Hi, I'm not a programmer at all? Though, it's been nearly 1 week I'm going back and forth, trying to get at least one VPN client working on my virtual machine. I've tried built-in VPN, CheckPointCapsule, GlobalProtectUWP, GlobalProtect MacOS client, no success. Plus, I didn't succeed deploying gp-saml-gui, due to repetitive python dependencies I couldn't solve :(
Now back to OpenConnect. Platform : Windows11 on ARM, hosted on a ParallelsDesktop17 VM installed on MacOS 12.1 on ARM OpenConnect version v8.10-727-gbd6a7e71 My company authentication requires SAML with 2FA. =============================================__________________=_____________________============================================= first C:\Program Files\OpenConnect>openconnect --protocol=gp --usergroup=portal --user=91000318@CORP --os=windows --passwd-on-stdin portal.ras.biomerieux.com ||myPassword|| POST https://portal.ras.biomerieux.com/global-protect/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Windows Connected to 193.240.245.231:443 SSL negotiation with portal.ras.biomerieux.com Connected to HTTPS on portal.ras.biomerieux.com with ciphersuite (TLS1.2)-(RSA)-(AES-256-GCM) SAML REDIRECT authentication is required via https://auth.biomerieux.com/adfs/ls/?SAMLRequest=lZFPT8MwDMW%2FSpX7mjRtmbDWSmU7MGmIai0cuKCsNSxSm5Q4Rfv4dBuIP4dJHC0%2FPz%2F%2FvCDVdwMUo9%2BbLb6NSD449J0hODUyNjoDVpEmMKpHAt9AVdxtQIYCBme9bWzHgoIIndfWLK2hsUdXoXvXDT5sNxnbez8QcD5Y51UXOkXhTttJpHE8hI3tIUlifnSVglclL5YVC1ZTEm3U0fPbQU0x%2F8xy1b4Q74izYL3K2HNyJVGKWCQtYpymSmEaqyaOcNe08%2FhaTjKiEdeGvDI%2BY1LIaBbJWZTUUkAyB5E%2BsaD8vOxGm1ab18sYdmcRwW1dl7PyvqpZ8IiOTtEnAcsXR5hwWux%2B4L1sq76YsvyfBBf8x778XP3%2Bcf4B&RelayState=dBNlABd8MWBhYWNjYWQxMDNkZDA5MDFlOTc0NjE5NDQ1NGM0NmIwNg%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=Tie5OOdnOBxSW5ROLcA0hoxrjDf2%2FPYMgFiuTP1cGZWrCistZ9LiuJsmjIWZmv74VF%2F38wJN7Z8q6JO3GMP%2Fpu4lR360HQMh6liR06mepWvWacktgtbEiDF5F6OlE7icedJDdgemJ1LuuAS7pxSS1oHz1dXS6tI%2B4EAb0Bc24iyCZRIbse5jwmljZcp9MnDzJv86ibtI%2FSl%2B7bYaG94Vc53syLsexQj%2FDZ%2F9tV8ZFJz5j1gleVQlsHUm2YwKF3Nxkfv%2BCLrn128nQC%2B17WBloQmEcftY3szjbCEVv5z9qFwQhrHT6hB7d4Y%2Fu5fq9G4VMKSuDV0AJHC%2B5aAJmGvg2A%3D%3D When SAML authentication is complete, specify destination form field by appending :field_name to login URL. Failed to complete authentication then C:\Program Files\OpenConnect>openconnect --protocol=gp --usergroup=portal:prelogin-cookie --user=91000318@CORP --os=windows --passwd-on-stdin --cookie-on-stdin portal.ras.biomerieux.com ||myPassword|| uRCVTTz/E/kAGrw9y+PGRapC0o0RvSww2n957aU8ysipJ1JasFhJ2CChMlupz/u/ POST https://portal.ras.biomerieux.com/ssl-vpn/getconfig.esp Connected to 193.240.245.231:443 SSL negotiation with portal.ras.biomerieux.com Connected to HTTPS on portal.ras.biomerieux.com with ciphersuite (TLS1.2)-(RSA)-(AES-256-GCM) Failed to parse server response Creating SSL connection failed Cookie was rejected by server; exiting. =============================================__________________=_____________________============================================= Now trying directly with gateway, as supposed after reading this exchange : https://github.com/dlenski/openconnect/issues/109 and https://githubmemory.com/repo/dlenski/gp-saml-gui/issues/6?page=2 C:\Program Files\OpenConnect>openconnect --protocol=gp --usergroup=gateway --user=91000318@CORP --os=windows --passwd-on-stdin -vvv --verbose fr.ras.biomerieux.com ||myPassword|| POST https://fr.ras.biomerieux.com/ssl-vpn/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Windows