dlenski/openconnect

Unexpected response of size 3 after hostname packet

zhangdaolong opened this issue · 1 comments

zhangdaolong commented

Problem description

  1. I ran openconnect-gp as follows: ./openconnect --juniper https://sslvpn.xxxxx.com --os=linux-64 --user xxxxx -vvvvvvv --protocol=nc

the error out

Content-type: text/html; charset=utf-8
Set-Cookie: DSLastAccess=1578762307; path=/; Secure
Pragma: no-cache
Cache-Control: no-store
Expires: -1
Transfer-Encoding: chunked
HTTP body chunked (-2)
Got HTTP response: HTTP/1.1 200 OK
Content-type: application/octet-stream
Pragma: no-cache
NCP-Version: 2
Set-Cookie: DSLastAccess=1578762307; path=/; Secure
Connection: close
> 0000:  11 00 00 04 00 00 00 04  00 6c 64 7a 68 bb 01 00  |.........ldzh...|
> 0010:  00 00 00                                          |...|
Read 3 bytes of SSL record
< 0000:  00 00 01                                          |...|
Unexpected response of size 3 after hostname packet
Creating SSL connection failed
`

Operating system and openconnect-gp version

openconnect-gp version:

    ./openconnect --version
OpenConnect version v8.05-87-g6ec20dea
Using GnuTLS. Features present: PKCS#11, HOTP software token, TOTP software token, System keys, DTLS, ESP
Supported protocols: anyconnect (default), nc, gp, pulse

operating system

   5.2.0-kali2-amd64 #1 SMP Debian 5.2.9-2kali1 (2019-08-22) x86_64 GNU/Linux

GlobalProtect VPN information

<!--
    Run openconnect with the highest verbosity, and dump all HTTP traffic:

       openconnect --dump-http-traffic -vvvv

    Compare its output with the anonymized GlobalProtect VPN connection flow shown here:

       https://gist.github.com/dlenski/5046e5f934ac111e8d8718fc10c25703

    Include as much of the HTTP traffic as you can here. Don't forget to anonymize sensitive
    information, especially:
       - username
       - password
       - authcookie
       - ESP keys
       - external IP addresses
-->
dlenski commented

First, this isn't GlobalProtect-related and applies equally to the upstream official OpenConnect. It should be reported upstream: https://gitlab.com/openconnect/openconnect/issues

When you create an issue there, you should provide more information about what client software does work with this VPN. For example, what version of the official Juniper Network Connect client for Windows, or what version of the official Junos Pulse client for macOS does allow you to connect with this VPN?

Secondly, this appears to be a duplicate of #113 (same 3-byte error packet 00 00 01 at same point in the flow). This response indicates an error (01) and no response content (00 00):

Read 3 bytes of SSL record
< 0000: 00 00 01 |...|