horar
commented
5 years ago Thanks for report. Could you please try it with bundled console client? (in admin terminal) - just to identify the source of problem (gui or library). Thanks.
Open rawIce opened 5 years ago
horar
commented
5 years ago Thanks for report. Could you please try it with bundled console client? (in admin terminal) - just to identify the source of problem (gui or library). Thanks.
rawIce
commented
5 years ago thanks for your response. I just tested inside command prompt, the result looks similar.
Route configuration done. ... DTLS Dead Peer Detection detected dead peer! SSL read error: Error in the pull function.; reconnecting. ... Failed to reconnect to host some.host.de: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. sleep 60s, remaining timeout 750s Failed to reconnect to host some.host.de: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. sleep 70s, remaining timeout 690s SSL negotiation with some.host.de Connected to HTTPS on some.host.de Got inappropriate HTTP CONNECT response: HTTP/1.1 401 Unauthorized Cookie is no longer valid, ending session Reconnect failed ... Cookie was rejected on reconnection; exiting.
horar
commented
5 years ago looks like openconnect library issue. Could you please try the last openconnect-gui snapshot (2019.01.18) from here: https://github.com/openconnect/openconnect-gui/blob/develop/docs/snapshots.md
if it will not help, then please raise issue in openconnect library project: https://gitlab.com/openconnect/openconnect/issues
rawIce
commented
5 years ago with that build I am able to pipe the password into command line (probably due to fix in version 8.00 - an other issue I have not mentioned so far) but the issue I have reported here regarding reconnection stays the same.
Send CSTP DPD Got CSTP DPD response Send CSTP DPD Send CSTP DPD SSL read error: Error in the pull function.; reconnecting. Microsoft (R) Windows Script Host Version 5.8 Copyright (C) Microsoft Corporation. All rights reserved. ... Failed to reconnect to host some.host.de: A connection attempt failed beca use the connected party did not properly respond after a period of time, or esta blished connection failed because connected host has failed to respond. sleep 70s, remaining timeout 690s Microsoft (R) Windows Script Host Version 5.8 Copyright (C) Microsoft Corporation. All rights reserved. . SSL negotiation with some.host.de Connected to HTTPS on some.host.de Got inappropriate HTTP CONNECT response: HTTP/1.1 401 Unauthorized Cookie is no longer valid, ending session Reconnect failed Microsoft (R) Windows Script Host Version 5.8 Copyright (C) Microsoft Corporation. All rights reserved. . Cookie was rejected on reconnection; exiting.
horar
commented
5 years ago thanks for update; pls. report/discuss this with openconnect maintainer; issue looks to be outside of GUI (this project is only smal gui on top of mentioned library/tool)
rawIce
commented
5 years ago hi horar, i got feedback on gitlab and they basically say everything is working as expected.
This is expected behaviour. OpenConnect creates one VPN connection, and lasts for as long as that VPN session does. When the session expires — which seems to have happened in this case, because the login cookie stopped working — you need to log in again with the original username/password/OTP/certificate/etc. To do that, you initiate a new connection with OpenConnect. I think what you're really asking for is a feature request for openconnect-gui which would automatically connect and authenticate, having saved the password somewhere? https://gitlab.com/openconnect/openconnect/issues/29
So could we add that simple change in behavior as a feature request? I think that might help a lot of users. Thanks a lot in advance!
Describe the bug When an established VPN connection gets interrupted, OpenConnect tries to reconnect to the previous connection.
Once the remote host becomes available again, the re-connection attempt is unsuccessful with an HTTP/1.1 404 Unauthorized response from the remote server, because the client does not seem to properly authenticate itself.
If I manually click the "connect" button afterwards, the VPN connection is established successfully again without the need of entering credentials manually.
To Reproduce Steps to reproduce the behavior:
Expected behavior OpenConnect is supposed to reauthenticate with user and password the way it does if I manually click on connect
Desktop (please complete the following information):