Hi! I'm trying to connect to our Pulse Secure VPN through openconnect. Trying different things, but with no success. Here is my Linux version and my openconnect version: casa@casa:~/Downloads/openconnect-8.07$ uname -a Linux casa 4.15.0-91-generic #92-Ubuntu SMP Fri Feb 28 11:09:48 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux casa@casa:~/Downloads/openconnect-8.07$ openconnect --version OpenConnect version v8.07 Using OpenSSL 1.0.2n 7 Dec 2017. Features present: TPM (OpenSSL ENGINE not present), HOTP software token, TOTP software token, DTLS, ESP Supported protocols: anyconnect (default), nc, gp, pulse casa@casa:~/Downloads/openconnect-8.07$ I've tried with 3 different commands, which are: 1.- openconnect https://vpnserver.com/path -c mycertificate.p12 --dump-http-traffic -vvvv 2.- openconnect https://vpnserver.com/dana-na/auth/url_132/login.cgi?realm=SARA3%20Realm -c mycertificate.p12 --dump-http-traffic -vvvv 3.- openconnect https://vpnserver.com/dana-na/auth/url_132/login.cgi?realm=SARA3%20Realm -c mycertificate.p12 --dump-http-traffic -vvvv --protocol=gp Here are the output of all 3: casa@casa:~/Downloads/openconnect-8.07$ openconnect https://vpnserver.com/path-c mycertificate.p12 --dump-http-traffic -vvvv POST https://vpnserver.com/sara3 Attempting to connect to server 2.3.4.5:443 Connected to 2.3.4.5:443 Using certificate file mycertificate.p12 Enter PKCS#12 pass phrase: Using client certificate '/CN=WHATEVER_CN/serialNumber=WHATEVER/OU=WHATEVER_OU/O=WHATEVER/L=MY_CITY/ST=MY_STATE/C=MY_COUNTRY' SSL negotiation with vpnserver.com Matched peer certificate subject name 'vpnserver.com' Connected to HTTPS on vpnserver.com with ciphersuite TLSv1.2-AES128-GCM-SHA256 > POST /pathHTTP/1.1 > Host: vpnserver.com > User-Agent: Open AnyConnect VPN Agent v8.07 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > X-Aggregate-Auth: 1 > X-AnyConnect-Platform: linux-64 > X-Support-HTTP-Auth: true > X-Pad: 0000000000000000000000000000000000000000000000 > Content-Type: application/xml; charset=utf-8 > Content-Length: 210 > > <?xml version="1.0" encoding="UTF-8"?> > <config-auth client="vpn" type="init"><version who="vpn">v8.07</version><device-id>linux-64</device-id><group-access>https://vpnserver.com/path</group-access></config-auth> Got HTTP response: HTTP/1.1 302 Found Location: /dana-na/auth/url_132/welcome.cgi Content-Type: text/html; charset=utf-8 Set-Cookie: DSSIGNIN=url_132; path=/dana-na/; expires=Thu, 31-Dec-2037 00:00:00 GMT; secure Set-Cookie: DSIVS=; path=/; expires=Thu, 01 Jan 1970 22:00:00 GMT; secure Set-Cookie: DSSignInURL=/sara3; path=/; secure Connection: close Content-Length: 0 Strict-Transport-Security: max-age=31536000 HTTP body length: (0) GET https://vpnserver.com/path Attempting to connect to server 1.2.3.4:443 Connected to 1.2.3.4:443 SSL negotiation with vpnserver.com Matched peer certificate subject name 'vpnserver.com' Connected to HTTPS on vpnserver.com with ciphersuite TLSv1.2-AES128-GCM-SHA256 > GET /pathHTTP/1.1 > Host: vpnserver.com > User-Agent: Open AnyConnect VPN Agent v8.07 > Cookie: DSSIGNIN=url_132; DSSignInURL=/sara3 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > X-Support-HTTP-Auth: true > X-Pad: 0000000000000000000000000000000000000000000000000000000000000000 > Content-Type: application/x-www-form-urlencoded > Content-Length: 0 > Got HTTP response: HTTP/1.1 302 Found Location: /dana-na/auth/url_132/welcome.cgi Content-Type: text/html; charset=utf-8 Set-Cookie: DSSIGNIN=url_132; path=/dana-na/; expires=Thu, 31-Dec-2037 00:00:00 GMT; secure Set-Cookie: DSIVS=; path=/; expires=Thu, 01 Jan 1970 22:00:00 GMT; secure Set-Cookie: DSSignInURL=/sara3; path=/; secure Connection: close Content-Length: 0 Strict-Transport-Security: max-age=31536000 HTTP body length: (0) GET https://vpnserver.com/dana-na/auth/url_132/welcome.cgi SSL negotiation with vpnserver.com Matched peer certificate subject name 'vpnserver.com' Connected to HTTPS on vpnserver.com with ciphersuite TLSv1.2-AES128-GCM-SHA256 > GET /dana-na/auth/url_132/welcome.cgi HTTP/1.1 > Host: vpnserver.com > User-Agent: Open AnyConnect VPN Agent v8.07 > Cookie: DSSIGNIN=url_132; DSSignInURL=/sara3 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > X-Support-HTTP-Auth: true > X-Pad: 0000000000000000000000000000000000000000000000000000000000000000 > Content-Type: application/x-www-form-urlencoded > Content-Length: 0 > Got HTTP response: HTTP/1.1 302 Moved Date: Mon, 06 Apr 2020 18:42:46 GMT location: /dana-na/auth/url_132/login.cgi?realm=SARA3%20Realm Pragma: no-cache Cache-Control: no-store Expires: -1 Transfer-Encoding: chunked Strict-Transport-Security: max-age=31536000 HTTP body chunked (-2) GET https://vpnserver.com/dana-na/auth/url_132/login.cgi?realm=SARA3%20Realm SSL negotiation with vpnserver.com Matched peer certificate subject name 'vpnserver.com' Connected to HTTPS on vpnserver.com with ciphersuite TLSv1.2-AES128-GCM-SHA256 > GET /dana-na/auth/url_132/login.cgi?realm=SARA3%20Realm HTTP/1.1 > Host: vpnserver.com > User-Agent: Open AnyConnect VPN Agent v8.07 > Cookie: DSSIGNIN=url_132; DSSignInURL=/sara3 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > X-Support-HTTP-Auth: true > X-Pad: 0000000000000000000000000000000000000000000000000000000000000000 > Content-Type: application/x-www-form-urlencoded > Content-Length: 0 > Server presented identical cert on rehandshake Got HTTP response: HTTP/1.1 302 Moved Set-Cookie: DSASSERTREF=x; path=/; expires=Thu, 01 Jan 1970 22:00:00 GMT; secure Set-Cookie: DSID=e88ffe2c34ae3190d903353283de5184; path=/; secure Set-Cookie: DSFirstAccess=1586198567; path=/; secure Set-Cookie: DSSIGNIN=url_132; path=/; secure Date: Mon, 06 Apr 2020 18:42:47 GMT location: /dana/home/starter0.cgi?check=yes Content-Type: text/html; charset=utf-8 Pragma: no-cache Cache-Control: no-store Expires: -1 Content-Length: 0 Strict-Transport-Security: max-age=31536000 HTTP body length: (0) Failed to obtain WebVPN cookie casa@casa:~/Downloads/openconnect-8.07$ openconnect https://vpnserver.com/dana-na/auth/url_132/login.cgi?realm=SARA3%20Realm -c mycertificate.p12 --dump-http-traffic -vvvv POST https://vpnserver.com/dana-na/auth/url_132/login.cgi?realm=SARA3%20Realm Attempting to connect to server 2.3.4.5:443 Connected to 2.3.4.5:443 Using certificate file mycertificate.p12 Enter PKCS#12 pass phrase: Using client certificate '/CN=WHATEVER_CN/serialNumber=WHATEVER/OU=WHATEVER_OU/O=WHATEVER_ORGANIZATION/L=WHATEVER_CITY/ST=WHATEVER_STATE/C=WHATEVER_COUNTRY' SSL negotiation with vpnserver.com Matched peer certificate subject name 'vpnserver.com' Connected to HTTPS on vpnserver.com with ciphersuite TLSv1.2-AES128-GCM-SHA256 > POST /dana-na/auth/url_132/login.cgi?realm=SARA3%20Realm HTTP/1.1 > Host: vpnserver.com > User-Agent: Open AnyConnect VPN Agent v8.07 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > X-Aggregate-Auth: 1 > X-AnyConnect-Platform: linux-64 > X-Support-HTTP-Auth: true > X-Pad: 0 > Content-Type: application/xml; charset=utf-8 > Content-Length: 255 > > <?xml version="1.0" encoding="UTF-8"?