I tried a lot to make Cisco Anyconnect Secure Mobility Client work with OCServ, on OSX, on Windows, all failed.
But the AnyConnect for iOS works fine.
You can download the latest clients from: Cisco AnyConnect Clients 3.1.05170 download, 3.1.05182 is also provided.
AnyConnect for OSX always says:
|
1 |
The service provider in your current location is restricting access to the Internet. You need to log on with the service provider before you can establish a VPN session. You can try this by visiting any website with your browser. |
In /var/log/system.log:
|
1 2 3 4 5 6 |
Apr 2 15:25:04 sskajetekiMacBook-Pro.local acvpnagent[9494]: Function: processConnectNotification File: ../../vpn/Agent/MainThread.cpp Line: 11572 Received connect notification (host vpn.sskaje.me:443, profile N/A) Apr 2 15:25:04 sskajetekiMacBook-Pro.local acvpnagent[9494]: Function: respondToConnectNotification File: ../../vpn/Agent/MainThread.cpp Line: 4813 The requested VPN connection to vpn.sskaje.me:443 is not possible at this time (Captive Portal needs to be remediated). Apr 2 15:25:04 sskajetekiMacBook-Pro.local acvpnui[9520]: Message type warning sent to the user: Connection attempt has failed. Apr 2 15:25:04 sskajetekiMacBook-Pro.local acvpnui[9520]: Function: processIfcData File: ../../vpn/Api/ConnectMgr.cpp Line: 2641 Content type (unknown) received. Response type (Captive Portal detected) from openconnect.sskaje.me: Captive Portal detected Apr 2 15:25:04 sskajetekiMacBook-Pro.local acvpnui[9520]: Function: showConnectError File: ../../vpn/Api/ConnectMgr.cpp Line: 5511 Attempt to connect failed when Agent detected a network issue. Apr 2 15:25:04 sskajetekiMacBook-Pro.local acvpnui[9520]: Message type error sent to the user: The service provider in your current location is restricting access to the Internet. You need to log on with the service provider before you can establish a VPN session. You can try this by visiting any website with your browser. |
I read the chapter ‘False Captive Portal Detection‘ from Cisco’s official documentation, nothing useful.
I saw someone said that AnyConnect 3.1 added extra certificate verification than 3.0, which makes 3.1 not compatible with ocserv.
The latest version of AnyConnect for iOS is 3.0.12119, but for PC/Mac 3.1.05182.
I tried to find clients of AnyConnect 3.0.11042/3.0.11046, only two can be found, and MD5 checksum are same no matter where I downloaded.
|
1 2 |
MD5 (anyconnect-macosx-i386-3.0.11042-k9.dmg) = a28324d5bc5e5d31b9cc61d4a33f084e MD5 (anyconnect-win-3.0.11042-pre-deploy-k9.msi) = b29135529a832f41c4e9268a2672db99 |
You can find files here: http://dl.sskaje.me/anyconnect/3.0/3.0.11042/
I tested the OSX one, the PKG file requires me change security level of application installing, it really works, the bad news is, there’s nowhere to choose client certificate but clicking allow/decline of private key usage.
BTW, DO NOT INSTALL WEB SECURITY MODULE!!!
Incoming search terms:
- the service provider in your current location
- openconnect ios
- service provider in your current location is restricting access to the internet
- the service provider in your current location is restricting access to the internet
- service provider in your current location is
- the service provider in your current location is restricting
- the service provider in your current location is restricting your access to the internet
- the service privider in your current location is restricting acdess
- the service provider is restricting access
- cisco anyconnect the service provider in your current
- cisco anyconnect the service provider in your
- openconnect client ios
- openconnect iphone
- the service provider in your current location is restricting access
- the service provider in your current location is restricting access to the internet Ypu need to log on with hte service provider before you can establish a VPN session
- service provider is restricting access
- cisco anyconnect 0xfe3c0009
- churchodm
- anyconnect client pro file
- anyconnect certificate EKU not found in certificate