Ubuntu 16.04 openconnect cisco vpn failed to obtain webvpn cookie

networking vpn cisco openconnect

On Ubuntu 16.04 I am getting the following error: 

$ openconnect -v vpn.com
POST https://vpn.com/
Attempting to connect to server 1.1.1.1:443
SSL negotiation with vpn.com
Connected to HTTPS on vpn.com
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Mon, 22 Aug 2016 00:04:14 GMT
X-Frame-Options: SAMEORIGIN
X-Aggregate-Auth: 1
HTTP body chunked (-2)
XML POST enabled
Error: Server asked us to run CSD hostscan.
You need to provide a suitable --csd-wrapper argument.
Failed to obtain WebVPN cookie

I tried --no-xmlpost post and got error as well.

Here is some background:
I had Ubuntu 14.04 and was connecting to vpn server using openconnect. Then a week ago, it stopped working with this issue. My guess is that the vpn site upgraded its Cisco vpn server to required to CSD trojan. Anyhow, I decided to upgrade to 16.04 and still have the same problem.


Solution 1:

I found my answer through this post:
https://gist.github.com/l0ki000/56845c00fd2a0e76d688

I did the following:

cd ~  
mkdir .cisco  
cd .cisco  
wget https://gist.githubusercontent.com/l0ki000/56845c00fd2a0e76d688/raw/61fc41ac8aec53ae0f9f0dfbfa858c1740307de4/csd-wrapper.sh  
chmod +x csd-wrapper.sh

Edit the file with the vpn server: 

CSD_HOSTNAME=vpnserver.com

Run the file 

./csd-wrapper.sh

Run openconnect: 

sudo openconnect --csd-user=YOURLINUXUSERNAME --csd-wrapper=/home/YOURLINUXUSERNAME/.cisco/csd-wrapper.sh vpnserver.com

Solution 2:

I found that I needed to specify --os=win as well. This seemed to work around a 404 response that the server was generating when attempting to download sfinst.

GET https://vpn.company.com/CACHE/sdesktop/install/binaries/sfinst
Got HTTP response: HTTP/1.1 404 Not Found (does not exist)

Information on the 404 for sfinst issue can be found on the openconnect-devel mailing list "Connecting with Linux when the CSD is available" post.

I had success with the following command which uses the os flag and the csd-wrapper flag together:

sudo openconnect \
    --user <USERNAME> \
    --cert-expire-warning=15 \
    --certificate <CERTFILE> \
    --os=win \
    --csd-user=<USERNAME> \
    --csd-wrapper=<PATHTO>/csd-wrapper.sh \
    https://<VPNADDRESS e.g., vpn.company.com>

Solution 3:

I had this Error in Ubuntu 18.04
I was able to connect to the server using the link below and the second answer.

just use the -v flag

sudo openconnect -v NAMESERVER.COM

Related

Where is the kernel documentation?
How do I get `apt-get update` to work on a machine with no internet access and manually assigned IP address?
Is there a screen recorder for GNOME with Wayland?
The connection of Wine and PlayOnLinux
Is it possible to obtain an e-mail address like [email protected]
How do I show the date in the clock indicator?
Java application launcher not staying in Unity launcher
Is there a project management software for Ubuntu like Microsoft Project?
rsync between two computers on LAN
How to detect processor correct temperature in conky
/etc/apt/apt.conf.d/ priority - overrule configuration file?
Error RTNETLINK answers: File exists