AnyConnect Android app asks for username/password

[sammoth]

I have followed the Android instructions on the OpenConnect page on Streisand. After step 21 (Tap Connect on the group selection screen), the app prompts me for a username/password and won't connect if I enter nothing. Have I done something wrong?

Thanks

[cpu]

@alimakki @jlund Have either of you used AnyConnect on Android (or otherwise) recently?

[alimakki]

@cpu Recently when I tested the revert to 0.11.7, seemed to work fine on my end. Looking back setting up AnyConnect is a somewhat involved processes and its easy to overlook a step which I have done several times.

OP may also need to spin up a new instance in case the version of ocserv installed is 0.11.8

[sammoth]

I'm using a fresh install and it's definitely the right version:

# ocserv --version
ocserv 0.11.7

I reset the app and ran through the steps again carefully and got the same, so I definitely think it is not working as expected.

This isn't important to me as I have OpenVPN running now instead.

[alimakki]

@sammoth seems odd. In any case I'll give it another go tomorrow.

[HougeLangley]

Same issue happen in my phone. I used linux client configure user name and password connect success.

[alimakki]

Very odd. I was testing today and it appears to be working on my end.

[jrodrigosm]

Hi, I just installed AnyConnect on my Android phone today, and I'm having the same issue when starting the AnyConnect VPN: I'm being prompted for user/password.

The streisand server was installed last week, so it's quite recent.

I don't really know what to do, but if you give me some pointers I'm willing to help. I can even (privately) share my server credentials (I will spin up a new one afterwards).

I'm running version 4.0.09030 of AnyConnect, on Android 7.1.1.

[alimakki]

@jrodrigosm can you let me know the result of git rev-parse HEAD on your streisand directory?

[nopdotcom]

I feel your pain.

(This is not exactly a stock Samsung 6.0 ROM, so I’ll try this in the simulator later.)

This is a deployment against 9cc77832 in nopdotcom/streisand, which is a null diff to jlund/streisand 24841095.

[jrodrigosm]

Running git rev-parse HEAD on my local copy of the streisand repo gives f2bd962f3541b370fca5d1ca5a0ac06ac4399030

[dcava]

Same issue here on new install with stock Pixel android - username is asked.

Works fine from Mac openconnect client (albeit with certificate errors - hostname mismatch).

Any new changes in the Anyconnect app recently?

[alimakki]

@dcava There has been (on iOS), which has been updated to use the latest VPN framework. Legacy AnyConnect works as intended.

Edit: Didn't notice you mentioned pixel. My Android device is running 6.0 but I can't seem to be able to reproduce the issue on my end :(

[nopdotcom]

If you’re seeing this problem, it would be interesting to see if it existed on a second (temporary) server deployed from the same source tree to the same place.

[cpu]

As of yet no one has been able to identify the root cause of this but @nopdotcom has documented a workaround in master as of today.

[dcava]

@nopdotcom Can confirm same issue on a gcloud deployment and vultr deployment on new servers.

Confirm the workaround using "streisand" and the ocserv password from the config works.

Looking through the AnyConnect logs, the only things I can see are:

No profile available for host X
certAuthHasFailed
Certificate authentication requested from gateway, no valid certs found in users cert store.

Message type prompt sent to user: Please enter your password

But not really sure how significant....

[alimakki]

There's an alternative OpenConnect app on the play store that should be more cooperative; it seemed to work fine during my testing with the additional benefit of being able to configure the client to use PFS.

[or2me]

first,

ocpasswd -c /etc/ocserv/ocpasswd MY_name

set a new user with a simple password

then

/etc/init.d/ocserv restart

so you can login with a shorter username/password now .