Demo Forum Go back to the main website
No internet connection
  1. Home
  2. General

I can no longer work from home over VPN ?

By @Magnus
    2018-05-30 13:54:17.125Z

    I can no longer connect to our VPN server and work from home. Today the server suddenly asks me to run a 'Cisco Secure Desktop' trojan, and I've configured OpenConnect to do this (both via a GUI dialog, and the --csd-user command line option to openconnect), still I'm no longer able to get the VPN connection working.

    The VPN connection log ends with these four lines repeated over and over again:

    GET https://vpn.server.com/+CSCOE+/sdesktop/wait.html
    SSL negotiation with vpn.server.com
    Connected to HTTPS on vpn.server.com
    Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
    

    Do you have any idea about what's happening or how I can fix this?

    Would you guess that the problem is a VPN server side configuration change? The 'Cisco Secure Desctop' script perhaps? The VPN server has never asked me to run the 'Cisco Secure Desktop' script before, when I was able to connect. — Or do you think my OS has upgraded OpenConnect to a somehow incompatible version?

    "Refreshing .../sdesktop/wait.html", what's that, why? And +CSCOE+, sounds weird.

    My OS: Linux Mint 17. OpenConnect version v5.02. Other people are able to connect to the VPN server — they use Mac or Windows, not Linux, though.

    Here's the full OpenConnect log:

    POST https://vpn.server.com/
    Attempting to connect to server 111.222.333.444:443
    Using client certificate 'My-Full-Name'
    Adding supporting CA 'TC TrustCenter Class 2 L1 CA XI'
    SSL negotiation with vpn.server.com
    Connected to HTTPS on vpn.server.com
    Got HTTP response: HTTP/1.0 302 Object Moved
    GET https://vpn.server.com/
    Attempting to connect to server 111.222.333.444:443
    SSL negotiation with vpn.server.com
    Connected to HTTPS on vpn.server.com
    Got HTTP response: HTTP/1.0 302 Object Moved
    GET https://vpn.server.com/+webvpn+/index.html
    SSL negotiation with vpn.server.com
    Connected to HTTPS on vpn.server.com
    GET https://vpn.server.com/CACHE/sdesktop/install/binaries/sfinst
    GET https://vpn.server.com/+CSCOE+/sdesktop/wait.html
    Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
    GET https://vpn.server.com/+CSCOE+/sdesktop/wait.html
    SSL negotiation with vpn.server.com
    Connected to HTTPS on vpn.server.com
    Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
    GET https://vpn.server.com/+CSCOE+/sdesktop/wait.html
    SSL negotiation with vpn.server.com
    Connected to HTTPS on vpn.server.com
    Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
    GET https://vpn.server.com/+CSCOE+/sdesktop/wait.html
    SSL negotiation with vpn.server.com
    Connected to HTTPS on vpn.server.com
    Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
    GET https://vpn.server.com/+CSCOE+/sdesktop/wait.html
    SSL negotiation with vpn.server.com
    Connected to HTTPS on vpn.server.com
    Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
    (... continues forever)
    

    Edit With the -v (verbose) flag, openconnect keeps repeating these lines:

    $ openconnect -v -c cert.pem --csd-user=kajmagnus vpn.example.com
    ...
    GET https://vpn.example.com/+CSCOE+/sdesktop/wait.html
    SSL negotiation with vpn.example.com
    Connected to HTTPS on vpn.example.com
    Got HTTP response: HTTP/1.1 200 OK
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Cache-Control: no-cache
    Pragma: no-cache
    Connection: Close
    Date: Thu, 06 Nov 2014 11:10:18 GMT
    HTTP body chunked (-2)
    Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
    
    Solved in post #5, click to view
    • 24 replies

    There are 24 replies. Estimated reading time: 4 minutes

    1. A
      @achara
        2018-05-30 13:59:41.356Z

        Try wrapping the 'Cisco Secure Desktop' script in a shell script, via the --csd-wrapper option, like so:

        #!/bin/bash -x
        exec 2>&1 > /dev/null
        CSD_BINARY="$1"
        shift
        $CSD_BINARY "$@"
        

        You can read more here -- apparently there's something wrong about how OpenConnect calls the binary.

