Unexpected response of size 3 after hostname packet
zhangdaolong opened this issue · 1 comments
Problem description
- I ran openconnect-gp as follows:
./openconnect --juniper https://sslvpn.xxxxx.com --os=linux-64 --user xxxxx -vvvvvvv --protocol=nc
the error out
Content-type: text/html; charset=utf-8
Set-Cookie: DSLastAccess=1578762307; path=/; Secure
Pragma: no-cache
Cache-Control: no-store
Expires: -1
Transfer-Encoding: chunked
HTTP body chunked (-2)
Got HTTP response: HTTP/1.1 200 OK
Content-type: application/octet-stream
Pragma: no-cache
NCP-Version: 2
Set-Cookie: DSLastAccess=1578762307; path=/; Secure
Connection: close
> 0000: 11 00 00 04 00 00 00 04 00 6c 64 7a 68 bb 01 00 |.........ldzh...|
> 0010: 00 00 00 |...|
Read 3 bytes of SSL record
< 0000: 00 00 01 |...|
Unexpected response of size 3 after hostname packet
Creating SSL connection failed
Operating system and openconnect-gp version
openconnect-gp version:
./openconnect --version
OpenConnect version v8.05-87-g6ec20dea
Using GnuTLS. Features present: PKCS#11, HOTP software token, TOTP software token, System keys, DTLS, ESP
Supported protocols: anyconnect (default), nc, gp, pulse
operating system
5.2.0-kali2-amd64 #1 SMP Debian 5.2.9-2kali1 (2019-08-22) x86_64 GNU/Linux
GlobalProtect VPN information
<!--
Run openconnect with the highest verbosity, and dump all HTTP traffic:
openconnect --dump-http-traffic -vvvv
Compare its output with the anonymized GlobalProtect VPN connection flow shown here:
https://gist.github.com/dlenski/5046e5f934ac111e8d8718fc10c25703
Include as much of the HTTP traffic as you can here. Don't forget to anonymize sensitive
information, especially:
- username
- password
- authcookie
- ESP keys
- external IP addresses
-->
First, this isn't GlobalProtect-related and applies equally to the upstream official OpenConnect. It should be reported upstream: https://gitlab.com/openconnect/openconnect/issues
When you create an issue there, you should provide more information about what client software does work with this VPN. For example, what version of the official Juniper Network Connect client for Windows, or what version of the official Junos Pulse client for macOS does allow you to connect with this VPN?
Secondly, this appears to be a duplicate of #113 (same 3-byte error packet 00 00 01
at same point in the flow). This response indicates an error (01
) and no response content (00 00
):
Read 3 bytes of SSL record
< 0000: 00 00 01 |...|