> > <config-auth client="vpn" type="init"><version who="vpn">v8.07</version><device-id>linux-64</device-id><group-access>https://vpnserver.com/dana-na/auth/url_132/login.cgi?realm=SARA3%20Realm</group-access></config-auth> Got HTTP response: HTTP/1.1 302 Moved location: /dana-na/auth/url_132/welcome.cgi?p=failed Content-Type: text/html; charset=utf-8 Pragma: no-cache Cache-Control: no-store Expires: -1 Transfer-Encoding: chunked Strict-Transport-Security: max-age=31536000 HTTP body chunked (-2) GET https://vpnserver.com/dana-na/auth/url_132/login.cgi?realm=SARA3%20Realm Attempting to connect to server 2.3.4.5:443 Connected to 2.3.4.5:443 SSL negotiation with vpnserver.com Matched peer certificate subject name 'vpnserver.com' Connected to HTTPS on vpnserver.com with ciphersuite TLSv1.2-AES128-GCM-SHA256 > GET /dana-na/auth/url_132/login.cgi?realm=SARA3%20Realm HTTP/1.1 > Host: vpnserver.com > User-Agent: Open AnyConnect VPN Agent v8.07 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > X-Support-HTTP-Auth: true > X-Pad: 0000000000000000000000000000000000000000000000000000000000000000 > Content-Type: application/x-www-form-urlencoded > Content-Length: 0 > Server presented identical cert on rehandshake Got HTTP response: HTTP/1.1 302 Moved location: /dana-na/auth/url_132/welcome.cgi?p=user-confirm&id=state_c209ee2832b953f41eee0fcaa750a23f Content-Type: text/html; charset=utf-8 Pragma: no-cache Cache-Control: no-store Expires: -1 Transfer-Encoding: chunked Strict-Transport-Security: max-age=31536000 HTTP body chunked (-2) GET https://vpnserver.com/dana-na/auth/url_132/welcome.cgi?p=user-confirm&id=state_c209ee2832b953f41eee0fcaa750a23f SSL negotiation with vpnserver.com Matched peer certificate subject name 'vpnserver.com' Connected to HTTPS on vpnserver.com with ciphersuite TLSv1.2-AES128-GCM-SHA256 > GET /dana-na/auth/url_132/welcome.cgi?p=user-confirm&id=state_c209ee2832b953f41eee0fcaa750a23f HTTP/1.1 > Host: vpnserver.com > User-Agent: Open AnyConnect VPN Agent v8.07 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > X-Support-HTTP-Auth: true > X-Pad: 0000000000000000000000000000000000000000000000000000000000000000 > Content-Type: application/x-www-form-urlencoded > Content-Length: 0 > Got HTTP response: HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Date: Mon, 06 Apr 2020 18:43:30 GMT Pragma: no-cache Cache-Control: no-store Expires: -1 Transfer-Encoding: chunked X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000 HTTP body chunked (-2) < < < <html> < <head> < <meta http-equiv="Content-Language"> < <meta http-equiv="Content-Type" content="text/html"> < <meta name="robots" content="none"> < <title>Portal de Acceso Seguro de la Generalitat - Confirmation</title> < <script src="/dana-na/css/ds_153a6f076602b32d1ebd933219241fc6bf4a40b96f1e0b60d8e635aa16635162.js"></script> < <script> < WriteCSS(); < </script> < <noscript> < <link rel="stylesheet" href="/dana-na/css/ds_153a6f076602b32d1ebd933219241fc6bf4a40b96f1e0b60d8e635aa16635162.css"> < </noscript> < </head> < < <body bgcolor="#FFFFFF" color="#000000" link="#3366CC" vlink="#CC6699" alink="#3366CC" leftmargin="0" topmargin="0" rightmargin="0" marginwidth="0" marginheight="0"> < < <table