> > I've used openconnect to connect to a PAN Global Protect VPN server, which worked fine. Recently this does not work anymore. > > The server returns a 512 Custom Error: > > What changed “recently”? Did you change which version of OpenConnect > you're using? Is it possible that anything changed on the server side? > Unfortunately I cannot tell you what changed. I guess it was on the server side. I used version 8.02 provided by Ubuntu but I also I build the latest version (master) myself. > > I compared the request sent by the Windows client and openconnect and they differ quite a bit. Is there a way to add more options to the request? > > There are a large number of fields which the Windows client sends, > which I'm very confident are vestigial or useless based on testing > across many, many GlobalProtect servers. > > If you want, you can modify the fields sent in the login.esp response > here, if you want: > https://gitlab.com/openconnect/openconnect/blob/HEAD/auth-globalprotect.c#L566-571 Is there no easier way to just provide the complete string of parameters via command line? If not I can just hack this in by myself. > If you find that adding additional fields is necessary to make the > login works, we'll be extremely interested in that. I will do. > > Is this a bug of openconnect and I should create a issue or is this just a configuration/user problem? > > Needs more information. > > Based on past experience, the *most likely* cause for this that you > need to pretend to your GlobalProtect server that you're running an > officially-supported OS (try adding `--os=win` or `--os=mac-intel` or > `--os=linux-64` to the OpenConnect command line) . I have already tried those without any success. I will try to send exactly the same information and see if this will work. > For whatever reason (probably a combination of bad software design and > inadequate testing my local VPN admins), many GlobalProtect servers > report extremely strange and misleading errors when users connect > using OS values other than what they expect. > See: https://gitlab.com/openconnect/openconnect/-/commit/e2f574a5f5f06a2364ff65f7a13721f79bf4beef > > -Dan > > On Mon, Apr 20, 2020 at 4:25 AM <wynalgos@xxxxxxxxxxx> wrote: > > > > Hello all, > > > > I've used openconnect to connect to a PAN Global Protect VPN server, which worked fine. Recently this does not work anymore. > > The server returns a 512 Custom Error: > > > > Got HTTP response: HTTP/1.1 512 Custom error > > Date: Mon, 20 Apr 2020 10:48:56 GMT > > Content-Type: text/html > > Content-Length: 107 > > Connection: keep-alive > > ETag: "23605d1cea69" > > Pragma: no-cache > > Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 > > x-private-pan-sslvpn: auth-failed > > Expires: Thu, 19 Nov 1981 08:52:00 GMT > > X-FRAME-OPTIONS: DENY > > Set-Cookie: PHPSESSID=<PHPSESSID>; secure; HttpOnly > > Set-Cookie: PHPSESSID=<PHPSESSID>; secure; HttpOnly > > HTTP body length: (107) > > < > > < var respStatus = "Error"; > > < var respMsg = "Authentication failed: Timeout "; > > < thisForm.inputStr.value = ""; > > < > > Unexpected 512 result from server > > > > I compared the request sent by the Windows client and openconnect and they differ quite a bit. Is there a way to add more options to the request? > > > > Is this a bug of openconnect and I should create a issue or is this just a configuration/user problem? > > > > Thanks, > > Wynalgo > > > > _______________________________________________ > > openconnect-devel mailing list > > openconnect-devel@xxxxxxxxxxxxxxxxxxx > > http://lists.infradead.org/mailman/listinfo/openconnect-devel _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
