Hi, Our Cisco VPN has changed to using Azure MFA. Opening a connection with Openconnect asks for username and password but then just returns to the same prompt. I do not get any notifications in the Authenticator app. Am I missing some simple piece of configuration?
Thanks, Brian root@triton:~# openconnect -vvv asa-vpn-isd.ucl.ac.uk POST https://asa-vpn-isd.ucl.ac.uk/ Attempting to connect to server 128.40.124.178:443 Connected to 128.40.124.178:443 SSL negotiation with asa-vpn-isd.ucl.ac.uk Connected to HTTPS on asa-vpn-isd.ucl.ac.uk Got HTTP response: HTTP/1.0 302 Object Moved Content-Type: text/html; charset=utf-8 Content-Length: 0 Cache-Control: no-store Pragma: no-cache Connection: Close Date: Tue, 07 Sep 2021 07:40:11 GMT X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000; includeSubDomains Location: /+webvpn+/index.html Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure HTTP body length: (0) GET https://asa-vpn-isd.ucl.ac.uk/ Attempting to connect to server 128.40.124.178:443 Connected to 128.40.124.178:443 SSL negotiation with asa-vpn-isd.ucl.ac.uk Connected to HTTPS on asa-vpn-isd.ucl.ac.uk Got HTTP response: HTTP/1.0 302 Object Moved Content-Type: text/html; charset=utf-8 Content-Length: 0 Cache-Control: no-store Pragma: no-cache Connection: Close Date: Tue, 07 Sep 2021 07:40:11 GMT X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000; includeSubDomains Location: /+webvpn+/index.html Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure HTTP body length: (0) GET https://asa-vpn-isd.ucl.ac.uk/+webvpn+/index.html SSL negotiation with asa-vpn-isd.ucl.ac.uk Connected to HTTPS on asa-vpn-isd.ucl.ac.uk Got HTTP response: HTTP/1.1 200 OK Strict-Transport-Security: max-age=31536000; includeSubDomains Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: no-store Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpn_as=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnlogin=1; secure X-Frame-Options: SAMEORIGIN X-Transcend-Version: 1 HTTP body chunked (-2) Multi-Factor Authentication is now enabled on the ISD VPN, please have your device registered for MFA ready to approve access. Check for notifications in your app if you use it as your preferred method. Please enter your username and password. GROUP: [SSLVPN]:SSLVPN Multi-Factor Authentication is now enabled on the ISD VPN, please have your device registered for MFA ready to approve access. Check for notifications in your app if you use it as your preferred method. Please enter your username and password. Username: Password: POST https://asa-vpn-isd.ucl.ac.uk/+webvpn+/index.html Failed to write to SSL socket: The TLS connection was non-properly terminated. SSL negotiation with asa-vpn-isd.ucl.ac.uk Connected to HTTPS on asa-vpn-isd.ucl.ac.uk Got HTTP response: HTTP/1.1 200 OK Strict-Transport-Security: max-age=31536000; includeSubDomains Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: no-store Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpn_as=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnlogin=1; secure X-Frame-Options: SAMEORIGIN X-Transcend-Version: 1 HTTP body chunked (-2) Multi-Factor Authentication is now enabled on the ISD VPN, please have your device registered for MFA ready to approve access. Check for notifications in your app if you use it as your preferred method. Please enter your username and password. Username: _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
