Can't connect to Cisco Any Connect

Support requests about VPN Client Pro
Post Reply
tom
Posts: 11
Joined: Thu Jan 28, 2021 9:43 pm

Can't connect to Cisco Any Connect

Post by tom »

Hi,

i'm trying to connect to https://vpn.hrz.tu-darmstadt.de/ with VPN Client Pro.

A couple of years ago that was working. But at some point it stopped working. I guess something somewhere changed.

I don't have the working Profil from way back anymore. But as i think it broke without doing anything on my part (and i think it weren't particulary complicated settings) it probably wouldn't be that usefull anyway.

I'm still able to connect via openconnect on Linux and the Any Connect App on Android. So it's not a general issue.

Here the output of the Linux command:

Code: Select all

$ openconnect --version
OpenConnect Version v9.12
Using GnuTLS 3.8.8. Features present: TPMv2, PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP
Unterstützte Protokolle: anyconnect (Vorgabe), nc, gp, pulse, f5, fortinet, array
Default vpnc-script (override with --script): /etc/vpnc/vpnc-script

$ sudo openconnect --authgroup=campus https://vpn.hrz.tu-darmstadt.de
POST https://vpn.hrz.tu-darmstadt.de/
Verbunden mit [2001:41b8:83f:257::101]:443
SSL-Verhandlung mit vpn.hrz.tu-darmstadt.de
Connected to HTTPS on vpn.hrz.tu-darmstadt.de with ciphersuite (TLS1.2)-(ECDHE-X25519)-(RSA-SHA256)-(AES-256-GCM)
HTTP-Antwort erhalten: HTTP/1.1 404 Not Found
Unerwartetes 404-Ergebnis vom Server
GET https://vpn.hrz.tu-darmstadt.de/
Verbunden mit [2001:41b8:83f:257::101]:443
SSL-Verhandlung mit vpn.hrz.tu-darmstadt.de
Connected to HTTPS on vpn.hrz.tu-darmstadt.de with ciphersuite (TLS1.2)-(ECDHE-X25519)-(RSA-SHA256)-(AES-256-GCM)
HTTP-Antwort erhalten: HTTP/1.0 302 Object Moved
GET https://vpn.hrz.tu-darmstadt.de/+webvpn+/index.html
SSL-Verhandlung mit vpn.hrz.tu-darmstadt.de
Connected to HTTPS on vpn.hrz.tu-darmstadt.de with ciphersuite (TLS1.2)-(ECDHE-X25519)-(RSA-SHA256)-(AES-256-GCM)
Please enter your username and password.
Please enter your username and password.
Username:MYUSERNAMEIDONTWANTTOSHARE
Password:
POST https://vpn.hrz.tu-darmstadt.de/+webvpn+/index.html
CONNECT-Antwort erhalten: HTTP/1.1 200 OK
CSTP verbunden. DPD 30, Keepalive 20
DTLS-Verbindung aufgebaut (mit GnuTLS). Schiffrierwerk (DTLS1.2)-(ECDHE-RSA)-(AES-256-GCM).
Configured as 130.83.73.9 + 2001:41b8:83f:4250::26/64, with SSL connected and DTLS connected
Session authentication will expire at Tue Mar  4 20:14:44 2025

Using vhost-net for tun acceleration, ring size 32
^CBYE-Paket senden: Aborted by caller
User cancelled (SIGINT/SIGTERM); exiting.
For VPN Client Pro i just created a profile with all the default settings and the only thing i changed was checking "Use Cisco AnyConnect Legacy-Protocoll".

Then i'm prompted for the two group Options available with that server (so something is working) and then for my Username and Password but once those information are entered it won't succesfully connect:
VPN-client-Pro-legacy-cisco.png
VPN-client-Pro-legacy-cisco.png (233.55 KiB) Viewed 72703 times
If don't check "Use Cisco AnyConnect Legacy-Protocoll" i'm just getting a 404 and i'm not prompted for any follow up questions. So i think checking that option is correct.

Any idea what could help?

Also there is a concrete "bug" i would like to report. The "OK" Button in dialogs is missing if the Language of the device is set to German:
Pop-Up in English
Pop-Up in English
SelectGroup-EN.png (39.37 KiB) Viewed 72703 times
Pop-Up in German
Pop-Up in German
SelectGroup-DE.png (23.35 KiB) Viewed 72703 times
Might be some translation issue or the text is to long and the Button therefore out of view or something like that.
admin
Site Admin
Posts: 810
Joined: Fri Feb 15, 2019 4:04 pm
Contact:

Re: Can't connect to Cisco Any Connect

Post by admin »

Hi,

can you post or send me a private message with the output of the following Linux command?

Code: Select all

sudo openconnect -vvv --dump-http-traffic --authgroup=campus https://vpn.hrz.tu-darmstadt.de
Be careful because it may contain sensitive information such as username/password in clear or base64 encoded form
tom
Posts: 11
Joined: Thu Jan 28, 2021 9:43 pm

Re: Can't connect to Cisco Any Connect

Post by tom »

Hi,

i've send a PM.

This isn't really time sensitive for me by the way. I'm happy if it works at some point again. But it hasn't worked for years and i mainly came around to report/ask what might be the problem now. So feel free to prioritize other stuff. :)

Thanks

Tom
admin
Site Admin
Posts: 810
Joined: Fri Feb 15, 2019 4:04 pm
Contact:

Re: Can't connect to Cisco Any Connect

Post by admin »

Hi Tom,

thanks for the report and the log.
First I will fix the layout issue that hides the OK button.
Then I will take some time to examine the log and try to understand why it is no longer possible to connect to this VPN.
tom
Posts: 11
Joined: Thu Jan 28, 2021 9:43 pm

Re: Can't connect to Cisco Any Connect

Post by tom »

Thanks!
admin
Site Admin
Posts: 810
Joined: Fri Feb 15, 2019 4:04 pm
Contact:

Re: Can't connect to Cisco Any Connect

Post by admin »

The issue has been fixed in the beta release 1.02.00
Thanks for your help!
Post Reply