fortinet protocol not working with 2FA
Hello and a big thank you for your work ! First I want to confirm that the connection is working without issues with openfortivpn I'm trying to configure the latest build for fedora-34 (using the vagrant build in virtualbox) but I'm getting the following errors on getting the 2FA SMS (logged with --dump)
[vagrant@fedora ~]$ sudo openconnect --protocol=fortinet corp.forti.net:4433 --servercert pin-sha256:6uMoB+K4KlBMwLhvXhR3DYimROOLxng4YWLzHzvOwYA= -u user.name --http-auth=Basic --no-dtls --dump
GET https://corp.forti.net:4433/
Attempting to connect to server X.Y.Z.W:4433
Connected to X.Y.Z.W:4433
SSL negotiation with corp.forti.net
Server certificate verify failed: signer not found
Connected to HTTPS on corp.forti.net with ciphersuite (TLS1.3)-(ECDHE-SECP384R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
> GET / HTTP/1.1
> Host: corp.forti.net:4433
> User-Agent: Mozilla/5.0 SV1
>
Got HTTP response: HTTP/1.1 200 OK
Date: Wed, 20 Oct 2021 08:26:03 GMT
Server: xxxxxxxx-xxxxx
Last-Modified: Wed, 17 Jun 2020 20:31:10 GMT
ETag: "83-5eea7d8e"
Accept-Ranges: bytes
Content-Length: 131
Vary: Accept-Encoding
Content-Type: text/html
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'; object-src 'none'; script-src 'self' https 'unsafe-eval' 'unsafe-inline';
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
HTTP body length: (131)
< <html><script type="text/javascript">
< if (window!=top) top.location=window.location;top.location="/remote/login";
< </script></html>
Password:
POST https://corp.forti.net:4433/remote/logincheck
> POST /remote/logincheck HTTP/1.1
> Host: corp.forti.net:4433
> User-Agent: Mozilla/5.0 SV1
> X-Pad: 000000000000000000000000000000000000000000000000000000
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 74
>
> username=user.name&credential=MyPassHere&realm=&ajax=1&just_logged_in=1
Got HTTP response: HTTP/1.1 401 Authorization Required
Date: Wed, 20 Oct 2021 08:26:08 GMT
Server: xxxxxxxx-xxxxx
Set-Cookie: SVPNCOOKIE=; path=/; expires=Sun, 11 Mar 1984 12:00:00 GMT; secure; httponly;
Set-Cookie: SVPNNETWORKCOOKIE=; path=/remote/network; expires=Sun, 11 Mar 1984 12:00:00 GMT; secure; httponly
Cache-Control: no-cache
Content-Length: 1333
Content-Type: text/html; charset=utf-8
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'; object-src 'none'; script-src 'self' https 'unsafe-eval' 'unsafe-inline';
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
HTTP body length: (1333)
< <html>
< <head>
< <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
< <meta http-equiv="Pragma" content="no-cache">
< <meta http-equiv="cache-control" content="no-cache">
< <meta http-equiv="cache-control" content="must-revalidate">
< <meta http-equiv="cache-control" content="no-store">
< <title>Authentication Required</title>
< <link href="/sslvpn/css/ssl_style.css" rel="stylesheet" type="text/css">
< <script type="text/javascript" src="/remote/fgt_lang?lang=en"></script></head>
< <BODY class=main><CENTER>
< <TABLE class=container align=center valign=middle width=100% height=100% cellpadding=0 cellspacing=0>
< <TR align=center><TD>
< <TABLE border=0 width=400 height=200 cellpadding=10 cellspacing=5 align=center>
< <FORM ACTION="/remote/logincheck" method="POST">
< <TR align=center valign=middle><TD colspan=2><b>Please type in the SMS token:</b></TD></TR>
< <INPUT TYPE="hidden" NAME="magic" VALUE="21-571c25f8">
< <INPUT TYPE="hidden" NAME="username" VALUE="user.name">
< <INPUT TYPE="hidden" NAME="reqid" VALUE="1853175582">
< <INPUT TYPE="hidden" NAME="grpid" VALUE="0,522,1">
< <TR><TD width=30%><b>Answer:</b></TD>
< <TD width=70%>
< <INPUT TYPE="password" NAME="credential">
< </TD></TR>
< <TR align=center><TD colspan=2>
< <INPUT class="button" TYPE="submit" VALUE="OK">
< </TD></TR>
< </FORM>
< </TABLE>
< </TD></TR></TABLE>
< </CENTER></BODY></HTML>
No more authentication methods to try
Password: