Hi Tim, This is the right approach to investigating and experimenting here. Nicely done. In brief, the "Server response to hostname packet is error 0x08" error means that NC mode is disabled and only Pulse mode is allowed: https://gitlab.com/openconnect/openconnect/issues/42 If your network admins are actually responsive and helpful, they should enable the legacy Juniper/NC/oNCP mode, because it's better supported by OpenConnect. You should also try Pulse mode again *without* the URL path suffix (no `/dana/home/index.cgi#`). It's a bit complicated to explain why, but suffice it to say that even if you end up at this URL in the browser, you probably don't want it when connecting via Pulse mode: $ openconnect -C "DSID=aLongStringOfChars" --protocol=pulse myWorkplace.server.serv -v --os=win However, no guarantees that Pulse mode will work. It's experimental and incomplete. Getting the admins to enable the legacy Juniper mode would be a big advantage, if you can explain the issue to them, and they understand how to do it. -Dan On Sun, Mar 29, 2020 at 5:32 AM Tim Howard <tghoward@xxxxxxxxx> wrote: > > Dear all, > My employer has made it so we can access our at-work workstations from > home during this coronavirus emergency. We are hoping openconnect can > help us accomplish this with linux and mac systems. I *think* I'm > getting close with Ubuntu. > > Behavior under Windows 10: > 1. Browse to initial website > 2. login with RSA token (email and token) > 3. login with regular email and pwd > 4. I am provided with a webpage with a link to my workstation. I click > on the link and am given the option to "open pulse secure application > launcher". > 5. login with computer/workstation credentials > 6. A Remote Desktop session opens. Although it looks and behaves just > like a Windows RDP, it is named "Pulse Secure Terminal Services > Client" > > What I have done: > (my system: Ubuntu 18.04.4 LTS) > A. built and installed latest openconnect. Details: > $ openconnect -V > OpenConnect version v8.05-95-gbc3f3891 > Using GnuTLS. Features present: PKCS#11, RSA software token, HOTP > software token, TOTP software token, System keys, DTLS, ESP > Supported protocols: anyconnect (default), nc, gp, pulse > > B. Follow steps 1-4, above to get to webpage with link to launcher. > (If I click on the link I get "... system not supported") > C. get DSID cookie from this web page manually. > > D. My connection attempts (url and IP addresses obscured): > $ openconnect -C "DSID=aLongStringOfChars" --protocol=pulse > myWorkplace.server.serv/dana/home/index.cgi# -v --os=win > Attempting to connect to server 123.123.123.233:443 > Connected to 123.123.123.233:443 > SSL negotiation with myWorkplace.server.serv > Connected to HTTPS on myWorkplace.server.serv > Got HTTP response: HTTP/1.1 404 Not Found > Transfer-Encoding: chunked > Strict-Transport-Security: max-age=31536000 > HTTP body chunked (-2) > Unexpected 404 result from server > Creating SSL connection failed > > $ openconnect -C "DSID=aLongStringOfChars" --protocol=nc > myWorkplace.server.serv/dana/home/index.cgi# -v --os=win > Attempting to connect to server 123.123.123.233:443 > Connected to 123.123.123.233:443 > SSL negotiation with myWorkplace.server.serv > Connected to HTTPS on myWorkplace.server.serv > Got HTTP response: HTTP/1.1 200 OK > Content-type: application/octet-stream > Pragma: no-cache > NCP-Version: 3 > Set-Cookie: DSLastAccess=1585484438; path=/; Secure > Connection: close > X-Frame-Options: SAMEORIGIN > Strict-Transport-Security: max-age=31536000 > > 0000: 1f 00 00 04 00 00 00 12 00 74 69 6d 2d 54 68 69 |.........tim-Thi| > > 0010: 6e 6b 50 61 64 2d 54 34 34 30 73 bb 01 00 00 00 |nkPad-T440s.....| > > 0020: 00 |.| > Server response to hostname packet is error 0x08 > Creating SSL connection failed > > > I realize that I'm not defining my workstation address anywhere. Any > suggestions on how to take the next step? How might I get all the way > through to a remote desktop session? I use Remmina successfully for > other remote sites. > Thank you! > Tim > > _______________________________________________ > openconnect-devel mailing list > openconnect-devel@xxxxxxxxxxxxxxxxxxx > http://lists.infradead.org/mailman/listinfo/openconnect-devel _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
