02-16-2021 08:38 AM
~$ sudo openconnect --version
OpenConnect version v8.05-1
Using GnuTLS. Features present: TPMv2, PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP
Supported protocols: anyconnect (default), nc, gp, pulse
:~$ sudo openconnect -v devnetsandbox-usw1-reservation.cisco.com:20149
POST https://devnetsandbox-usw1-reservation.cisco.com:20149/
Attempting to connect to server 131.226.217.48:20149
Failed to connect to 131.226.217.48:20149: Connection timed out
Failed to connect to host devnetsandbox-usw1-reservation.cisco.com
Failed to open HTTPS connection to devnetsandbox-usw1-reservation.cisco.com
Failed to obtain WebVPN cookie
Openconnect didn't work using the GUI either
Where's (see pic) Anyconnect for Linux - if necessary?
Solved! Go to Solution.
02-21-2021 10:46 PM - edited 02-21-2021 10:47 PM
02-16-2021 08:39 AM
Failed to establish PC/SC context: Service not available.
POST https://devnetsandbox-usw1-reservation.cisco.com:20131/
Attempting to connect to server 131.226.217.48:20131
Socket connect canceled
Failed to connect to 131.226.217.48:20131: Interrupted system call
Failed to connect to host devnetsandbox-usw1-reservation.cisco.com
Failed to open HTTPS connection to devnetsandbox-usw1-reservation.cisco.com
POST https://devnetsandbox-usw1-reservation.cisco.com:20131/
Attempting to connect to server 131.226.217.48:20131
02-16-2021 08:40 AM
It's not me...dig works
~$ sudo openconnect -v devnetsandbox-usw1-reservation.cisco.com:20131
POST https://devnetsandbox-usw1-reservation.cisco.com:20131/
Attempting to connect to server 131.226.217.48:20131
Failed to connect to 131.226.217.48:20131: Connection timed out
Failed to connect to host devnetsandbox-usw1-reservation.cisco.com
Failed to open HTTPS connection to devnetsandbox-usw1-reservation.cisco.com
Failed to obtain WebVPN cookie
~$ dig 131.226.217.48
; <<>> DiG 9.16.1-Ubuntu <<>> 131.226.217.48
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3641
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;131.226.217.48. IN A
;; Query time: 2772 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun Feb 14 07:05:10 PST 2021
;; MSG SIZE rcvd: 43
02-16-2021 08:44 AM
The attached screenshots include the anyconnect version, firewall settings (all off) and the anyconnect adapter displaying the "unplugged".
The other anyconnect adapter status is disabled and you have to enable it and that results in the unplugged status.
Again this is a windows 10 vm on a Linux host and the the vm assumes the state of the host and the adapter is bridged. (see pic)
I hope this helps but I'd rather have an Openconnect solution because, again, this a 127GB anyconnect solution that wont do.
02-16-2021 08:46 AM
02-16-2021 08:49 AM
As of this morning,16 Feb 2021, I've deleted the win10vm. Spun up a ubuntu 16 vm, install openconnect but it failed, after ctl+c, with "Failed to obtain WebVPN cookie" too.
02-16-2021 12:19 PM
Please try
sudo openconnect devnetsandbox-usw1-reservation.cisco.com:20149 -v --no-dtls -u {username}
Hope this helps.
02-16-2021 05:49 PM
Same outcome ...and to be sure I tried {worldwide1} ...also tried with --os=linux-64 w/ same outcomes
I got to see the encrypted traffic in Wireshark
$ sudo openconnect devnetsandbox-usw1-reservation.cisco.com:20170 -v --no-dtls -u worldwide1
POST https://devnetsandbox-usw1-reservation.cisco.com:20170/
Attempting to connect to server 131.226.217.48:20170
Failed to connect to 131.226.217.48:20170: Connection timed out
Failed to connect to host devnetsandbox-usw1-reservation.cisco.com
Failed to open HTTPS connection to devnetsandbox-usw1-reservation.cisco.com
Failed to obtain WebVPN cookie
02-17-2021 01:14 PM
sudo openconnect devnetsandbox-usw1-reservation.cisco.com:20111 -v -l --no-dtls --dump-http-traffic -u worldwide1
~$ sudo openconnect devnetsandbox-usw1-reservation.cisco.com:20111 -v -l --no-dtls --dump-http-traffic -u worldwide1
Failed to obtain WebVPN cookie
~$ dig devnetsandbox-usw1-reservation.cisco.com
; <<>> DiG 9.16.1-Ubuntu <<>> devnetsandbox-usw1-reservation.cisco.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25899
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;devnetsandbox-usw1-reservation.cisco.com. IN A
;; ANSWER SECTION:
devnetsandbox-usw1-reservation.cisco.com. 538 IN A 131.226.217.48
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Wed Feb 17 13:02:45 PST 2021
;; MSG SIZE rcvd: 85
wizbang@ubuntu:~$ ping devnetsandbox-usw1-reservation.cisco.com
PING devnetsandbox-usw1-reservation.cisco.com (131.226.217.48) 56(84) bytes of data.
