GlobalProtect-openconnect icon indicating copy to clipboard operation
GlobalProtect-openconnect copied to clipboard

Published 20 hours ago verified publisher icon yuezk

"Message did not meet security requirements"

Open fmresearchnovak opened this issue 2 years ago • 10 comments
trafficstars

Trying to use this software to connect to the Franklin and Marshall College VPN service. I installed your software and connected fine the first time. But now every subsequent time I cannot connect, and instead get the error message "Message did not meet security requirements."

gpclient_term_dump.txt Screenshot from 2022-12-17 10-37-14 Screenshot from 2022-12-17 10-37-04 Screenshot from 2022-12-17 10-27-02

fmresearchnovak avatar Dec 17 '22 15:12 fmresearchnovak

Does it happen if you click on the tray icon, reset settings, and login again?

praetorzero avatar Dec 17 '22 19:12 praetorzero

If I right click on the tray icon and select "Reset" then I can log in successfully!

This is a good work-around for me. Thank you! Please let me know what else (if anything) I can do to assist this project. :)

fmresearchnovak avatar Dec 17 '22 21:12 fmresearchnovak

I've got to ask... how secure is it using third party VPN services like this, in general? I'd think there is a serious potential threat vector.

@yuezk this seems like a very handy tool, has it had third party security audits? If so, are the reports available anywhere for us to review?

arderyp avatar Jan 13 '23 15:01 arderyp

@arderyp To be honest, there is a related issue #114

yuezk avatar Jan 17 '23 06:01 yuezk

I don't think so. I think having a wholesale third-party security audit is a separate (and much more comprehensive) issue

arderyp avatar Jan 19 '23 17:01 arderyp

@arderyp how can I have the third-party security audits? Do you have any suggestions?

yuezk avatar Feb 02 '23 09:02 yuezk

I am not sure. I know, for example, BitWarden has done them.

arderyp avatar Feb 02 '23 21:02 arderyp

it also sounds like @koraa was offering here

arderyp avatar Aug 11 '23 21:08 arderyp

I've got to ask... how secure is it using third party VPN services like this, in general? I'd think there is a serious potential threat vector.

I would say you pretty much trust the VPN as much as you are trusting a public wifi…but then, you are using a VPN because you want some extra measure of security.

IIRC there is also some sort of probe feature that has openconnect execute some server-side code, but I would need to investigate that…

@arderyp To be honest, there is a related issue https://github.com/yuezk/GlobalProtect-openconnect/issues/114

I am not sure that is true. The issue in here sounds more like some special security "detection" a business would do. It possibly points to this service doing some caching it should not do? Whether this is up to the standard this repository should implement…I do not know.

Are you on good terms with the operator of the VPN service? Maybe contact them and ask them about the error message…

it also sounds like @koraa was offering here

Thank you for pinging me directly. My offer of a review was mostly for the issues I raised, but I am happy to help you do a quick assessment here, but a full security review is something I would need significant funding for.

Is there anything you are interested specifically?

koraa avatar Aug 13 '23 10:08 koraa

Oh let me also mention that tunnelcrack exists now.

koraa avatar Aug 13 '23 10:08 koraa

Closing it for now. Reopen if necessary.

yuezk avatar Mar 23 '24 12:03 yuezk