On Wed, 2022-05-04 at 16:54 +0000, Schütz Dominik wrote: > unfortunately I can't send the output of "-vv --dump-http-traffic" > because it contains company-specific information.
Fair enough, although that obviously makes it difficult to try to help. Without even seeing the final offending EAP-TTLS (or not?) packet that it didn't like, it's hard to even guess about what's happening. Note that a public-facing VPN server will be receiving hundreds or more likely thousands of *random* connection attempts per day. To reproduce this and have a chance of helping you, I wouldn't need to get any further than any of those random port scans do — I don't need a username, a password, or a certificate or anything like that; just the IP address that is receiving thousands of stray connections a day. But OK, if you're not comfortable with that, then take a look at that final packet and see what it is. Is it a *different* EAP type? Have they changed to EAP-TLS or something else? Does it change if you vary the user-agent you advertise (see the comments in the source about the way that changes things). Those are rhetorical questions, of course, intended to help guide you if you want to try to solve this on your own. I don't *actually* have any real insight into this other than having watched the Windows client attempt to connect through a MITM proxy, and trying to work out what the many levels of nested binary protocols actually were.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel