Creating SSL connection failed
When I connect to our VPN via protcol=nc
, it breaks every now and then with the following error message:
dominik@host1:~$ sudo openconnect --script=/etc/vpnc/vpnc-script --certificate="$_url_of_user_cert" --protocol=nc --no-dtls "https://vpn-gateway/linuxc"
GET https://vpn-gateway/linuxc
Connected to xx.xxx.xxx.xx:443
PIN required for Cryptovision SmartCard
Enter PIN:
Using client certificate 'Schütz Dominik'
SSL negotiation with vpn-gateway
Connected to HTTPS on vpn-gateway with ciphersuite (TLS1.2)-(RSA)-(AES-128-GCM)
Got HTTP response: HTTP/1.1 302 Found
GET https://vpn-gateway/dana-na/auth/url_xxx/welcome.cgi
SSL negotiation with vpn-gateway
Connected to HTTPS on vpn-gateway with ciphersuite (TLS1.2)-(RSA)-(AES-128-GCM)
Got HTTP response: HTTP/1.1 302 Moved
GET https://vpn-gateway/dana-na/auth/url_xxx/login.cgi?realm=REALM_Linux_Cert
Renegotiated SSL on vpn-gateway with ciphersuite (TLS1.2)-(RSA)-(AES-128-GCM)
Got HTTP response: HTTP/1.1 302 Moved
GET https://vpn-gateway/dana-na/auth/url_xxx/welcome.cgi?p=user%2Dconfirm
POST https://vpn-gateway/dana-na/auth/url_xxx/login.cgi
Got HTTP response: HTTP/1.1 302 Moved
GET https://vpn-gateway/dana/home/index.cgi
Record of additional 288 bytes too large; would make 2342
Creating SSL connection failed
Unknown error; exiting.
dominik@host1:~$
Normally, the output should look like this:
dominik@host1:~$ sudo openconnect --script=/etc/vpnc/vpnc-script --certificate="$_url_of_user_cert" --protocol=nc --no-dtls "https://vpn-gateway/linuxc"
GET https://vpn-gateway/linuxc
Connected to xx.xxx.xxx.xx:443
PIN required for Cryptovision SmartCard
Enter PIN:
Using client certificate 'Schütz Dominik'
SSL negotiation with vpn-gateway
Connected to HTTPS on vpn-gateway with ciphersuite (TLS1.2)-(RSA)-(AES-128-GCM)
Got HTTP response: HTTP/1.1 302 Found
GET https://vpn-gateway/dana-na/auth/url_xxx/welcome.cgi
SSL negotiation with vpn-gateway
Connected to HTTPS on vpn-gateway with ciphersuite (TLS1.2)-(RSA)-(AES-128-GCM)
Got HTTP response: HTTP/1.1 302 Moved
GET https://vpn-gateway/dana-na/auth/url_xxx/login.cgi?realm=REALM_Linux_Cert
Renegotiated SSL on vpn-gateway with ciphersuite (TLS1.2)-(RSA)-(AES-128-GCM)
Got HTTP response: HTTP/1.1 302 Moved
GET https://vpn-gateway/dana/home/index.cgi
Configured as xx.x.xxx.xxx, with SSL connected and ESP disabled
I have installed the following two packages "openconnect_9.01+138+g09d9f6fa-0+148.1_amd64.deb" and "libopenconnect5_9.01+138+g09d9f6fa-0+148.1_amd64.deb" from the latest git HEAD (https://download.opensuse.org/repositories/home:/bluca:/openconnect/Ubuntu_22.04/amd64/). But I also had the error with the original v9.01-0+9.1 version (https://download.opensuse.org/repositories/home:/bluca:/openconnect:/release/Ubuntu_22.04/amd64/).