        1. M@Magnus
            2018-05-30 14:46:32.579Z

            Thanks! This didn't have any effect though.

          • T
            In reply toMagnus:
            Thamas Davis @thamas
              2018-05-30 14:07:44.134Z

              You could try adding --no-xmlpost. It makes OpenConnect behave more like older versions, maybe some compatibility issue.

              1. M@Magnus
                  2018-05-30 14:47:06.467Z

                  This didn't help. Thanks anyway

                  1. NNovica Jajcanin @Novica
                      2019-02-02 10:18:41.177Z

                      Nobody knkws this...

                      1. C@coolio312
                          2021-07-15 15:20:08.104Z

                          Interesting

                          1. C@coolio312
                              2021-07-15 15:20:23.228Z

                              How many levels

                        • In reply tothamas:
                          GRobe tus @Gdjwjd
                            2020-05-02 20:47:07.598Z
                            1. K@KajMagnus
                                2020-06-16 06:32:59.832Z

                                Twitter tweet embeds will work soon, in 1 or 2 weeks (mostly just code review left now).

                            2. Y
                              In reply toMagnus:
                              Ying Yue @ying
                                2018-05-30 14:15:06.387Z

                                Are you using the Cisco Secure Desktop trojan? You may need 32-bit libraries for it, if your OS is 64 bit. Here's how to add that: https://wiki.debian.org/FAQsFromDebianUser#Multiarch

                                1. M@Magnus
                                    2018-05-30 14:47:28.615Z

                                    Apparently my OS already has that:

                                    $ dpkg --print-foreign-architectures
                                    i386
                                  • A
                                    In reply toMagnus:
                                    Arjana Mwanaj @arjana
                                      2018-05-30 14:22:53.787Z2018-05-31 06:49:08.051Z

                                      The VPN server no longer supports Linux. You can run Windows in a virtual machine, and login and work from home, in the VM. Here're our Windows installers: //nfs02/os/win11/iso/

                                      Reply7 LikesSolution
                                      1. M@Magnus
                                          2018-05-30 14:49:18.170Z

                                          Thanks, this works. I've logged in via Windows in a VM and I'm working from home again now. But why isn't Linux supported any longer?

                                          1. AArjana Mwanaj @arjana
                                              2018-05-30 14:51:55.876Z

                                              Company wide policy. Only Windows and Mac allowed in the future, someone has decided that the company cannot support other OSes for security reasons

                                              1. QLafif Astahdziq @qutek
                                                  2020-03-28 07:39:05.635Z

                                                  tes

                                                • In reply toMagnus:
                                                  EIsmail Adegbenga @euler
                                                    2020-11-19 21:08:12.559Z

                                                    Hello Magnus

                                                  • In reply toarjana:
                                                    TThimira Thenuwara @thimiramt
                                                      2020-04-11 18:57:05.914Z

                                                      test comment

                                                    • F
                                                      In reply toMagnus:
                                                      @fatboyfoy
                                                        2020-12-06 22:50:47.512Z
                                                        1. D
                                                          In reply toMagnus:
                                                          ABC @darshana
                                                            2021-01-31 11:34:59.367Z

                                                            සිම්හල

                                                            1. P
                                                              In reply toMagnus:
                                                              Papa Dam @papadam
                                                                2021-03-21 16:27:14.907Z

                                                                Ding dong, the witch is dead.

                                                                1. T2
                                                                  In reply toMagnus:
                                                                  ttt @ttt
                                                                    2021-03-28 19:24:24.862Z

                                                                    Comment test :

                                                                    1. T2ttt @ttt
                                                                        2021-03-28 19:24:38.996Z

                                                                        reply on reply !

                                                                      • J
                                                                        In reply toMagnus:
                                                                        Juan Ma @juanmagr
                                                                          2021-09-23 12:32:32.524Z

                                                                          Test

                                                                          1. E2
                                                                            In reply toMagnus:
                                                                            @enjutomojamuto
                                                                              2021-10-01 15:11:04.843Z

                                                                              This is an example:

                                                                              1. Progress
                                                                              2. K@KajMagnuspinned this topic 2020-01-13 20:13:43.373Z.