Juniper + openconnect + tncc.py = stalled process

[jeanfabrice]

Hi,

I'm a bit stuck trying to connect to some Juniper VPN endpoint having the following setup : authentication with login/password and ssl client cert authentication. Hostchecker required.

Here is my launch command :

openconnect --juniper --debug -u <username> -c "pkcs11:model=eToken;id=%54%6f%6b%65%6e%5f%4b%65%79%5f%4e%6f%74%5f%56%69%73%69%62%6c%65%9e%50%44%c6%88%f8%ad%d8%cd%a2"   --useragent  'Mozilla/5.0 (Linux) Firefox' --csd-wrapper=./tncc.py  https://ive.host.com/myrealm

At this point, SSL authentication works perfectly, initial DSPREAUTH Cookie is received, tncc.py is launched in background then... nothing.

Stracing tncc.py shows that it is stalled in process_cmd function, awaiting command from openconnect

It seems that openconnect correctly launch csd-wrapper tncc.py but never talk to it.

Any hints ?

[jjm390]

Has there been any movement on this? I am having the same problem.

[jeanfabrice]

unfortunately not.

But I found this workaround:

1. launch tncc.py : tncc.py $IVE_HOST $DSPREAUTH $REALM
2. obtain new DSPREAUTH cookie
3. feed IVE_HOST with DSPREAUTH2 cookie
4. get DSID
5. feed openconnect with DSID : openconnect --juniper -C "DSID=$DSID" $IVE_HOST

You will have to manually parse IVE_HOST answers in 2 and 4 to obtain both DSPREAUTH and DSID