Attempting to connect to server 193.240.245.231:443 Connected to 193.240.245.231:443 SSL negotiation with fr.ras.biomerieux.com Connected to HTTPS on fr.ras.biomerieux.com with ciphersuite (TLS1.2)-(RSA)-(AES-256-GCM) Got HTTP response: HTTP/1.1 200 OK Date: Tue, 14 Dec 2021 21:09:35 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 1898 Connection: keep-alive ETag: "174a5f6b6d78" Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 19 Nov 1981 08:52:00 GMT X-FRAME-OPTIONS: DENY Set-Cookie: CLIENTOS=V2luZG93cw%3D%3D; expires=Wed, 15-Dec-2021 21:09:35 GMT; path=/ Set-Cookie: PHPSESSID=0880871e81c6441ef81e572003f3ea5f; secure; HttpOnly ||several other similar lines|| Strict-Transport-Security: max-age=31536000; X-XSS-Protection: 1; mode=block; X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; HTTP body length: (1898) SAML REDIRECT authentication is required via https://auth.biomerieux.com/adfs/ls/?SAMLRequest=lZFBT8MwDIX%2FSpX7mibtGLPWSmU7MGmIai0cuKAsyVikNhlxivbz6TYQg8Mkjpafn58%2Fz1B07R7KPuzsWr%2F3GkN06FqLcGrkpPcWnECDYEWnEYKEunxYAY8T2HsXnHQtiUpE7YNxdu4s9p32tfYfRuqn9SonuxD2CJRufewFxhvjBoHR%2FSGWroMsS%2BnRkSe0rmg5r0m0GFIYK45%2BP9NiiPhnlgq1RdoiJdFykZNXxcVGZVLcbseKT3Si5YTJKVPpDctSriaDDLHXS4tB2JATnnA2YnzEsoYzSKaQjl9IVH1ddWesMvbtOoLNWYRw3zTVqHqsGxI9a4%2Bn6IOAFLMjSDgt9hdor9uKb56k%2BAe9Gb3YVZyr378tPgE%3D&RelayState=cRRlABd8MWAwODgwODcxZTgxYzY0NDFlZjgxZTU3MjAwM2YzZWE1Zg%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=n6V76Z64gATvQVZZxV%2F0NERv488lrth7AKv7S3j8Pv4K8SVn3rEch5ScYG3sVjfB8FGrIEFlB2QPjNuU9KJ3Xs4MPOgAW3pU8b11xulAUgMyNZ4n4M3GY5b%2BvBGPesNYiDU57sgO5oC0aDNxWnEYg9KT3ocGRr0EURbIv%2BcxFWi6J%2FGca3CM1%2F7jwWTd4%2FLLvxYDjj0tXYnLJD9ysxphKCp0swBibwchUinnHtqTtFskdPnaHRyMBHeAovypgYpKOGars8ZK6pruaCS8ZpWQyF1S2TLh8usimgF2BebFRkqHaSfZ0ct8mqH39BgRtvxBsdPJpwIbO9tbF7HcUXu0Sg%3D%3D When SAML authentication is complete, specify destination form field by appending :field_name to login URL. Failed to complete authentication then C:\Program Files\OpenConnect>openconnect --protocol=gp --usergroup=gateway:prelogin-cookie --user=91000318@CORP --os=windows --passwd-on-stdin --cookie-on-stdin -vvv --verbose fr.ras.biomerieux.com ||myPassword|| hFhPAtkWmmGu8YSvsQnhAxTK40U+GlqcfpYpc5tO+ZyHI44JyQXwIgn4/IANiHiy POST https://fr.ras.biomerieux.com/ssl-vpn/getconfig.esp Attempting to connect to server 193.240.245.231:443 Connected to 193.240.245.231:443 SSL negotiation with fr.ras.biomerieux.com Connected to HTTPS on fr.ras.biomerieux.com with ciphersuite (TLS1.2)-(RSA)-(AES-256-GCM) Got HTTP response: HTTP/1.1 200 OK Date: Tue, 14 Dec 2021 21:12:06 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 29 Connection: keep-alive ETag: "1f35f6b6d78" Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 19 Nov 1981 08:52:00 GMT X-FRAME-OPTIONS: DENY Set-Cookie: PHPSESSID=e054287b91c458b54033807b5fc44177; secure; HttpOnly Strict-Transport-Security: max-age=31536000; X-XSS-Protection: 1; mode=block; X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; HTTP body length: (29) Failed to parse server response Response was: errors getting SSL/VPN config Creating SSL connection failed Cookie was rejected by server; exiting. =============================================__________________=_____________________============================================= I'm once again stuck without any lead to move forward. Discussions seen on forums does seem to help parsing the server response. Any help or suggestion you may have ? Thanks ! _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
