Hello,
I am trying to connect to the new VPN my employer has set up. I am currently using OpenConnect for their Pulse VPN without any problems, but cannot seem to get it to connect to their new Cisco VPN, which I need to migrate to soon. Cisco AnyConnect does work, but I'd much prefer staying with OpenConnect. When I attempt to connect, it seems to work with my PIV smartcard, but then soon enters what appears to be a continuous loop, where it seems to be waiting for something. Below is the opennconnect --version info, and the redacted log of a recent session. I broke out of it early, but will continue to loop on the "Refreshing +CSCOE+/sdesktop/wait.html after 1 second..." for upwards of 10 minutes. It seems the problem may be similar to the one that has no response at https://gist.github.com/l0ki000/56845c00fd2a0e76d688#gistcomment-2203958 and is likely related to the messages seen within the log: No value set for `/system/proxy/secure_host' No value set for `/system/http_proxy/host' If this is the issue, can you provide any suggestions for "sane" values to use for setting them? Any guidance is greatly appreciated. Thanks, -Randall uname -a Linux gs619-g001189 3.10.0-957.5.1.el7.x86_64 #1 SMP Fri Feb 1 14:54:57 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) openconnect --version OpenConnect version v7.08 Using GnuTLS. Features present: TPM, PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, DTLS openconnect -v --script-tun --script "~/local/bin/ocproxy -D 11080" --user=rsindlin --csd-user=rsindlin --csd-wrapper=.cisco/csd-wrapper.sh -c 'pkcs11:model=;manufacturer=;serial=;token=CoolKey;id=%00%01;object=PIV%20ID%20Certificate;type=cert' --authgroup=[redacted_authgrp] [redacted.vpn.net] POST https://[redacted.vpn.net]/ Attempting to connect to server 198.xxx.xxx.xxx:443 Connected to 198.xxx.xxx.xxx:443 Using PKCS#11 certificate pkcs11:model=;manufacturer=;serial=;token=CoolKey;id=%00%01;object=PIV%20ID%20Certificate;type=cert PIN required for CoolKey Enter PIN: Using PKCS#11 key pkcs11:model=;manufacturer=;serial=;token=CoolKey;id=%00%01;object=PIV%20ID%20Certificate;type=private Using client certificate 'Randall Sindlinger (affiliate)' SSL negotiation with [redacted.vpn.net] Connected to HTTPS on [redacted.vpn.net] Got HTTP response: HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Cache-Control: no-cache Pragma: no-cache Connection: Keep-Alive Date: Tue, 09 Oct 2018 21:20:14 GMT X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000; preload; X-Aggregate-Auth: 1 HTTP body chunked (-2) XML POST enabled GET https://[redacted.vpn.net]/+CSCOE+/sdesktop/wait.html --2018-10-09 17:20:14-- https://[redacted.vpn.net]/CACHE/sdesktop/hostscan/linux_x64/manifest Resolving [redacted.vpn.net] ([redacted.vpn.net])... 198.xxx.xxx.xxx Connecting to [redacted.vpn.net] ([redacted.vpn.net])|198.xxx.xxx.xxx|:443... SSL negotiation with [redacted.vpn.net] connected. HTTP request sent, awaiting response... 200 OK The file is already fully retrieved; nothing to do. Got 6 files in manifes, locally found 6 /home/rsindlin/.cisco/hostscan/bin/cscan: OK /home/rsindlin/.cisco/hostscan/bin/cstub: OK /home/rsindlin/.cisco/hostscan/lib/libcsd.so: OK /home/rsindlin/.cisco/hostscan/lib/libhostscan.so: OK /home/rsindlin/.cisco/hostscan/lib/libinspector.so: OK /home/rsindlin/.cisco/hostscan/lib/tables.dat: OK Launching: /home/rsindlin/.cisco/hostscan/bin/cstub -log error -ticket "1CF91A595E3FBEA0313ABBA3" -stub "0" -group "" -host "https://[redacted.vpn.net]/CACHE"; -certhash "E2C1C8EA2FC75BE897C8CEF51B1B110B:3117C25987DE3B0120A9BB9A2B538DD8" Connected to HTTPS on [redacted.vpn.net] Got HTTP response: HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Tue, 09 Oct 2018 21:20:16 GMT X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000; preload; HTTP body chunked (-2) Refreshing +CSCOE+/sdesktop/wait.html after 1 second... GET https://[redacted.vpn.net]/+CSCOE+/sdesktop/wait.html SSL negotiation with [redacted.vpn.net] Connected to HTTPS on [redacted.vpn.net] Got HTTP response: HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Tue, 09 Oct 2018 21:20:19 GMT X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000; preload; HTTP body chunked (-2) Refreshing +CSCOE+/sdesktop/wait.html after 1 second... GET https://[redacted.vpn.net]/+CSCOE+/sdesktop/wait.html SSL negotiation with [redacted.vpn.net] No value set for `/system/proxy/secure_host' No value set for `/system/http_proxy/host' Connected to HTTPS on [redacted.vpn.net] Got HTTP response: HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Tue, 09 Oct 2018 21:20:21 GMT X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=31536000; preload; HTTP body chunked (-2) Refreshing +CSCOE+/sdesktop/wait.html after 1 second... GET https://[redacted.vpn.net]/+CSCOE+/sdesktop/wait.html SSL negotiation with [redacted.vpn.net] ^C _______________________________________________ openconnect-devel mailing list [email protected] http://lists.infradead.org/mailman/listinfo/openconnect-devel
