1.5.2 vpnc-script.js not working well in Windows

goduck777 commented 6 years ago

Description of the Issue

When upgrading openconnect-gui from 1.5.1 to 1.5.2, the route table setting does not work properly Using juniper network

Specifications

Version: 1.5.2
Platform: Windows10

Steps to Reproduce the Issue

When installing 1.5.2 after uninstalling 1.5.1, the route table cannot be set right and no traffic is through the vpn.

Reinstalling 1.5.1 can make it work well again.

Using the cli version, the log message is

GET https://vpn.pppl.gov/duo
 Attempting to connect to server 192.188.106.249:443
 Connected to 192.188.106.249:443
 SSL negotiation with vpn.pppl.gov
 Connected to HTTPS on vpn.pppl.gov
 Got HTTP response: HTTP/1.1 302 Found
 Location: https://vpn.pppl.gov/dana-na/auth/url_6NdN3mzuDzztY46o/welcome.cgi
 Content-Type: text/html; charset=utf-8
 Set-Cookie: DSSIGNIN=url_6NdN3mzuDzztY46o; path=/dana-na/; expires=Thu, 31-Dec-2037 00:00:00 GMT; secure
 Set-Cookie: DSIVS=; path=/; expires=Thu, 01 Jan 1970 22:00:00 GMT; secure
 Set-Cookie: DSSignInURL=/duo; path=/; secure
 Connection: close
 Content-Length: 0
 HTTP body length:  (0)
 GET https://vpn.pppl.gov/dana-na/auth/url_6NdN3mzuDzztY46o/welcome.cgi
 SSL negotiation with vpn.pppl.gov
 Connected to HTTPS on vpn.pppl.gov
 Got HTTP response: HTTP/1.1 200 OK
 Content-Type: text/html; charset=utf-8
 Date: Mon, 29 Jan 2018 06:22:45 GMT
 Connection: close
 Pragma: no-cache
 Cache-Control: no-store
 Expires: -1
 X-Frame-Options: SAMEORIGIN
 HTTP body http 1.0 (-1)
 SSL socket closed uncleanly
 Ignoring unknown form submit item 'sn-preauth-decline'
 This is a Federal computer system (and/or it is directly connected to a
PPPL local network system) and is the property of the United States
Government. It is for authorized use only. Users (authorized or
unauthorized) have no explicit or implicit expectation of privacy.

Any or all uses of this system and all files on this system may be
intercepted, monitored, recorded, copied, audited, inspected, and
disclosed to authorized site, Department of Energy, and law enforcement
personnel, as well as authorized officials of other agencies, both
domestic and foreign. By using this system, the user consents to such
interception, monitoring, recording, copying, auditing, inspection, and
disclosure at the discretion of authorized site or Department of Energy
personnel.

