On Thu, Aug 17, 2023 at 11:04 AM Anthony Becker <abec...@sigcorp.com> wrote: > Hi Daniel – > > Here is the openconnect version output: > > sshuser@oakvpn:~$ openconnect --version > OpenConnect version v8.20-1 > Using GnuTLS 3.7.3. Features present: TPMv2, PKCS#11, RSA software token, > HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP > Supported protocols: anyconnect (default), nc, gp, pulse, f5, fortinet, array > Default vpnc-script (override with --script): > /usr/share/vpnc-scripts/vpnc-script > > Neither “--clientos=Windows” nor “--usergroup=gateway:prelogin-cookie” worked > for me – I received the same error messages as before.
Got it. Subsequent to the v8.20 release, we've made several small improvements to the GlobalProtect authentication-handling code. In particular, https://gitlab.com/openconnect/openconnect/-/commit/51586b29. 14:15 $ git log --decorate=no --oneline v8.20..v9.12 auth-globalprotect.c https://gitlab.com/openconnect/openconnect/-/commit/bf4338c6 Ignore blank labels sent in GlobalProtect prelogin https://gitlab.com/openconnect/openconnect/-/commit/c0d2daea Save GlobalProtect version reported by portal and parrot it back as client version https://gitlab.com/openconnect/openconnect/-/commit/27284f83 Prevent crash on unexpected response for GlobalProtect portal prelogin XML https://gitlab.com/openconnect/openconnect/-/commit/ce214b87 Expand comment about potentially-useful information in GP portal configuration https://gitlab.com/openconnect/openconnect/-/commit/9164e21e Clearer error message when GlobalProtect portal configuration contains no gateways at all https://gitlab.com/openconnect/openconnect/-/commit/51586b29 GP: add 'internal=no' flag to the login and configuration requests https://gitlab.com/openconnect/openconnect/-/commit/07386df8 No embedded URLs in translatable strings https://gitlab.com/openconnect/openconnect/-/commit/c58464a8 Declare C string constants using array syntax https://gitlab.com/openconnect/openconnect/-/commit/ff13a983 GP SAML: support legacy workflow https://gitlab.com/openconnect/openconnect/-/commit/3d0a3247 GP SAML: handle redirect case https://gitlab.com/openconnect/openconnect/-/commit/a287bc00 GP SAML: fix some memory handling https://gitlab.com/openconnect/openconnect/-/commit/c4c813ec start adding GP SSO support There's no guarantee that any of this will make a difference for your issue (as I said before, I haven't seen that exactly error message), but I would still recommend building and testing OpenConnect v9.12. Please let us know if you get same/different results with v9.12. Daniel _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
