Closed qaiwiz closed 1 year ago
Are you using ipv6? Accessing the server from a single ipv4 is enough. Also try to test another versions of client apps as they said in this issue.
https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/-/issues/63
Sent from Proton Mail for iOS
On Thu, Jan 26, 2023 at 11:59 AM, qaiwiz @.***> wrote:
I am running docker on my VPS with Ubuntu 18.04.6 LTS , I test with "openconnect -v $myhostIP" command on my mac (the behavior is the same on my android phone) but for some reason after asking for user and pass it returns this error. Here is the tail of connection log: (I have redacted THE_KEY)
Got HTTP response: HTTP/1.1 200 OK Connection: Keep-Alive Content-Type: text/xml Content-Length: 189 X-Transcend-Version: 1 Set-Cookie: webvpncontext=ALV+Xl8mSC6ClMtGD7e0Ed9eBYpUet6upEB3XhLLjoM=; Secure Set-Cookie: webvpn=; Secure Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; Secure Set-Cookie: webvpnc=bu:/&p:t&iu:1/&sh:THE_KEY.; path=/; Secure HTTP body length: (189) Got inappropriate HTTP CONNECT response: HTTP/1.1 401 Cookie is not acceptable Creating SSL connection failed Cookie was rejected by server; exiting.
I am not sure if it is related to ipv6, but shouldn't ipv6 be disabled in sysctl?
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.Message ID: @.***>
استاد ipv6 هم میشه تو سرور ست کرد ؟ بلاک شدنش کمتره اره ؟
استاد ipv6 هم میشه تو سرور ست کرد ؟ بلاک شدنش کمتره اره ؟
I think it's possible, but I have never done this before.
Are you using ipv6? Accessing the server from a single ipv4 is enough. Also try to test another versions of client apps as they said in this issue. https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/-/issues/63 Sent from Proton Mail for iOS … On Thu, Jan 26, 2023 at 11:59 AM, qaiwiz @.> wrote: I am running docker on my VPS with Ubuntu 18.04.6 LTS , I test with "openconnect -v $myhostIP" command on my mac (the behavior is the same on my android phone) but for some reason after asking for user and pass it returns this error. Here is the tail of connection log: (I have redacted THE_KEY) Got HTTP response: HTTP/1.1 200 OK Connection: Keep-Alive Content-Type: text/xml Content-Length: 189 X-Transcend-Version: 1 Set-Cookie: webvpncontext=ALV+Xl8mSC6ClMtGD7e0Ed9eBYpUet6upEB3XhLLjoM=; Secure Set-Cookie: webvpn=; Secure Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; Secure Set-Cookie: webvpnc=bu:/&p:t&iu:1/&sh:THE_KEY.; path=/; Secure HTTP body length: (189) Got inappropriate HTTP CONNECT response: HTTP/1.1 401 Cookie is not acceptable Creating SSL connection failed Cookie was rejected by server; exiting. I am not sure if it is related to ipv6, but shouldn't ipv6 be disabled in sysctl? — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.Message ID: @.>
Not really, I am testing with "openconnect -v --disable-ipv6 --no-dtls $myhostip" on my mac to ensure that I am not using ipv6, it returns the same error message after asking user and pass. I should mention that I am connecting this server using stunnel with no problem, but openconnect fails to connect.
I am wondering: 1) what is expected HTTP connect response? Is there any desired, specific acceptable pattern, or criteria (eg, expected format)? 2) How can I retrieve what is delivered "HTTP CONNECT response"? Thanks.
I am wondering:
- what is expected HTTP connect response? Is there any desired, specific acceptable pattern, or criteria (eg, expected format)?
- How can I retrieve what is delivered "HTTP CONNECT response"? Thanks.
As I know, it is not open source, so you can only check logs through client application or maybe somewhere in your server. Have you checked the client logs while trying to connect to the server?
mmm, logs returns the same message while trying to connect using my phone, for example. I am just wondering is it me that is having this problem?
Try different ISPs, or ask your friends to test and send you their logs.
Same here.
Server: Ubuntu 22.04.1 LTS. Clients: OpenConnect and AnyConnect on Android, iOS, Windows, Ubuntu Desktop and MacOS.
Tested on multiple ISPs.
It used to work weeks ago. Any idea?
Same here.
Server: Ubuntu 22.04.1 LTS. Clients: OpenConnect and AnyConnect on Android, iOS, Windows, Ubuntu Desktop and MacOS.
Tested on multiple ISPs.
It used to work weeks ago. Any idea?
Not really, It's based on the gov infrastructure. Check out the other issues. i.e. here.
I see. Yet found this repo, which works. I'm not a network expert, so don't know the difference.
Also there is a note here, which says:
Syntax Error
If you see the following error when trying to establish VPN connection, it’s probably because there’s a syntax error in your ocserv config file. Check the journal (sudo journalctl -eu ocserv) to find out.
Got inappropriate HTTP CONNECT response: HTTP/1.1 401 Cookie is not acceptable.
Thank you. It's strange that it was working fine a few weeks ago, and now it does not work because of a syntax error. BTW Thanks for your report.
Since it is closed, does it mean any error is resolved, or nothing can be done? Thanks.
Since it is closed, does it mean any error is resolved, or nothing can be done? Thanks.
Honestly nothing can be done, because it depends on ISP and server providers.
I am running docker on my VPS with Ubuntu 18.04.6 LTS , I test with "openconnect -v $myhostIP" command on my mac (the behavior is the same on my android phone) but for some reason after asking for user and pass it returns this error. Here is the tail of connection log: (I have redacted THE_KEY)
Got HTTP response: HTTP/1.1 200 OK Connection: Keep-Alive Content-Type: text/xml Content-Length: 189 X-Transcend-Version: 1 Set-Cookie: webvpncontext=ALV+Xl8mSC6ClMtGD7e0Ed9eBYpUet6upEB3XhLLjoM=; Secure Set-Cookie: webvpn=; Secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; Secure
Set-Cookie: webvpnc=bu:/&p:t&iu:1/&sh:THE_KEY.; path=/; Secure
HTTP body length: (189)
Got inappropriate HTTP CONNECT response: HTTP/1.1 401 Cookie is not acceptable
Creating SSL connection failed
Cookie was rejected by server; exiting.
I am not sure if it is related to ipv6, but shouldn't ipv6 be disabled in sysctl?