Unauthorized or improper use of this system may result in administrative
disciplinary action and civil and criminal penalties. By continuing to
use this system you indicate your awareness of and consent to these
terms and conditions of  POST https://vpn.pppl.gov/dana-na/auth/url_6NdN3mzuDzztY46o/welcome.cgi
 SSL negotiation with vpn.pppl.gov
 Connected to HTTPS on vpn.pppl.gov
 Got HTTP response: HTTP/1.1 302 Moved
 Set-Cookie: DSSigninNotif=1; path=/; secure
 Date: Mon, 29 Jan 2018 06:22:45 GMT
 location: https://vpn.pppl.gov/dana-na/auth/url_6NdN3mzuDzztY46o/welcome.cgi?
 Connection: close
 Pragma: no-cache
 Cache-Control: no-store
 Expires: -1
 HTTP body http 1.0 (-1)
 SSL socket closed uncleanly
 GET https://vpn.pppl.gov/dana-na/auth/url_6NdN3mzuDzztY46o/welcome.cgi?
 SSL negotiation with vpn.pppl.gov
 Connected to HTTPS on vpn.pppl.gov
 Got HTTP response: HTTP/1.1 200 OK
 Content-Type: text/html; charset=utf-8
 Date: Mon, 29 Jan 2018 06:22:45 GMT
 x-frame-options: SAMEORIGIN
 Connection: close
 Pragma: no-cache
 Cache-Control: no-store
 Expires: -1
 HTTP body http 1.0 (-1)
 SSL socket closed uncleanly
 frmLogin
 username: cliu
password:
 POST https://vpn.pppl.gov/dana-na/auth/url_6NdN3mzuDzztY46o/login.cgi
 SSL negotiation with vpn.pppl.gov
 Connected to HTTPS on vpn.pppl.gov
 Got HTTP response: HTTP/1.1 302 Moved
 location: https://vpn.pppl.gov/dana-na/auth/url_6NdN3mzuDzztY46o/welcome.cgi?p=user-confirm&id=state_06a95142fc6de60c44e1ca8ee9fc7fee
 Content-Type: text/html; charset=utf-8
 Connection: close
 Pragma: no-cache
 Cache-Control: no-store
 Expires: -1
 HTTP body http 1.0 (-1)
 SSL socket closed uncleanly
 GET https://vpn.pppl.gov/dana-na/auth/url_6NdN3mzuDzztY46o/welcome.cgi?p=user-confirm&id=state_06a95142fc6de60c44e1ca8ee9fc7fee
 SSL negotiation with vpn.pppl.gov
 Connected to HTTPS on vpn.pppl.gov
 Got HTTP response: HTTP/1.1 200 OK
 Content-Type: text/html; charset=utf-8
 Date: Mon, 29 Jan 2018 06:22:57 GMT
 Connection: close
 Pragma: no-cache
 Cache-Control: no-store
 Expires: -1
 X-Frame-Options: SAMEORIGIN
 HTTP body http 1.0 (-1)
 SSL socket closed uncleanly
 Ignoring unknown form submit item 'btnCancel'
 POST https://vpn.pppl.gov/dana-na/auth/url_6NdN3mzuDzztY46o/login.cgi
 SSL negotiation with vpn.pppl.gov
 Connected to HTTPS on vpn.pppl.gov
 Got HTTP response: HTTP/1.1 302 Moved
 Set-Cookie: DSASSERTREF=x; path=/; expires=Thu, 01 Jan 1970 22:00:00 GMT; secure
 Set-Cookie: DSID=ea16617b89d0c8150dc78e03a4da0c51; path=/; secure
 Set-Cookie: DSFirstAccess=1517206977; path=/; secure
 Date: Mon, 29 Jan 2018 06:22:57 GMT
 location: https://vpn.pppl.gov/dana/home/starter0.cgi?check=yes
 Content-Type: text/html; charset=utf-8
 Connection: close
 Pragma: no-cache
 Cache-Control: no-store
 Expires: -1
 Content-Length: 0
 HTTP body length:  (0)
 GET https://vpn.pppl.gov/dana/home/starter0.cgi?check=yes
 SSL negotiation with vpn.pppl.gov
 Connected to HTTPS on vpn.pppl.gov
 Got HTTP response: HTTP/1.1 200 OK
 Content-type: text/html; charset=utf-8
 Set-Cookie: DSLastAccess=1517206977; path=/; Secure
 Connection: close
 Pragma: no-cache
 Cache-Control: no-store
 Expires: -1
 X-Frame-Options: SAMEORIGIN
 HTTP body http 1.0 (-1)
 SSL socket closed uncleanly
 SSL negotiation with vpn.pppl.gov
 Connected to HTTPS on vpn.pppl.gov
 Got HTTP response: HTTP/1.1 200 OK
 Content-type: application/octet-stream
 Pragma: no-cache
 NCP-Version: 3
 Set-Cookie: DSLastAccess=1517206977; path=/; Secure
 Connection: close
 X-Frame-Options: SAMEORIGIN
 SSL negotiation with vpn.pppl.gov
 Connected to HTTPS on vpn.pppl.gov
 Got HTTP response: HTTP/1.1 200 OK
 Content-type: application/octet-stream
 Pragma: no-cache
 NCP-Version: 3
 Set-Cookie: DSLastAccess=1517206977; path=/; Secure
 Connection: close
 X-Frame-Options: SAMEORIGIN
 0000: 16 00 00 04 00 00 00 09 00 6c 6f 63 61 6c 68 6f
 0010: 73 74 bb 01 00 00 00 00
 Got KMP message 301 of size 166
 Unknown TLV group 3 attr 1 len 1: 01
 Unknown TLV group 3 attr 2 len 1: 01
 Received split include route 0.0.0.0/0.0.0.0
 Received MTU 1400 from server
 Received DNS server 192.55.106.5
 Received DNS server 192.55.106.24
 Received DNS search domain pppl.gov
 Unknown TLV group 2 attr 3 len 4: 01 00 00 00
 Received WINS server 255.255.255.255
 Received internal IP address 192.103.13.149
 Received netmask 255.255.255.255
 Received internal gateway address 192.103.13.130
 0000: 24 00 00 00 00 00 00 00 01 2f 01 00 00 00 01 00
 0010: 00 00 00 00 00 10 00 06 00 00 00 0a 00 02 00 00
 0020: 00 04 00 00 05 78
 Set up DTLS failed; using SSL instead
 Connected as 192.103.13.149, using SSL
 Microsoft (R) Windows Script Host Version 5.812
Copyright (C) Microsoft Corporation. All rights reserved.

