On Mon, Mar 22, 2021 at 9:55 AM William Bell <william.b...@frog.za.net> wrote: > > $ openconnect --version > OpenConnect version v8.10-1 > Using GnuTLS 3.6.15. Features present: TPMv2, PKCS#11, RSA software token, > HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP > Supported protocols: anyconnect (default), nc, gp, pulse > > $ uname --all > Linux williambell 5.8.0-45-generic #51-Ubuntu SMP Fri Feb 19 13:24:51 UTC > 2021 x86_64 x86_64 x86_64 GNU/Linux > > (added hidden stuff and invalid IP address, the certificate sha is valid but > expired.) > > $ sudo openconnect -vvv --servercert pin-sha256:hiddensha= > --authgroup=HIDDEN_MFA --user=hiddenUserName 956.888.747.602
Thanks. I'm not seeing any of the "Error in the push/pull function" in your log here… are those no longer occurring? It looks like your VPN is just repeatedly showing you the username/password/secondary-password form because you're not entering the expected values. I notice that both fields are labeled "Password: " in your case… 1. Do the labels *differ* in the official AnyConnect client? (run `openconnect --dump-http-traffic` to show the raw XML, which may help us figure out where the labels come from) 2. Is it possible that your VPN has the password and secondary-password fields *reversed*, thus causing you to enter the values backwards? 3. We've seen a case of password-field-reversal before (https://gitlab.com/openconnect/openconnect/-/issues/35#note_168906231), but we don't know how to autodetect it. Dan _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
