GlobalProtect-openconnect
GlobalProtect-openconnect copied to clipboard
yuezk
Segfault on connect
I try to connect to vpn.scientificnet.org, but the gpclient crashes with the following log:
2022-07-05 10:57:51.070 INFO [34300] [main@24] GlobalProtect started, version: 1.4.8 2022-07-05 10:57:51.236 INFO [34300] [GPClient::populateGatewayMenu@139] Populating the Switch Gateway menu... 2022-07-05 10:57:53.273 INFO [34300] [GPClient::populateGatewayMenu@139] Populating the Switch Gateway menu... 2022-07-05 10:58:00.985 INFO [34300] [GPClient::doConnect@244] Start connecting... 2022-07-05 10:58:00.986 INFO [34300] [GPClient::doConnect@260] Start gateway login using the previously saved gateway... 2022-07-05 10:58:00.986 INFO [34300] [GPClient::gatewayLogin@367] Performing gateway login... 2022-07-05 10:58:00.995 INFO [34300] [GatewayAuthenticator::authenticate@28] Start gateway authentication... 2022-07-05 10:58:00.995 INFO [34300] [GatewayAuthenticator::login@41] Trying to login the gateway at https://vpn.scientificnet.org/ssl-vpn/login.esp, with prot=https%3A&server=&jnlpReady=jnlpReady&computer=xxx.mypc.com&ok=Login&direct=yes&clientVer=4100&os-version=KDE neon User - 5.25&clientos=Windows&portal-prelogonuserauthcookie=&prelogin-cookie=&ipv6-support=yes&user=&passwd=&portal-userauthcookie=&inputStr= 2022-07-05 10:58:01.325 INFO [34300] [gpclient::helper::parseGatewayResponse@54] Start parsing the gateway response... 2022-07-05 10:58:01.325 INFO [34300] [gpclient::helper::parseGatewayResponse@55] The gateway response is: Segmentation fault (core dumped)
I noticed in the gateway URL that the os-version value "KDE neon User - 5.25" is not encoded properly. I am use the KDE neon version 5.25 (latest) which is based on Ubuntu focal.
Hi,
i never used this client before. But i successfully got a connection using the solution from https://github.com/vlaci/openconnect-sso.
Here the output of the connection setup:
[info ] Response received [openconnect_sso.authenticator] id=main message=Please complete the authentication process in the AnyConnect Login window. title=Login
[info ] Browser started [webengine] startup_info=StartupInfo(url='https://vpn.scientificnet.org/+CSCOE+/saml/sp/login?tgname=ScientificNetworkSouthTyrol&acsamlcap=v2', credentials=None)
[info ] Loading page [webengine] url=https://vpn.scientificnet.org/+CSCOE+/saml/sp/login?tgname=ScientificNetworkSouthTyrol&acsamlcap=v2
js: Error parsing a meta element's content: ';' is not a valid key-value pair separator. Please use ',' instead.
js: A cookie associated with a cross-site resource at https://vpn.scientificnet.org/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
[info ] Exiting browser [webengine]
[info ] Terminate requested. [webengine]
[info ] Browser exited [openconnect_sso.browser.browser]
[info ] Response received [openconnect_sso.authenticator] id=success message=
[sudo] password for myself:
Connected to 193.106.183.130:443
SSL negotiation with vpn.scientificnet.org
Server certificate verify failed: signer not found
Connected to HTTPS on vpn.scientificnet.org
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 30, Keepalive 20
Connected as 432.121.48.14, using SSL, with DTLS in progress
Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(ECDHE-RSA)-(AES-256-GCM).
Just got this behavior (the log is totally same as in the first message), when tried to connect in the wi-fi network which requires web authentication, i.e. all the requests are redirected to login web page.
Obviously it was impossible to connect to vpn, but segfault was unexpected.
When wi-fi is logged in, everything works perfect.