Opened tun device Ethernet 3
 TAP-Windows driver v9.21 (0)
 Microsoft (R) Windows Script Host Version 5.812
Copyright (C) Microsoft Corporation. All rights reserved.

<<-- [EXEC] route print
===========================================================================
Interface List
 25...00 28 f8 0a 69 e2 ......Microsoft Wi-Fi Direct Virtual Adapter
 11...00 ff 20 e1 31 f1 ......TAP-Windows Adapter V9
 23...00 ac 13 96 20 fc ......VPN Client Adapter - VPN
  9...00 28 f8 0a 69 e1 ......Intel(R) Dual Band Wireless-AC 8265
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.166     41
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link     192.168.0.166    296
    192.168.0.166  255.255.255.255         On-link     192.168.0.166    296
    192.168.0.255  255.255.255.255         On-link     192.168.0.166    296
  192.188.106.249  255.255.255.255      192.168.0.1    192.168.0.166     41
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.0.166    296
        224.0.0.0        240.0.0.0         On-link                 b    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.0.166    296
  255.255.255.255  255.255.255.255         On-link                 b    291
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
  9    296 fe80::/64                On-link
 11    291 fe80::/64                On-link
 11    291 fe80::3146:2bb3:dd97:956d/128
                                    On-link
  9    296 fe80::80df:3819:2d5e:b16c/128
                                    On-link
  1    331 ff00::/8                 On-link
  9    296 ff00::/8                 On-link
 11    291 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

-->> (exitCode: 0)
Default Gateway:192.168.0.1
VPN Gateway: 192.188.106.249
Internal Address: 192.103.13.149
Internal Netmask: 255.255.255.255
Internal Gateway: 192.103.13.150
Interface idx: "11" ("Ethernet 3")
<<-- [EXEC] route add 192.188.106.249 mask 255.255.255.255 192.168.0.1
The route addition failed: The object already exists.

-->> (exitCode: 0)
MTU: 1400
<<-- [EXEC] netsh interface ipv4 set subinterface "11" mtu=1400 store=active
Ok.

-->> (exitCode: 0)
Configuring "11" interface for Legacy IP...
<<-- [EXEC] netsh interface ip set interface "11" metric=1
Ok.

-->> (exitCode: 0)
<<-- [EXEC] netsh interface ip set address "11" static 192.103.13.149 255.255.255.255

-->> (exitCode: 0)
<<-- [EXEC] netsh interface ip add wins "11" 255.255.255.255 index=1
The parameter is incorrect.

-->> (exitCode: 1)
<<-- [EXEC] netsh interface ip add dns "11" 192.55.106.5 index=1
Failed to spawn script 'c:\Program Files (x86)\OpenConnect-GUI\vpnc-script.js' for connect: The operation completed successfully.
 Incoming KMP message 300 of size 104 (got 104)
 Incoming KMP message 300 of size 71 (got 71)
 Incoming KMP message 300 of size 40 (got 40)
 Incoming KMP message 300 of size 40 (got 40)
 Incoming KMP message 300 of size 135 (got 135)
 Incoming KMP message 300 of size 135 (got 135)
 Incoming KMP message 300 of size 135 (got 135)
 Incoming KMP message 300 of size 135 (got 135)
 0000: a3 00 00 00 00 00 00 00 01 2c 01 00 00 00 01 00
 0010: 00 00 00 00 00 8f 60 06 2c ae 00 67 11 01 fe 80
 0020: 00 00 00 00 00 00 31 46 2b b3 dd 97 95 6d ff 02
 0030: 00 00 00 00 00 00 00 00 00 00 00 01 00 02 02 22
 0040: 02 23 00 67 e1 50 01 53 63 5d 00 08 00 02 00 00
 0050: 00 01 00 0e 00 01 00 01 1f d6 2f 1d 00 28 f8 0a
 0060: 69 e1 00 03 00 0c 0b 00 ff 20 00 00 00 00 00 00
 0070: 00 00 00 27 00 11 00 0f 44 45 53 4b 54 4f 50 2d
 0080: 39 4e 46 30 4e 4b 43 00 10 00 0e 00 00 01 37 00
 0090: 08 4d 53 46 54 20 35 2e 30 00 06 00 08 00 11 00
 00a0: 17 00 18 00 27

goduck777 commented 6 years ago

Using the 1.5.1 vpnc-script.js file can make it work. So the problems lie in the script file.