id="table_confirmation_1" border="0" width="100%" cellspacing="0" cellpadding="3"> < <tr> < <td bgcolor="#FFFFFF"><img border="0" src="welcome.cgi?p=logo&signinId=url_132" alt="Logo"></td> < <td bgcolor="#FFFFFF" align="right"> </td> < < </tr> < </table> < <table id="table_confirmation_2" cellpadding="0" cellspacing="0" border="0" width="100%"> < <tr> < <td bgcolor="#000000" colspan="2"><img border="0" src="/dana-na/imgs/space.gif" width="1" height="1"></td> < </tr> < </table> < < < <form id="DSIDConfirmForm" name="frmConfirmation" method="post" action="login.cgi"> < <blockquote> < <table id="table_confirmation_3" border="0" cellspacing="0" width="85%" bgcolor="#cccc99"> < <tr> < <td> < <table id="table_confirmation_4" border="0" width="100%" cellspacing="0" cellpadding="0"> < <tr> < <td><img border="0" src="/dana-na/imgs/questionmark.gif" width="21" height="20"><b> Warning </b></td> < </tr> < </table> < </td> < </tr> <tr> < <td> < <table id="table_confirmation_5" border="0" cellpadding="6" cellspacing="0" width="100%" bgcolor="#ffffcc"> < <tr> < <td><p> < <b>There are already other user sessions in progress:<b> <br><br> < <table id="table_confirmation_6" border="2" cellpadding="2" cellspacing="0"> < <tr> < <td bgcolor="#CCCCCC">Login IP Address</td> < <td bgcolor="#CCCCCC">Last Access Time</td> < </tr> < <tr> < <td>176.126.173.105</td> < <td>2020-04-06 20:42:47 +0200 CEST</td> < </tr> < </table><br> < <b>Continue will result in termination of the other session. Please select from one of the following options:</b> < </p> < </td> < </tr> < <tr> < <td> <input id="btnContinue" type="submit" name="btnContinue" value="Continue the session"> <input id="btnCancel" type="submit" name="btnCancel" value="Cancel"> </td> < </tr> < </table> < </td> < </tr></table> < </blockquote> < <input id="DSIDFormDataStr" type="hidden" name="FormDataStr" value="196;316;UniLXsomAwABAAAAXE6nndA3ywxBDMr6xv7WjBgVWmIeiV9js3VVbh+7vD7uNLXYov+/N1P+xTnn8/NF3PdV3vTjizG5Ggm46O8BDh7FHqo4lI7QDrriV4cpfQXEex7Dw12kofSgM15By+i0+aclRE5mSK9OiMZo26fFxZfXBeI02aT/9uxuhfx5w4/SK+FQ/D7MlFntwT1KHQJUkNSa99TTQS9v731cadT3R35JBSYqwu5SesyDpBaQ7F1zce0TS3g1MxIdj8omHmONJzu67KF4jnXXI4MSpP/tJvysGcpX7VHvSUTpBD7bfb0="> < < </form> < < < <table id="table_confirmation_7" border="0" cellspacing="0" cellpadding="0" width="100%"> < <tr> < <td background="/dana-na/imgs/footerbg.gif"> < <table id="table_confirmation_8" cellpadding="0" cellspacing="0" border="0" width="100%"> < <tr> < <td><img src="/dana-na/imgs/space.gif" width="10" height="10"></td> < <td><img src="/dana-na/imgs/space.gif" width="1" height="2"></td> < <td><img src="/dana-na/imgs/space.gif" width="10" height="10"></td> < </tr> < <tr valign="top"> < <td><img src="/dana-na/imgs/space.gif" width="10" height="1"></td> < <td nowrap ><br><br><br><br> < <td align="right"><img src="/dana-na/imgs/space.gif" width="10" height="10"></td> < </tr> < </table> < </td> < </tr> < <tr> < <td colspan="2"><img border="0" src="/dana-na/imgs/space.gif" height="6" width="1" alt=""></td> < </tr> < </table> < < </body> < </html> XML response has no "auth" node Failed to obtain WebVPN cookie casa@casa:~/Downloads/openconnect-8.07$ openconnect https://vpnserver.com/dana-na/auth/url_132/login.cgi?realm=SARA3%20Realm -c mycertificate.p12 --dump-http-traffic -vvvv --protocol=gp POST