Hi Dan and all,
today i tryied to connect simulating os and client Windows, how you can
see, if i use --no-xmlpost the server said "AnyConnect is not enabled
on the VPN server", if i remove --no-xmlpost, the error remain the
same.
In attach the log with and without --no-xmlpost.
For group, i am sure that VPNAnyconnect is the right group.
I see with my network team that in the vpn server log, the attempt to
access with openconnect use authentication method that is not MSCHAPv2.
If i use VPN Anyconnect from android or windows the authentication
method is MSCHAPv2 and it is good.
Can i force MSCHAPv2?
Thanks
Il giorno gio, 16/08/2018 alle 15.26 -0700, Daniel Lenski ha scritto:
> On Thu, Aug 16, 2018 at 1:17 PM,
> wrote:
> > Hi Daniel and list,
> >
> > in attach the dump.
> >
> > I tryied to add also --os=android but i received another error
> > (dump in
> >file _android attached)
> >
> > Thanks for support
>
> Thanks. This is useful.
>
> - What does this have to do with "EAP-Anyconnect"? Nothing in the log
> mentions EAP.
>
> - Are you *sure* that you are selecting the right auth-group?
> ("VPNAnyConnect" vs "trn")
>
> - All that said, the fact that the errors are completely different
> for
> Android vs. Linux suggests that the server may be trying to do some
> kind of OS/client detection. You might want to try options like these
> to see if they get the server to cooperate…
>
> spoof AnyConnect for Windows:
> --os=win --useragent='Cisco AnyConnect VPN Agent for Windows
> 4.2'
> use a really old authentication mechanism:
> --no-xmlpost
>
> -Dan
>
> ps- Thealessandro@stefania-VPCEH2N1E:~$ sudo openconnect --dump -v --os=win
--useragent="Cisco AnyConnect VPN Agent for Windows 4.2" xxx.xxx.xxx.xxxPOST
https://xxx.xxx.xxx.xxx/
Attempting to connect to server xxx.xxx.xxx.xxx:443
Connected to xxx.xxx.xxx.xxx:443
SSL negotiation with xxx.xxx.xxx.xxx
Server certificate verify failed: signer not found
Certificate from VPN server "xxx.xxx.xxx.xxx" failed verification.
Reason: signer not found
To trust this server in future, perhaps add this to your command line:
--servercert
sha256:34971885c60017dfc2a8c6b582386cac93485d968d2b863bb6d0dd845ac76cf7
Enter 'sì' to accept, 'no' to abort; anything else to view: sì
Connected to HTTPS on xxx.xxx.xxx.xxx
> POST / HTTP/1.1
> Host: xxx.xxx.xxx.xxx
> User-Agent: Cisco AnyConnect VPN Agent for Windows 4.2
> Accept: */*
> Accept-Encoding: identity
> X-Transcend-Version: 1
> X-Aggregate-Auth: 1
> X-AnyConnect-Platform: win
> X-Support-HTTP-Auth: true
> X-Pad:
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 204
>
>
> who="vpn">v7.08winhttps://xxx.xxx.xxx.xxx
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Fri, 17 Aug 2018 15:01:31 GMT
X-Frame-Options: SAMEORIGIN
X-Aggregate-Auth: 1
HTTP body chunked (-2)
<
<
<
< TernaAnyConnect
< VPNAnyConnect
< 1518074870349
<
<
< Login
< Please enter your username and password.
<
<
<
<
<
< VPNAnyConnect
< trn
<
<
<
<
POST XML abilitato
Please enter your username and password.
GROUP: [VPNAnyConnect|trn]:VPNAnyConnect
POST https://xxx.xxx.xxx.xxx/
> POST / HTTP/1.1
> Host: xxx.xxx.xxx.xxx
> User-Agent: Cisco AnyConnect VPN Agent for Windows 4.2
> Accept: */*
> Accept-Encoding: identity
> X-Transcend-Version: 1
> X-Aggregate-Auth: 1
> X-AnyConnect-Platform: win
> X-Support-HTTP-Auth: true
> X-Pad: 0
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 247
>
>
> who="vpn">v7.08winhttps://xxx.xxx.xxx.xxx/VPNAnyConnect
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Fri, 17 Aug 2018 15:01:36 GMT
X-Frame-Options: SAMEORIGIN
X-Aggregate-Auth: 1
HTTP body chunked (-2)
<
<
<
< TernaAnyConnect
< VPNAnyConnect
< 1518074870349
<
<
< Login
< Please enter your username and password.
<
<
<
<
<
< VPNAnyConnect
< trn
<
<
<
<
POST XML abilitato
Please enter your username and password.
Username:myuser
Password:
POST https://xxx.xxx.xxx.xxx/
> POST / HTTP/1.1
> Host: xxx.xxx.xxx.xxx
> User-Agent: Cisco AnyConnect VPN Agent for Windows 4.2
> Accept: */*
> Accept-Encoding: identity
> X-Transcend-Version: 1
> X-Aggregate-Auth: 1
> X-AnyConnect-Platform: win
> X-Support-HTTP-Auth: true
> X-Pad:
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 428
>
>
> who="vpn">v7.08win
> TernaAnyConnect
> VPNAnyConnect
> 1518074870349
> myusermypasswordVPNAnyConnect
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Fri, 17 Aug 2018 15:01:43 GMT
X-Frame-Options: SAMEORIGIN
X-Aggregate-Auth: 1
HTTP