Summary: | Не работает "из коробки" NetworkManager-openconnect | ||
---|---|---|---|
Product: | Sisyphus | Reporter: | AEN <aen> |
Component: | NetworkManager-openconnect | Assignee: | Alexey Shabalin <shaba> |
Status: | NEW --- | QA Contact: | qa-sisyphus |
Severity: | normal | ||
Priority: | P3 | CC: | boyarsh, lav, lkanter, sem, shaba |
Version: | unstable | ||
Hardware: | all | ||
OS: | Linux | ||
See Also: | https://bugzilla.altlinux.org/show_bug.cgi?id=39203 |
Description
AEN
2019-09-20 16:28:50 MSK
Алексей, прошу проверить. На сервере стоит пакет ocserv из CentOS 7. Протокол подключения из командной строки с включенным дампом до запроса пароля: # openconnect -vvv --dump https://vpn-atm.corp.cloudlinux.com/ POST https://vpn-atm.corp.cloudlinux.com/ Attempting to connect to server 77.79.198.23:443 Connected to 77.79.198.23:443 SSL negotiation with vpn-atm.corp.cloudlinux.com Connected to HTTPS on vpn-atm.corp.cloudlinux.com > POST / HTTP/1.1 > Host: vpn-atm.corp.cloudlinux.com > User-Agent: Open AnyConnect VPN Agent v8.05 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > X-Aggregate-Auth: 1 > X-AnyConnect-Platform: linux-64 > X-Support-HTTP-Auth: true > X-Pad: 00000000000000000000000000000000000 > Content-Type: application/x-www-form-urlencoded > Content-Length: 221 > > <?xml version="1.0" encoding="UTF-8"?> > <config-auth client="vpn" type="init"><version who="vpn">v8.05</version><device-id>linux-64</device-id><group-access>https://vpn-atm.corp.cloudlinux.com</group-access></config-auth> Got HTTP response: HTTP/1.1 401 Unauthorized X-HTTP-Auth-Support: fallback WWW-Authenticate: Negotiate Content-Length: 0 HTTP body length: (0) Error generating GSSAPI response: gss_init_sec_context(): Unspecified GSS failure. Minor code may provide more information gss_init_sec_context(): SPNEGO cannot find mechanisms to negotiate Server 'vpn-atm.corp.cloudlinux.com' requested Basic authentication which is disabled by default GET https://vpn-atm.corp.cloudlinux.com/ Attempting to connect to server 77.79.198.23:443 Connected to 77.79.198.23:443 SSL negotiation with vpn-atm.corp.cloudlinux.com Connected to HTTPS on vpn-atm.corp.cloudlinux.com > GET / HTTP/1.1 > Host: vpn-atm.corp.cloudlinux.com > User-Agent: Open AnyConnect VPN Agent v8.05 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > X-Support-HTTP-Auth: true > Got HTTP response: HTTP/1.1 401 Unauthorized X-HTTP-Auth-Support: fallback WWW-Authenticate: Negotiate Content-Length: 0 HTTP body length: (0) No more authentication methods to try GET https://vpn-atm.corp.cloudlinux.com/ > GET / HTTP/1.1 > Host: vpn-atm.corp.cloudlinux.com > User-Agent: Open AnyConnect VPN Agent v8.05 > Accept: */* > Accept-Encoding: identity > X-Transcend-Version: 1 > Got HTTP response: HTTP/1.1 200 OK Set-Cookie: webvpncontext=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; Secure Content-Type: text/xml Content-Length: 306 X-Transcend-Version: 1 HTTP body length: (306) < <?xml version="1.0" encoding="UTF-8"?> < <config-auth client="vpn" type="auth-request"> < <version who="sg">0.1(1)</version> < <auth id="main"> < <message>Please enter your username.</message> < <form method="post" action="/auth"> < <input type="text" name="username" label="Username:" /> < </form></auth> < </config-auth> Please enter your username. Username: Могу предположить, что мешает первая попытка использовать Basic authentication, видимо плагин не умеет обрабатывать такую ситуацию. Возможно если на сервере выключить Basic authentication, то заработает. Но надо проверять. |