Cisco Anyconnect v4.6+ can't connect to openconnect vpn server

StuXan · ‎10-25-2022

openconnect client works fine(all of supported os) but for cisco anyconnect it only works on v4.6 but for later versions, anyconnect client can't reach server ("Connection attempt has timed out. Please verify Internet connectivity" as log says). Since downgrading app version is not available on ios devices I need to somehow config the server to be compatible with cisco anyconnect client v5. what the difference between 4.6 and later versions. do 4.6+ version clients need some specific parameters on ocserver?

balaji.bandi · ‎10-25-2022

what is the logs on openconnect Server side?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

StuXan · ‎10-25-2022

I'm not sure even if cisco client can reach to the server but the only type of error log that I'm getting is like:

Oct 25 15:34:06 sv1 rsyslogd: action 'action-0-builtin:omfile' resumed (module 'builtin:omfile') [v8.2112.0 try https://www.rsyslog.com/e/2359 ]
Oct 25 15:34:06 sv1 rsyslogd: action 'action-0-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2112.0 try https://www.rsyslog.com/e/2007 ]
Oct 25 15:34:06 sv1 rsyslogd: action 'action-0-builtin:omfile' suspended (module 'builtin:omfile'), next retry is Tue Oct 25 15:34:36 2022, retry nbr 0. There should be messages before this one giving the reason for suspension. [v8.2112.0 try https://www.rsyslog.com/e/2007 ]
Oct 25 15:34:26 sv1 kernel: [25169.922989] [UFW BLOCK] IN=eth0 OUT= MAC=96:00:01:00:00:00:00:00:00:00:00:00:00:00(I had to change it) src=182.207.219.98(random ip form china which is not my country sounds like crawlers or ddosers) DST=my vps ip LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=20224 PROTO=TCP SPT=37837 DPT=23 WINDOW=47085 RES=0x00 SYN URGP=0
Oct 25 16:21:05 sv1 rsyslogd: action 'action-0-builtin:omfile' suspended (module 'builtin:omfile'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2112.0 try https://www.rsyslog.com/e/2007 ]
Oct 25 16:21:05 sv1 rsyslogd: action 'action-0-builtin:omfile' resumed (module 'builtin:omfile') [v8.2112.0 try https://www.rsyslog.com/e/2359

StuXan · ‎10-25-2022

is there any way to have cisco anyconnect 4.6 on ios devices now? lke ipa files and backup or something. I couldn't find any ipa files for anyconnect 4.6.

StuXan · ‎10-25-2022

I found some good logs on cisco client (service tab) :

abdollahim · ‎10-29-2022

Hello dear friend,

I have exactly the same problem. I configured Debian 11 with ocserv and I can connect with the latest versions of OpenConnect client on windows 10 and android very well. Also, I can connect with Cisco AnyConnect 4.8 Android, but I cannot connect from Cisco AnyConnect v5 on Android and IOS and v4.10 on Windows 10.

Did you finally find out what the problem is?

Please tel me if you got that.

Thanks.

StuXan · ‎10-30-2022

No, I'm currently using a shared proxy of the vpn for ios devices. I haven't tried any fix or debug, since all the big vpn providers that I know haven't found a solution yet. for now the only way is finding ios anyconnect's client v4.6.