Skip to content

401 Unauthorized while Cisco AnyConnect works

When I use Cisco VPN Connect to the same url it works. But when using OpenConnect 1.6.2-dirty (using Cisco AnyConnect or OpenConnect VPN protocol, after correct logging in I get Auth group selection - OpenConnect VPN popup which I press Ok, then it disconnnects. Error log says:

2025-01-07 09:24:58 | 3dac | OpenConnect VPN (1.6.2-dirty) logging started...
2025-01-07 09:25:02 | 3dac | Checking for current version
2025-01-07 09:25:03 | 3dac | Version location: /api/v4/projects/12274423/releases/v1.6.2
2025-01-07 09:25:03 | 3dac | Latest available version is 1.6.2, current 1.6.2
2025-01-07 09:26:01 | 3dac | Wake up!
2025-01-07 13:33:35 | 42b0 | POST https://<vpnsite>/
2025-01-07 13:33:35 | 42b0 | Connected to 145.85.4.103:443
2025-01-07 13:33:35 | 42b0 | There was a non-CA certificate in the trusted list: C=US,ST=California,L=Newark,O=Logitech Inc,CN=Logitech Inc.
2025-01-07 13:33:35 | 42b0 | There was a non-CA certificate in the trusted list: OU=Copyright (c) 1997 Microsoft Corp.,OU=Microsoft Corporation,CN=Microsoft Root Authority.
2025-01-07 13:33:35 | 42b0 | There was a non-CA certificate in the trusted list: C=US,O=MSFT,CN=Microsoft Authenticode(tm) Root Authority.
2025-01-07 13:33:35 | 42b0 | There was a non-CA certificate in the trusted list: CN=DESKTOP-46PS5MS.
2025-01-07 13:33:35 | 42b0 | There was a non-CA certificate in the trusted list: CN=Root Agency.
2025-01-07 13:33:35 | 42b0 | SSL negotiation with <vpnsite>
2025-01-07 13:33:35 | 42b0 | Connected to HTTPS on <vpnsite> with ciphersuite (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
2025-01-07 13:33:35 | 42b0 | XML POST enabled
2025-01-07 13:33:37 | 42b0 | Saving group: <some_group_name>
2025-01-07 13:33:37 | 42b0 | POST https://<vpnsite>/
2025-01-07 13:33:37 | 42b0 | XML POST enabled
2025-01-07 13:33:37 | 42b0 | Select form: group_list
2025-01-07 13:33:37 | 42b0 | Text form: username
2025-01-07 13:33:37 | 42b0 | Password form: password
2025-01-07 13:33:41 | 42b0 | POST https://<vpnsite>/
2025-01-07 13:33:41 | 42b0 | Got inappropriate HTTP CONNECT response: HTTP/1.1 401 Unauthorized
2025-01-07 13:33:41 | 42b0 | Error establishing the CSTP channel
2025-01-07 13:33:41 | 3dac | Disconnected

I also tried Disable UDP and/or Batch mode which gives all same error. I use Windows 11 24H2.

Edited by Jan