> I've used openconnect to connect to a PAN Global Protect VPN server, which worked fine. Recently this does not work anymore. > The server returns a 512 Custom Error: What changed “recently”? Did you change which version of OpenConnect you're using? Is it possible that anything changed on the server side? > I compared the request sent by the Windows client and openconnect and they differ quite a bit. Is there a way to add more options to the request? There are a large number of fields which the Windows client sends, which I'm very confident are vestigial or useless based on testing across many, many GlobalProtect servers. If you want, you can modify the fields sent in the login.esp response here, if you want: https://gitlab.com/openconnect/openconnect/blob/HEAD/auth-globalprotect.c#L566-571 If you find that adding additional fields is necessary to make the login works, we'll be extremely interested in that. > Is this a bug of openconnect and I should create a issue or is this just a configuration/user problem? Needs more information. Based on past experience, the *most likely* cause for this that you need to pretend to your GlobalProtect server that you're running an officially-supported OS (try adding `--os=win` or `--os=mac-intel` or `--os=linux-64` to the OpenConnect command line) . For whatever reason (probably a combination of bad software design and inadequate testing my local VPN admins), many GlobalProtect servers report extremely strange and misleading errors when users connect using OS values other than what they expect. See: https://gitlab.com/openconnect/openconnect/-/commit/e2f574a5f5f06a2364ff65f7a13721f79bf4beef -Dan On Mon, Apr 20, 2020 at 4:25 AM <wynalgos@xxxxxxxxxxx> wrote: > > Hello all, > > I've used openconnect to connect to a PAN Global Protect VPN server, which worked fine. Recently this does not work anymore. > The server returns a 512 Custom Error: > > Got HTTP response: HTTP/1.1 512 Custom error > Date: Mon, 20 Apr 2020 10:48:56 GMT > Content-Type: text/html > Content-Length: 107 > Connection: keep-alive > ETag: "23605d1cea69" > Pragma: no-cache > Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 > x-private-pan-sslvpn: auth-failed > Expires: Thu, 19 Nov 1981 08:52:00 GMT > X-FRAME-OPTIONS: DENY > Set-Cookie: PHPSESSID=<PHPSESSID>; secure; HttpOnly > Set-Cookie: PHPSESSID=<PHPSESSID>; secure; HttpOnly > HTTP body length: (107) > < > < var respStatus = "Error"; > < var respMsg = "Authentication failed: Timeout "; > < thisForm.inputStr.value = ""; > < > Unexpected 512 result from server > > I compared the request sent by the Windows client and openconnect and they differ quite a bit. Is there a way to add more options to the request? > > Is this a bug of openconnect and I should create a issue or is this just a configuration/user problem? > > Thanks, > Wynalgo > > _______________________________________________ > openconnect-devel mailing list > openconnect-devel@xxxxxxxxxxxxxxxxxxx > http://lists.infradead.org/mailman/listinfo/openconnect-devel _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
