Closed papiru5 closed 11 months ago
@papiru5 Sorry, I didn't realize this was an ocserv-specific feature, but I still don't think it would do much to increase security.
@papiru5 Sorry again, I think this is a feature worth implementing and maybe it will be added in some future version
@papiru5 Thanks, It should work with v0.8.8 The host and secretkey fields should be filled in to the corresponding fields respectively.
Hi! Thank you for your passionate work for this application, it's the most convenient client of OpenConnect server for Windows. I'll try the new build on Monday.
I've tested the new build by upgrading v.0.8.4 without any changes in configs on client and server side (camouflage option is false in ocserv config) and got this error: Then I uninstall v.0.8.8 and install v.0.8.4 again also without touching configs and after that I can connect smoothly. Maybe the new build as of now can't work with ocserv camouflage option set to false in ocserv config (so it can't connect to all versions of ocserv prior to 1.2.0 with camouflage option set to true)? When I turn camouflage option in ocserv config to true and change profile in AnyLink Secure Client v.0.8.8 adding Secret field, I can connect without any problem.
Maybe the new build as of now can't work with ocserv camouflage option set to false in ocserv config
For me,so far, the application logic is in line with expectations, and there is no situation where camouflage is false and the client cannot connect.
Maybe the latest version changes camouflage option logic (https://ocserv.gitlab.io/www/changelog.html). I can't compile ocserv by myself, so I can only test the existing 1.1.6-3 in debian bookworm and 1.2.2 in rocky linux 9 epel repositories. In both cases I can't connect to ocserv server with AnyLink Secure Client v.0.8.8 with old working in v.0.8.4 profiles (in ocserv 1.1.6-3 camouflage option is absent, in 1.2.2 set to false). The only case when I can use v.0.8.8 flawlessly is ocserv 1.2.2 with camouflage option set to true adding secret field to old v.0.8.4 config.
I think about connection logic that way: if secret field is filled the client uses v.0.8.8 connection method, if not - v.0.8.4. So in that case we will get both old and new versions of ocserv working. Maybe I'm wrong, cause I'm not a developer...
Well, after testing again, for ocserv 1.1.6, it did cause a bug because it could not recognize ?
, but for 1.2.2, there would be no such problem. Anyway, I recompiled and uploaded the release file without adding a new version.
Please download and install again. It should be able to support the old version of ocserv.
Thanks!
I redownloaded v.0.8.8 release file, got anylink-windows10-amd64.exe with change date 14/10/23 12:34, install it over v.0.8.4 without config change and got the same error on my old 1.1.6-3 debian bookworm ocserv: But now on v.1.2.2 rocky linux 9 ocserv with camouflage option set to false or true there is no problem to connect. So I guess on ocserv v.1.2.0 or above with new AnyLink Secure Client v.0.8.8 we got camouflage option working flawlessly in both true of false cases. On ocserv v.1.1.6-3 from debian bookworm repositories error connecting v.0.8.8 with old v.0.8.4 profile still exist. v.0.8.4 of the client works good with v.1.1.6 with same profile. This is my test results, maybe I'm doing something wrong?
secretkey should be empty for 1.1.6
Yes, it's empty, I didn't change it at all: This profile is working with v.0.8.4 flawlessly, but not in old and new v.0.8.8
The "outside-rf" profile is also profile for old debian bookworm ocserv v.1.1.6-3 and also not working with the same error. And I also don't change it during upgrade from v.0.8.4 to v.0.8.8.
I'm sure the new build will support ocserv 1.1.6 with empty secretkey , maybe you didn't overwrite the previous files after unzipping? Or you can uninstall and delete the previous files and re-download it.
Oct 14 09:34 anylink-windows10-amd64.exe
md5sum
d1caf551531282eefe31f5964193def9 anylink-windows10-amd64.exe
If you still have problems, maybe you can set up a test environment and test account for me to see if I can troubleshoot the problem.
Downloaded file anylink-windows10-amd64.exe has d1caf551531282eefe31f5964193def9 md5sum which is equal to yours. Now I tried to recreate old profiles from v.0.8.4 in the new v.0.8.8 and they works flawlessly, so the problem was in old profiles! Thank you very much again! Now everything works flawlessly both with v.1.1.6 and v.1.2.2 versions of ocserv. Nice to collaborate with you, hope I helped a little to improve your great application!
Hi! I'm using Openconnect server v.1.2.2 with AnyLink Secure Client v.0.8.4. Then I try to use "camouflage" option in server config (https://ocserv.gitlab.io/www/manual.html) and change Host field in profile settings to something like "https://example.com/?mysecretkey" I got error with https:// without https://
Without this option set I connect smoothly with Host address without "https://" and "/?mysecretkey". This option is not compatible with your client?