search

Gilks / hostscan-bypass

Generate OpenConnect CSD files to bypass Cisco AnyConnect hostscan requirements
247 stars 46 forks source link

Getting the below error #9

Closed ghost closed 4 years ago

ghost commented 4 years ago

Hi, I have successfully created the csd wrapper script in windows. But when I run it in my linux box and try to connect to the vpn client with openconnect. I get the below error after giving user name and password.

The following issues have been found with your endpoint:

[CC] VPN Client not allowed

Any insights ?

Gilks commented 4 years ago

Sounds like they are performing some sort of VPN Client verification. If I had to guess, I would say they are likely parsing out the user-agent string and using that. The question is whether it is a blacklist or a whitelist.

If it's a blacklist then the rule probably says something like "block the openconnect user-agent". If that's the case then specifying --useragent=test would bypass the check.

If it's a whitelist then you'll need to know the AnyConnect user-agent for approved clients. Since you generated the CSD file, take a look inside of it and grab your client version. It'll probably look like this useragent="AnyConnect Windows X.X.XXXXX". Then use the same --useragent OpenConnect argument to connect.

ghost commented 4 years ago

Thanks @Gilks , I was able to login after setting the --useragent, but alas no options like "User Agent" for that to be set in NetworkManager settings to login from gnome, but i can login from terminal.

Thank you so much