Re: Pulse connect to workstation
Thank you both for your replies. Here's the result with just using the hostname: $ openconnect -C "DSID=aLongStringOfChars" --protocol=pulse myWorkplace.server.serv -v --os=win Attempting to connect to server 123.123.123.233:443 Connected to 123.123.123.233:443 SSL negotiation with myWorkplace.server.serv Connected to HTTPS on myWorkplace.server.serv Got HTTP response: HTTP/1.1 404 Not Found Transfer-Encoding: chunked Strict-Transport-Security: max-age=31536000 HTTP body chunked (-2) Unexpected 404 result from server Creating SSL connection failed ..so it looks like I get the same result doing it that way. Daniel, I don't have much hope that the network admins will enable legacy mode, but sometimes they surprise me. So if I continue to be roadblocked with pulse, I'll try to reach out to them. Tim On Sun, Mar 29, 2020 at 12:47 PM David Woodhouse wrote: > > On Sun, 2020-03-29 at 08:32 -0400, Tim Howard wrote: > > D. My connection attempts (url and IP addresses obscured): > > $ openconnect -C "DSID=aLongStringOfChars" --protocol=pulse > > myWorkplace.server.serv/dana/home/index.cgi# -v --os=win > > Attempting to connect to server 123.123.123.233:443 > > Connected to 123.123.123.233:443 > > SSL negotiation with myWorkplace.server.serv > > Connected to HTTPS on myWorkplace.server.serv > > Got HTTP response: HTTP/1.1 404 Not Found > > Try that without the path; just the server hostname. > ___ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
Re: Pulse connect to workstation
On Sun, 2020-03-29 at 08:32 -0400, Tim Howard wrote: > D. My connection attempts (url and IP addresses obscured): > $ openconnect -C "DSID=aLongStringOfChars" --protocol=pulse > myWorkplace.server.serv/dana/home/index.cgi# -v --os=win > Attempting to connect to server 123.123.123.233:443 > Connected to 123.123.123.233:443 > SSL negotiation with myWorkplace.server.serv > Connected to HTTPS on myWorkplace.server.serv > Got HTTP response: HTTP/1.1 404 Not Found Try that without the path; just the server hostname. smime.p7s Description: S/MIME cryptographic signature ___ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
Re: Pulse connect to workstation
Hi Tim, This is the right approach to investigating and experimenting here. Nicely done. In brief, the "Server response to hostname packet is error 0x08" error means that NC mode is disabled and only Pulse mode is allowed: https://gitlab.com/openconnect/openconnect/issues/42 If your network admins are actually responsive and helpful, they should enable the legacy Juniper/NC/oNCP mode, because it's better supported by OpenConnect. You should also try Pulse mode again *without* the URL path suffix (no `/dana/home/index.cgi#`). It's a bit complicated to explain why, but suffice it to say that even if you end up at this URL in the browser, you probably don't want it when connecting via Pulse mode: $ openconnect -C "DSID=aLongStringOfChars" --protocol=pulse myWorkplace.server.serv -v --os=win However, no guarantees that Pulse mode will work. It's experimental and incomplete. Getting the admins to enable the legacy Juniper mode would be a big advantage, if you can explain the issue to them, and they understand how to do it. -Dan On Sun, Mar 29, 2020 at 5:32 AM Tim Howard wrote: > > Dear all, > My employer has made it so we can access our at-work workstations from > home during this coronavirus emergency. We are hoping openconnect can > help us accomplish this with linux and mac systems. I *think* I'm > getting close with Ubuntu. > > Behavior under Windows 10: > 1. Browse to initial website > 2. login with RSA token (email and token) > 3. login with regular email and pwd > 4. I am provided with a webpage with a link to my workstation. I click > on the link and am given the option to "open pulse secure application > launcher". > 5. login with computer/workstation credentials > 6. A Remote Desktop session opens. Although it looks and behaves just > like a Windows RDP, it is named "Pulse Secure Terminal Services > Client" > > What I have done: > (my system: Ubuntu 18.04.4 LTS) > A. built and installed latest openconnect. Details: > $ openconnect -V > OpenConnect version v8.05-95-gbc3f3891 > Using GnuTLS. Features present: PKCS#11, RSA software token, HOTP > software token, TOTP software token, System keys, DTLS, ESP > Supported protocols: anyconnect (default), nc, gp, pulse > > B. Follow steps 1-4, above to get to webpage with link to launcher. > (If I click on the link I get "... system not supported") > C. get DSID cookie from this web page manually. > > D. My connection attempts (url and IP addresses obscured): > $ openconnect -C "DSID=aLongStringOfChars" --protocol=pulse > myWorkplace.server.serv/dana/home/index.cgi# -v --os=win > Attempting to connect to server 123.123.123.233:443 > Connected to 123.123.123.233:443 > SSL negotiation with myWorkplace.server.serv > Connected to HTTPS on myWorkplace.server.serv > Got HTTP response: HTTP/1.1 404 Not Found > Transfer-Encoding: chunked > Strict-Transport-Security: max-age=31536000 > HTTP body chunked (-2) > Unexpected 404 result from server > Creating SSL connection failed > > $ openconnect -C "DSID=aLongStringOfChars" --protocol=nc > myWorkplace.server.serv/dana/home/index.cgi# -v --os=win > Attempting to connect to server 123.123.123.233:443 > Connected to 123.123.123.233:443 > SSL negotiation with myWorkplace.server.serv > Connected to HTTPS on myWorkplace.server.serv > Got HTTP response: HTTP/1.1 200 OK > Content-type: application/octet-stream > Pragma: no-cache > NCP-Version: 3 > Set-Cookie: DSLastAccess=1585484438; path=/; Secure > Connection: close > X-Frame-Options: SAMEORIGIN > Strict-Transport-Security: max-age=31536000 > > : 1f 00 00 04 00 00 00 12 00 74 69 6d 2d 54 68 69 |.tim-Thi| > > 0010: 6e 6b 50 61 64 2d 54 34 34 30 73 bb 01 00 00 00 |nkPad-T440s.| > > 0020: 00|.| > Server response to hostname packet is error 0x08 > Creating SSL connection failed > > > I realize that I'm not defining my workstation address anywhere. Any > suggestions on how to take the next step? How might I get all the way > through to a remote desktop session? I use Remmina successfully for > other remote sites. > Thank you! > Tim > > ___ > openconnect-devel mailing list > openconnect-devel@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/openconnect-devel ___ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
Pulse connect to workstation
Dear all, My employer has made it so we can access our at-work workstations from home during this coronavirus emergency. We are hoping openconnect can help us accomplish this with linux and mac systems. I *think* I'm getting close with Ubuntu. Behavior under Windows 10: 1. Browse to initial website 2. login with RSA token (email and token) 3. login with regular email and pwd 4. I am provided with a webpage with a link to my workstation. I click on the link and am given the option to "open pulse secure application launcher". 5. login with computer/workstation credentials 6. A Remote Desktop session opens. Although it looks and behaves just like a Windows RDP, it is named "Pulse Secure Terminal Services Client" What I have done: (my system: Ubuntu 18.04.4 LTS) A. built and installed latest openconnect. Details: $ openconnect -V OpenConnect version v8.05-95-gbc3f3891 Using GnuTLS. Features present: PKCS#11, RSA software token, HOTP software token, TOTP software token, System keys, DTLS, ESP Supported protocols: anyconnect (default), nc, gp, pulse B. Follow steps 1-4, above to get to webpage with link to launcher. (If I click on the link I get "... system not supported") C. get DSID cookie from this web page manually. D. My connection attempts (url and IP addresses obscured): $ openconnect -C "DSID=aLongStringOfChars" --protocol=pulse myWorkplace.server.serv/dana/home/index.cgi# -v --os=win Attempting to connect to server 123.123.123.233:443 Connected to 123.123.123.233:443 SSL negotiation with myWorkplace.server.serv Connected to HTTPS on myWorkplace.server.serv Got HTTP response: HTTP/1.1 404 Not Found Transfer-Encoding: chunked Strict-Transport-Security: max-age=31536000 HTTP body chunked (-2) Unexpected 404 result from server Creating SSL connection failed $ openconnect -C "DSID=aLongStringOfChars" --protocol=nc myWorkplace.server.serv/dana/home/index.cgi# -v --os=win Attempting to connect to server 123.123.123.233:443 Connected to 123.123.123.233:443 SSL negotiation with myWorkplace.server.serv Connected to HTTPS on myWorkplace.server.serv Got HTTP response: HTTP/1.1 200 OK Content-type: application/octet-stream Pragma: no-cache NCP-Version: 3 Set-Cookie: DSLastAccess=1585484438; path=/; Secure Connection: close X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000 > : 1f 00 00 04 00 00 00 12 00 74 69 6d 2d 54 68 69 |.tim-Thi| > 0010: 6e 6b 50 61 64 2d 54 34 34 30 73 bb 01 00 00 00 |nkPad-T440s.| > 0020: 00|.| Server response to hostname packet is error 0x08 Creating SSL connection failed I realize that I'm not defining my workstation address anywhere. Any suggestions on how to take the next step? How might I get all the way through to a remote desktop session? I use Remmina successfully for other remote sites. Thank you! Tim ___ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
