GlobalProtect-openconnect icon indicating copy to clipboard operation
GlobalProtect-openconnect copied to clipboard

Published 20 hours ago verified publisher icon yuezk

SSL connection fails

Open rmcd1024 opened this issue 2 years ago • 1 comments

I'm using 1.4.8+2snapshot.g0adeaf9 on Ubuntu 20.04 and it was working well until August 1. (The date makes me suspect a server-side change that is causing the failure.) Now I get an SSL error when I attempt to connect:

2022-08-03 07:33:59.687 INFO  [102183] [GPClient::onGatewaySuccess@383] Gateway login succeeded, got the 
cookie authcookie=xxxd&portal=vpn-connect-nit-gateway-Nxxx

2022-08-03 07:33:59.701 INFO  [102183] [GPClient::onVPNLogAvailable@509] Output of `openconnect --version`:
 OpenConnect version v8.10-170-gca7bc365

Using GnuTLS 3.6.13. Features present: PKCS#11, HOTP software token, TOTP software token, System keys, DTLS, ESP
Supported protocols: anyconnect (default), nc, gp, pulse

2022-08-03 08:06:15.240 INFO  [102183] [GPClient::onVPNLogAvailable@509] Got extra OpenConnect args 
for server: xxx, <empty>

2022-08-03 08:06:15.240 INFO  [102183] [GPClient::onVPNLogAvailable@509] Start process with 
arugments: --protocol=gp, -u, , --cookie-on-stdin, xxx

2022-08-03 08:06:15.240 INFO  [102183] [GPClient::onVPNLogAvailable@509] Openconnect started successfully, PID=105584

2022-08-03 08:06:15.245 INFO  [102183] [GPClient::onVPNLogAvailable@509] POST https://xxx/ssl-vpn/getconfig.esp

2022-08-03 08:06:15.312 INFO  [102183] [GPClient::onVPNLogAvailable@509] Connected to yyy.yyy.yyy.yyy:443

2022-08-03 08:06:15.324 INFO  [102183] [GPClient::onVPNLogAvailable@509] SSL negotiation with xxx

2022-08-03 08:06:15.392 INFO  [102183] [GPClient::onVPNLogAvailable@509] Connected to HTTPS on xxx with 
ciphersuite (TLS1.2)-(RSA)-(AES-256-GCM)

2022-08-03 08:06:15.431 INFO  [102183] [GPClient::onVPNLogAvailable@509] Matching client config not found
Creating SSL connection failed
Unknown error; exiting.

2022-08-03 08:06:15.435 INFO  [102183] [GPClient::onVPNLogAvailable@509] Openconnect process exited with 
code 1 and exit status NormalExit

rmcd1024 avatar Aug 03 '22 13:08 rmcd1024

Here is a similar problem #96. You could try https://github.com/dlenski/gp-saml-gui to see if it works for you.

yuezk avatar Aug 05 '22 13:08 yuezk

I couldn't get gp-saml-gui to work. I finally fixed the issue by upgrading from Ubuntu 20.04 to 22.04, which upgraded openconnect from 8.10 to 8.20. (I assume the openconnect upgrade is what worked.)

rmcd1024 avatar Sep 17 '22 12:09 rmcd1024