Hi
I heard today that they will be upgrading to a Fortigate system in a few
weeks.
So I do not think we should put more energy into this.
Thanks for all your help Dan.
On 2021/03/23 18:28, Daniel Lenski wrote:
On Mon, Mar 22, 2021 at 10:27 PM William Bell <william.b...@frog.za.net> wrote:
It also seems to me that whoever set your server up just didn't test
it with OpenConnect, or just didn't test it with Linux clients. It's
hard to tell whether this was intentional (to prevent use of anything
other than the official AnyConnect-for-Windows client) or just the
result of misconfiguration/inadequate testing. In my experience, the
latter is much more common. You probably have a good idea.
They either did not have the money to do it, I asked for the Linux
client and they said they did not have one, windows only.
The version we are using seems no longer available at Cisco.
In any case, even if your administrators ARE TRYING to prevent you
from connecting with a non-standard client, it's always possible to
circumvent this… just have to figure out how to emulate the behavior
of the official client in a more indistinguishable way.
Could it be that the client is reading the credentials from a cookie
that the browser temporary creates or something from the browser by some
other means. All browsers seem to work. So to get this working, at some
point openconnect should open/start the default browser and "do the same
thing"
This sounds like your VPN may be using Cisco SSO/SAML. See
https://gitlab.com/openconnect/openconnect/-/merge_requests/75 for
work-in-progress to support this.
Easy way to tell: run with `--dump-http-traffic` and see if the
initial auth form contains tags like `<sso-`.
Dan
_______________________________________________
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel
