Re: Anyconnect ubuntu

pmbrady · ‎11-13-2017

I am trying to connect to a VPN using anyconnect 4.5 on Ubuntu 16.04. I am able to connect to the VPN using the android app and other people are able to connect so I think the issue must be on my machine rather than server side. I get the below errors is syslog. Has anyone come across these before/

Nov 13 16:08:51 phil-HP-EliteDesk-800-G3-SFF acvpncli[16241]: Function: SendRequest File: ../../vpn/Api/CTransportCurlStatic.cpp Line: 1500 Invoked Function: curl_easy_perform Return Code: -30015438 (0xFE360032) Description: CTRANSPORT_ERROR_HTTP_RETURNED_ERROR:The HTTP server returned an error code (>= 400) HTTP status code received 404
Nov 13 16:08:51 phil-HP-EliteDesk-800-G3-SFF acvpncli[16241]: Function: sendRequest File: ../../vpn/Api/ConnectIfc.cpp Line: 3235 Invoked Function: CTransport::SendRequest Return Code: -30015438 (0xFE360032) Description: CTRANSPORT_ERROR_HTTP_RETURNED_ERROR:The HTTP server returned an error code (>= 400)
Nov 13 16:08:51 phil-HP-EliteDesk-800-G3-SFF acvpncli[16241]: Function: connect File: ../../vpn/Api/ConnectIfc.cpp Line: 486 Invoked Function: ConnectIfc::sendRequest Return Code: -30015438 (0xFE360032) Description: CTRANSPORT_ERROR_HTTP_RETURNED_ERROR:The HTTP server returned an error code (>= 400)
Nov 13 16:08:51 phil-HP-EliteDesk-800-G3-SFF acvpncli[16241]: Function: doConnectIfcConnect File: ../../vpn/Api/ConnectMgr.cpp Line: 2150 Invoked Function: ConnectIfc::connect Return Code: -30015438 (0xFE360032) Description: CTRANSPORT_ERROR_HTTP_RETURNED_ERROR:The HTTP server returned an error code (>= 400)
Nov 13 16:08:51 phil-HP-EliteDesk-800-G3-SFF acvpncli[16241]: Message type warning sent to the user: Connection attempt has failed.
Nov 13 16:08:51 phil-HP-EliteDesk-800-G3-SFF acvpncli[16241]: Function: processIfcData File: ../../vpn/Api/ConnectMgr.cpp Line: 2839 Content type (unknown) received. Response type (failed) from 83.218.15.54:
Nov 13 16:08:51 phil-HP-EliteDesk-800-G3-SFF acvpncli[16241]: Function: processIfcData File: ../../vpn/Api/ConnectMgr.cpp Line: 2977 Invoked Function: ConnectMgr::processIfcData Return Code: -30015438 (0xFE360032) Description: CTRANSPORT_ERROR_HTTP_RETURNED_ERROR:The HTTP server returned an error code (>= 400)
Nov 13 16:08:51 phil-HP-EliteDesk-800-G3-SFF acvpncli[16241]: Function: connect File: ../../vpn/Api/ConnectMgr.cpp Line: 2237 ConnectMgr::processIfcData failed
Nov 13 16:08:51 phil-HP-EliteDesk-800-G3-SFF acvpncli[16241]: Function: initiateConnect File: ../../vpn/Api/ConnectMgr.cpp Line: 1257 Connection failed.
Nov 13 16:08:51 phil-HP-EliteDesk-800-G3-SFF acvpncli[16241]: VPN state: Disconnected Network state: Network Accessible Network control state: Network Access: Available Network type: Undefined
Nov 13 16:08:51 phil-HP-EliteDesk-800-G3-SFF acvpncli[16241]: Function: run File: ../../vpn/Api/ConnectMgr.cpp Line: 720 Invoked Function: ConnectMgr::initiateConnect Return Code: -29622263 (0xFE3C0009) Description: CONNECTMGR_ERROR_UNEXPECTED
Nov 13 16:08:51 phil-HP-EliteDesk-800-G3-SFF acvpncli[16241]: Function: signalGetNextCommand File: ../../vpn/CLI/callbacks.cpp Line: 838 Attempting to access NULL pointer
Nov 13 16:08:51 phil-HP-EliteDesk-800-G3-SFF acvpnagent[2500]: Function: OnIpcMessageReceivedAtDepot File: ../../vpn/Agent/MainThread.cpp Line: 4730 Received connect failure notification (host 83.218.15.54, profile N/A)
Nov 13 16:08:51 phil-HP-EliteDesk-800-G3-SFF acvpnagent[2500]: Function: determinePublicAddrCandidateFromDefRoute File: ../../vpn/AgentUtilities/HostConfigMgr.cpp Line: 2103 Invoked Function: CHostConfigMgr::FindDefaultRouteInterface Return Code: -24117215 (0xFE900021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED IPv6
Nov 13 16:08:51 phil-HP-EliteDesk-800-G3-SFF acvpnagent[2500]: Function: updatePotentialPublicAddresses File: ../../vpn/AgentUtilities/HostConfigMgr.cpp Line: 2245 Invoked Function: CHostConfigMgr::determinePublicAddrCandidateFromDefRoute Return Code: -24117215 (0xFE900021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED IPv6

Flavio Miranda · ‎11-13-2017

Hi @pmbrady

This log does not say too much unfortunatelly.

I recommend you to install some different client for linux just to make sure:

sudo apt-get install vpnc or sudo apt-get install OpenConnect.

Maybe you have some job to do with repository.

-If I helped you somehow, please, rate it as useful.-

pmbrady · ‎11-14-2017

I think I've found the issue but I am pretty sure I am using the latest version of AnyConnect (4.5.02036)

openconnect xxx.xxx.xxx.xxx
POST https://xxx.xxx.xxx.xxx/
Attempting to connect to server xxx.xxx.xxx.xxx:443
SSL negotiation with xxx.xxx.xxx.xxx
Server certificate verify failed: signer not found

Certificate from VPN server "xxx.xxx.xxx.xxx" failed verification.
Reason: signer not found
Enter 'yes' to accept, 'no' to abort; anything else to view: yes
Connected to HTTPS on xxx.xxx.xxx.xxx
Got HTTP response: HTTP/1.1 404 Not Found
Unexpected 404 result from server
GET https://xxx.xxx.xxx.xxx/
Attempting to connect to server xxx.xxx.xxx.xxx:443
SSL negotiation with xxx.xxx.xxx.xxx
Server certificate verify failed: signer not found
Connected to HTTPS on xxx.xxx.xxx.xxx
Got HTTP response: HTTP/1.0 302 Object Moved
GET https://xxx.xxx.xxx.xxx/+webvpn+/index.html
SSL negotiation with xxx.xxx.xxx.xxx
Server certificate verify failed: signer not found
Connected to HTTPS on xxx.xxx.xxx.xxx
Got HTTP response: HTTP/1.1 301 Moved Permanently
GET https://xxx.xxx.xxx.xxx/+CSCOU+/anyconnect_unsupported_version.html
Please upgrade your AnyConnect Client
Failed to obtain WebVPN cookie

pmbrady · ‎11-14-2017

I think I have found the problem but I am already using the latest version (4.5.02036)

openconnect xxx.xxx.xxx.xxx
POST https://xxx.xxx.xxx.xxx/
Attempting to connect to server xxx.xxx.xxx.xxx:443
SSL negotiation with xxx.xxx.xxx.xxx
Server certificate verify failed: signer not found

Certificate from VPN server "xxx.xxx.xxx.xxx" failed verification.
Reason: signer not found
Enter 'yes' to accept, 'no' to abort; anything else to view: yes
Connected to HTTPS on xxx.xxx.xxx.xxx
Got HTTP response: HTTP/1.1 404 Not Found
Unexpected 404 result from server
GET https://xxx.xxx.xxx.xxx/
Attempting to connect to server xxx.xxx.xxx.xxx:443
SSL negotiation with xxx.xxx.xxx.xxx
Server certificate verify failed: signer not found
Connected to HTTPS on xxx.xxx.xxx.xxx
Got HTTP response: HTTP/1.0 302 Object Moved
GET https://xxx.xxx.xxx.xxx/+webvpn+/index.html
SSL negotiation with xxx.xxx.xxx.xxx
Server certificate verify failed: signer not found
Connected to HTTPS on xxx.xxx.xxx.xxx
Got HTTP response: HTTP/1.1 301 Moved Permanently
GET https://xxx.xxx.xxx.xxx/+CSCOU+/anyconnect_unsupported_version.html
Please upgrade your AnyConnect Client
Failed to obtain WebVPN cookie

pmbrady · ‎11-20-2017

I managed to fix this by passing --os=win

'echo $(sudo cat /home/phil/Documents/passwd) | sudo openconnect --user xxx --csd-user xxx --csd-wrapper ~/.cisco/csd-wrapper.sh xx.xx.xx.xx
--no-cert-check --authgroup=xxx --os=win --passwd-on-stdin --no-dtls'

My problem is now that when I am connected to the VPN I have no internet access.

Is there a way to exclude a program from the VPN? For example, chrome will use my normal connection but terminal will use the VPN connection?

jusschwa · ‎12-13-2018

Regarding your question about using different apps... I am not sure how you would do that using a simple configuration on your client but I know that in the past I have done this by setting up a light proxy that runs on another system on my home network, and I just configure the browser to go through that proxy. That is a bit of an extra step though...