^C
--- devnetsandbox-usw1-reservation.cisco.com ping statistics ---
16 packets transmitted, 0 received, 100% packet loss, time 15352ms
~$
====== from syslog ..the -l (el) ===========
Feb 17 13:10:16 ubuntu openconnect[2537]: POST https://devnetsandbox-usw1-reservation.cisco.com:20111/
Feb 17 13:10:16 ubuntu openconnect[2537]: Attempting to connect to server 131.226.217.48:20111
Feb 17 13:12:27 ubuntu openconnect[2537]: Failed to connect to 131.226.217.48:20111: Connection timed out
Feb 17 13:12:27 ubuntu openconnect[2537]: Failed to connect to host devnetsandbox-usw1-reservation.cisco.com
Feb 17 13:12:27 ubuntu openconnect[2537]: Failed to open HTTPS connection to devnetsandbox-usw1-reservation.cisco.com
02-18-2021 01:42 AM
@worldwide1 sandbox does not allow URL/Endpoints to return ICMP/ping. This is within the security posture of the sandbox design. I tested your active session and this connects with success.
Hope this helps.
02-18-2021 03:03 AM
Could also be worth looking to see if the ports are block somewhere. The port range will be anywhere from TCP 20100 through TCP 20354. You can check this using TCP traceroute for example (use your VPN headend and port details provided in the email you recieved)
STUACLAR-M-R6EU:~ stuaclar$ sudo tcptraceroute devnetsandbox-emea-gwy.cisco.com 20203 Selected device en0, address 192.168.1.101, port 63826 for outgoing packets Tracing the path to devnetsandbox-emea-gwy.cisco.com (173.38.221.89) on TCP port 20203, 30 hops max 1 192.168.1.254 1.831 ms 1.113 ms 1.559 ms 2 * * * 3 * * * 4 31.55.187.180 13.037 ms 12.095 ms 11.195 ms 5 core1-hu0-16-0-6.southbank.ukcore.bt.net (213.121.192.88) 10.672 ms 9.822 ms 9.682 ms 6 peer7-et-3-1-6.telehouse.ukcore.bt.net (109.159.252.234) 10.450 ms 10.304 ms 10.335 ms 7 166-49-214-194.gia.bt.net (166.49.214.194) 10.783 ms 9.963 ms 12.102 ms 8 166-49-214-191.gia.bt.net (166.49.214.191) 38.028 ms 31.357 ms 29.346 ms 9 xe-1-1-1.cr1-ams9.ip4.gtt.net (89.149.181.205) 20.741 ms 20.691 ms 22.442 ms 10 134.222.93.54 23.656 ms 20.596 ms 22.114 ms 11 128.107.10.9 23.190 ms 21.363 ms 21.631 ms 12 aer01-mda1-dmzbb-gw2-be91.cisco.com (173.38.246.82) 21.595 ms 21.520 ms 20.654 ms 13 aer01-mda2-dmznet-gw2-ten2-1.cisco.com (173.38.208.38) 20.263 ms 21.228 ms 20.618 ms 14 aer01-mda2-dmzvaas-gw2-gig0-2.cisco.com (173.38.208.230) 25.564 ms 23.230 ms 30.669 ms 15 173.38.209.138 70.558 ms 56.920 ms * 16 173.38.221.90 59.116 ms 59.697 ms 57.287 ms 17 devnetsandbox-emea-gwy.cisco.com (173.38.221.89) [open] 56.273 ms 73.167 ms 60.886 ms
https://articles.assembla.com/en/articles/1589335-how-to-use-tcp-traceroute
Hope this helps.
02-18-2021 09:38 AM
On both the host and the vm. Both are xubuntu.
~$ sudo ufw status
Status: inactive
~$
============
$ sudo traceroute -T devnetsandbox-usw1-reservation.cisco.com 20208
traceroute to devnetsandbox-usw1-reservation.cisco.com (131.226.217.48), 30 hops max, 60 byte packets
1 * * *
2 142.254.183.173 (142.254.183.173) 15.175 ms 15.634 ms 15.544 ms
3 agg60.vnnzca2402h.socal.rr.com (76.167.27.77) 16.194 ms 16.094 ms 15.982 ms
4 72.129.14.86 (72.129.14.86) 19.735 ms 19.598 ms 14.825 ms
5 agg29.tustcaft01r.socal.rr.com (72.129.13.2) 16.300 ms 19.236 ms 19.118 ms
6 bu-ether16.tustca4200w-bcr00.tbone.rr.com (66.109.6.64) 18.999 ms ae-5-0.cr0.chi10.tbone.rr.com (66.109.6.202) 33.039 ms 209-18-43-72.dfw10.tbone.rr.com (209.18.43.72) 17.918 ms
7 * * *
8 * * *
9 CYXTERA-COM.ear2.SanJose1.Level3.net (4.16.45.254) 27.849 ms 27.652 ms 27.501 ms
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
:~$
=======with -p 20208 ====
$ sudo traceroute -T -p 20208 devnetsandbox-usw1-reservation.cisco.com
traceroute to devnetsandbox-usw1-reservation.cisco.com (131.226.217.48), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
:~$
============
~$ sudo tcptraceroute devnetsandbox-usw1-reservation.cisco.com 20208
Running:
traceroute -T -O info -p 20208 devnetsandbox-usw1-reservation.cisco.com
traceroute to devnetsandbox-usw1-reservation.cisco.com (131.226.217.48), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
~$
02-18-2021 12:44 PM
@worldwide1 so in the use example one, traffic being dropped at CYXTERA-COM.ear2.SanJose1.Level3.net (4.16.45.254) and the other traceroute, it is not leaving the local network, no route etc... I think this explains why you are getting the 'no internet message' here.
Hope this helps.
02-21-2021 10:05 PM
02-21-2021 10:39 PM
I've also no problems spinning up that win10vm to chase down the "disconnected" cable feature?
Let me know.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide