Open sammoth opened 7 years ago
@alimakki @jlund Have either of you used AnyConnect on Android (or otherwise) recently?
@cpu Recently when I tested the revert to 0.11.7, seemed to work fine on my end. Looking back setting up AnyConnect is a somewhat involved processes and its easy to overlook a step which I have done several times.
OP may also need to spin up a new instance in case the version of ocserv installed is 0.11.8
I'm using a fresh install and it's definitely the right version:
# ocserv --version
ocserv 0.11.7
I reset the app and ran through the steps again carefully and got the same, so I definitely think it is not working as expected.
This isn't important to me as I have OpenVPN running now instead.
@sammoth seems odd. In any case I'll give it another go tomorrow.
Same issue happen in my phone. I used linux client configure user name and password connect success.
Very odd. I was testing today and it appears to be working on my end.
Hi, I just installed AnyConnect on my Android phone today, and I'm having the same issue when starting the AnyConnect VPN: I'm being prompted for user/password.
The streisand server was installed last week, so it's quite recent.
I don't really know what to do, but if you give me some pointers I'm willing to help. I can even (privately) share my server credentials (I will spin up a new one afterwards).
I'm running version 4.0.09030 of AnyConnect, on Android 7.1.1.
@jrodrigosm can you let me know the result of git rev-parse HEAD
on your streisand directory?
I feel your pain.
(This is not exactly a stock Samsung 6.0 ROM, so I’ll try this in the simulator later.)
This is a deployment against 9cc77832 in nopdotcom/streisand, which is a null diff to jlund/streisand 24841095.
Running git rev-parse HEAD
on my local copy of the streisand repo gives f2bd962f3541b370fca5d1ca5a0ac06ac4399030
Same issue here on new install with stock Pixel android - username is asked.
Works fine from Mac openconnect client (albeit with certificate errors - hostname mismatch).
Any new changes in the Anyconnect app recently?
@dcava There has been (on iOS), which has been updated to use the latest VPN framework. Legacy AnyConnect works as intended.
Edit: Didn't notice you mentioned pixel. My Android device is running 6.0 but I can't seem to be able to reproduce the issue on my end :(
If you’re seeing this problem, it would be interesting to see if it existed on a second (temporary) server deployed from the same source tree to the same place.
As of yet no one has been able to identify the root cause of this but @nopdotcom has documented a workaround in master as of today.
@nopdotcom Can confirm same issue on a gcloud deployment and vultr deployment on new servers.
Confirm the workaround using "streisand" and the ocserv password from the config works.
Looking through the AnyConnect logs, the only things I can see are:
No profile available for host X
certAuthHasFailed
Certificate authentication requested from gateway, no valid certs found in users cert store.
Message type prompt sent to user: Please enter your password
But not really sure how significant....
There's an alternative OpenConnect app on the play store that should be more cooperative; it seemed to work fine during my testing with the additional benefit of being able to configure the client to use PFS.
first,
ocpasswd -c /etc/ocserv/ocpasswd MY_name
set a new user with a simple password
then
/etc/init.d/ocserv restart
so you can login with a shorter username/password now .
I have followed the Android instructions on the OpenConnect page on Streisand. After step 21 (Tap Connect on the group selection screen), the app prompts me for a username/password and won't connect if I enter nothing. Have I done something wrong?
Thanks