Is there any setting somewhere I can do this? Any other suggestions? > > Thank you! > > John > Although the OpenConnect API/library has a `set_reported_os` function, > the NetworkManager GUI doesn't (yet) offer the ability to use it. (The > NM GUI is in general fairly limited in the options it offers… it's > fairly hard to keep up with changes to the CLI and library.) > > Any other suggestions? > What happens if you connect from the command line *without* adding > `--os=android`? > echo '<password>' | sudo openconnect --csd-user=john > --csd-wrapper=/home/john/cisco/csd-post.sh --user=johnid > --authgroup=MyCoGroup --no-xmlpost --passwd-on-stdin mcra.mclaneco.com > --dump -vvv > Do the detailed logs (`--dump -vvv`) shed any light on what's going on? > I suspect that your csd-post.sh script may be overly tailored for > Android. If you haven't already, you may want to try the latest > version from the development repository > (https://gitlab.com/openconnect/openconnect/-/blob/master/trojans/csd-post.sh), > in which David has added the ability for the script to try to figure > out what information the server *wants* it to send, much like what we > think the Cisco hostscan actually does. > Dan > Without the --os=android I get the error GET https://vpn.mycompany.com/CACHE/sdesktop/install/binaries/sfinst Got HTTP response: HTTP/1.1 404 Not Found The entire log is below, sorry if it's bigger than allowed here. I got the csd-post.sh from that exact URL earlier last evening. Thanks for your help! John Log with --dump -vvv john@mint:~$ echo '<pswd>' | sudo openconnect --csd-user=john --csd-wrapper=/home/john/cisco/csd-post.sh --user=jclonts --authgroup=MyCo_MAC --no-xmlpost --dump -vvv --passwd-on-stdin vpn.mycompany.com [sudo] password for john: GET https://vpn.mycompany.com/ Attempting to connect to server 198.160.58.42:443 Connected to 198.160.58.42:443 SSL negotiation with vpn.mycompany.com Connected to HTTPS on vpn.mycompany.com > GET / HTTP/1.1 > Host: vpn.mycompany.com > User-Agent: Open AnyConnect VPN Agent v7.08-3ubuntu0.18.04.1 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > X-Support-HTTP-Auth: true > Got HTTP response: HTTP/1.0 302 Object Moved Content-Type: text/html; charset=utf-8 Content-Length: 0 Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Fri, 27 Mar 2020 00:38:48 GMT X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000; includeSubDomains Location: /+webvpn+/index.html Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure HTTP body length: (0) GET https://vpn.mycompany.com/+webvpn+/index.html SSL negotiation with vpn.mycompany.com Connected to HTTPS on vpn.mycompany.com > GET /+webvpn+/index.html HTTP/1.1 > Host: vpn.mycompany.com > User-Agent: Open AnyConnect VPN Agent v7.08-3ubuntu0.18.04.1 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > X-Support-HTTP-Auth: true > Got HTTP response: HTTP/1.1 200 OK Strict-Transport-Security: max-age=31536000; includeSubDomains Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpn_as=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnlogin=1; secure X-Frame-Options: SAMEORIGIN X-Transcend-Version: 1 HTTP body chunked (-2) < <?xml version="1.0" encoding="UTF-8"?> < <!-- < Copyright (c) 2013, 2018 by Cisco Systems, Inc. < All rights reserved. < --> < <auth id="main"> < <title>SSL VPN Service</title> < <ca status="disabled" href="/+CSCOCA+/login.html" /> < < <csd token="6D98F33B40B9C5CA494D1D35" ticket="3A9674966B3F57B15EDDBA58" /> < <csd stuburl="/CACHE/sdesktop/install/binaries/inst.exe" preloginurl="/CACHE/sdesktop/install/binaries/cache.jar" preloginname="CSDPreLogin" starturl="/CACHE/sdesktop/install/result.htm" waiturl="/+CSCOE+/sdesktop/wait.html" /><csdMac stuburl="/CACHE/sdesktop/install/binaries/sfinst" starturl="/CACHE/sdesktop/install/result.htm" waiturl="/+CSCOE+/sdesktop/wait.html" /><csdLinux stuburl="/CACHE/sdesktop/install/binaries/sfinst" starturl="/CACHE/sdesktop/install/result.htm" waiturl="/+CSCOE+/sdesktop/wait.html" /> < <banner></banner> < <message>Please enter your username and password.</message> < < < <form method="post" action="/+webvpn+/index.html"> < < <input type="text" name="username" label="Username:" /> < <input type="password" name="password" label="Password:" /> < < < <select name="group_list" label="GROUP:"> < <option value="MyCo" noaaa="0" >MyCo</option><option value="Special_Login" noaaa="0" >MyCo_MAC</option><option value="Special_Access" noaaa="0" >Special_Access</option></select> < < <input type="submit" name="Login" value="Login" /> < <input type="reset" name="Clear" value="Clear" /> < < < </form> < </auth> < GET https://vpn.mycompany.com/CACHE/sdesktop/install/binaries/sfinst > GET /CACHE/sdesktop/install/binaries/sfinst HTTP/1.1 > Host: vpn.mycompany.com > User-Agent: Open AnyConnect VPN Agent v7.08-3ubuntu0.18.04.1 > Cookie: webvpnlogin=1 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > X-Support-HTTP-Auth: true > Got HTTP response: HTTP/1.1 404 Not Found Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Fri, 27 Mar 2020 00:38:48 GMT X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000; includeSubDomains HTTP body http 1.0 (-1) SSL socket closed uncleanly < File not found Unexpected 404 result from server Failed to obtain WebVPN cookie john@mint:~$ _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