https://vpnserver.com/global-protect/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Linux Attempting to connect to server 2.3.4.5:443 Connected to 2.3.4.5:443 Using certificate file mycertificate.p12 Enter PKCS#12 pass phrase: Using client certificate '/CN=WHATEVER_CN/serialNumber=WHATEVER/OU=WHATEVER_OU/O=WHATEVER_ORGANIZATION/L=WHATEVER_CITY/ST=WHATEVER_STATE/C=WHATEVER_COUNTRY' SSL negotiation with vpnserver.com Matched peer certificate subject name 'vpnserver.com' Connected to HTTPS on vpnserver.com with ciphersuite TLSv1.2-AES128-GCM-SHA256 > POST /global-protect/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Linux HTTP/1.1 > Host: vpnserver.com > User-Agent: PAN GlobalProtect > Got HTTP response: HTTP/1.1 400 Bad Request Content-Type: text/html; charset=utf-8 Connection: close Pragma: no-cache Cache-Control: no-store Expires: -1 Content-Length: 2362 Strict-Transport-Security: max-age=31536000 HTTP body length: (2362) < <!-- Copyright (c) 2015 by Pulse Secure, LLC. All rights reserved --> < < <html> < <head> < <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> < <meta name=robots content="none"> < <title>Portal de Acceso Seguro de la Generalitat</title> < < <script src="/dana-na/css/ds_153a6f076602b32d1ebd933219241fc6bf4a40b96f1e0b60d8e635aa16635162.js"></script> < <script> < WriteCSS(); < < < < </script> < <noscript> < <link rel="stylesheet" href="/dana-na/css/ds_153a6f076602b32d1ebd933219241fc6bf4a40b96f1e0b60d8e635aa16635162.css"> < </noscript> < </head> < < <body bgcolor="#FFFFFF" color="#000000" link="#3366CC" vlink="#CC6699" alink="#3366CC" leftmargin="0" topmargin="0" rightmargin="0" marginwidth="0" marginheight="0"> < < <table border="0" width="100%" cellspacing="0" cellpadding="3"> < <script> < if (parent.frames.length == 0 || < parent.frames[0].name != "DSFrameToolBar") { < document.write(' <tr>'); < document.write(' <td bgcolor="#FFFFFF"><img border="0" src="/dana-na/auth/welcome.cgi?p=rolelogo" alt="Logo"></td>'); < document.write(' <TD bgcolor="#FFFFFF" align="right"> </TD>'); < } < document.write(' </tr>'); < </script> < <tr> < <td bgcolor="#000000" colspan="2"><img border="0" src="/dana-na/imgs/space.gif" width="1" height="1"></td> < </tr> < </table> < <blockquote> < <table border="0" cellpadding="1" cellspacing="0" bgcolor="#CCCC99"><tr><td> < <table border="0" cellpadding="10" cellspacing="0" bgcolor="#FFFFCC"><tr><td> </td><td> < The request contains an invalid content length: . < < <td> </td></td></tr></table> < <a href="javascript:history.back()">Return to previous page</a> < </td></tr></table> < </blockquote> < <table border="0" width="100%" cellspacing="0" cellpadding="0"> < <tr> < <td><img border="0" src="/dana-na/imgs/space.gif" height="12" width="1"></td> < </tr> < <tr> < <td bgcolor="#000000"><img border="0" src="/dana-na/imgs/space.gif" height="6" width="1"></td> < </tr> < </table> < <table border="0" cellspacing="0" cellpadding="10" width="100%"> < <tr> < <td> < <div class="cssSmall" style="display:none;"> < <div>Copyright © 2001-2017 Pulse Secure, LLC.</div> < <div>All rights reserved.</div> < </div> < </td> < </tr> < </table> < < </body> < < </html> Unexpected 400 result from server Failed to obtain WebVPN cookie casa@casa:~/Downloads/openconnect-8.07$ Can you direct me to the solution to make this vpn working? Thanks in advance. Videoclocknet _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
