Problem connecting to Forti VPN
I can't connect to my academic VPN. I don't see where is the problem.
Log
openconnect --protocol=fortinet https://vpn.host:443 -u=user_name --passwd-on-stdin --dump-http-traffic -vvv
user_passwd
GET https://vpn.host:443/
Attempting to connect to server 111.11.111.11:443
Connected to 111.11.111.11:443
SSL negotiation with vpn.host
Connected to HTTPS on vpn.host with ciphersuite (TLS1.3)-(ECDHE-SECP384R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
> GET / HTTP/1.1
> Host: vpn.host:443
> User-Agent: Mozilla/5.0 SV1
>
Got HTTP response: HTTP/1.1 200 OK
Date: Thu, 01 Feb 2024 13:32:26 GMT
ETag: "83-65132647"
Accept-Ranges: bytes
Content-Length: 131
Content-Type: text/html
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'; object-src 'self'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob:;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
HTTP body length: (131)
< <html><script type="text/javascript">
< if (window!=top) top.location=window.location;top.location="/remote/login";
< </script></html>
POST https://vpn.host:443/remote/logincheck
> POST /remote/logincheck HTTP/1.1
> Host: vpn.host:443
> User-Agent: Mozilla/5.0 SV1
> X-Pad: 000000000000000000000000000000000000000000000000
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 80
>
> username=%3duser_name&credential=user_passwd&realm=&ajax=1&just_logged_in=1
Got HTTP response: HTTP/1.1 200 OK
Date: Thu, 01 Feb 2024 13:32:26 GMT
Set-Cookie: SVPNCOOKIE=; path=/; expires=Sun, 11 Mar 1984 12:00:00 GMT; secure; httponly; SameSite=Strict;
Set-Cookie: SVPNNETWORKCOOKIE=; path=/remote/network; expires=Sun, 11 Mar 1984 12:00:00 GMT; secure; httponly; SameSite=Strict
X-UA-Compatible: requiresActiveX=true
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'; object-src 'self'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob:;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
HTTP body chunked (-2)
< <!DOCTYPE html>
< <html lang="en" class="main-app">
< <head>
< <meta charset="UTF-8">
< <meta http-equiv="X-UA-Compatible" content="IE=8; IE=EDGE">
< <meta name="viewport" content="width=device-width, initial-scale=1">
< <meta name="apple-itunes-app" content="app-id=1475674905">
< <link href="/styles.css" rel="stylesheet" type="text/css">
< <link href="/css/legacy-main.css" rel="stylesheet" type="text/css">
< <title>Please Login</title>
< </head>
< <body>
< <div class="view-container">
< <form class="prompt legacy-prompt" action="/remote/logincheck" method="post" name="f" autocomplete="off">
< <div class="content with-header">
< <div class="header">
< <f-icon class="ftnt-fortinet-grid icon-xl"></f-icon>
< <div id="login-login">Please Login</div>
< </div>
< <div class="sub-content">
< <div class="wide-inputs">
< <div class="error-message" id="err_str"><div class="message-content" id="err_val" title="sslvpn_login_permission_denied"></div></div><!--sslvpnerrmsg=-->
< <!--remoteauthtimeout=120-->
< <input type="text" name="username" id="username" placeholder="Name"><input type="password" name="credential" id="credential" placeholder="Password" maxlength="128"><div class="info-message" id="token_msg" style="display: none;"><div class="message-content" id="token_label"></div></div><input type="password" style="display: none;" maxlength="128" name="credential2" id="credential2"><input type="password" style="display: none;" maxlength="128" name="credential3" id="credential3"><div class="button-actions wide"><button class="primary" type="button" name="ftm_push_button" id="ftm_push_button" onclick="try_ftm_push() " style="display: none" disabled>Use FTM Push</button></div><input type="password" style="display: none;" placeholder="Token" name="code" id="code"><div id="driftmsg" style="display: none;" class="warning-message">Token clock drift detected. Please input the next code and continue.</div><input type="password" style="display: none;" name="code2" id="code2" placeholder="Next Token Code">
< </div>
< <div class="button-actions wide">
< <button class="primary" type="button" name="login_button" id="login_button" onClick="try_login()">
< Login
< </button>
< <button type="button" name="skip_button" id="skip_button" onClick="try_skip()" style="display:none">
< Skip
< </button>
< <button id="launch-forticlient-button" type="button" onClick="launchFortiClient()">
< <f-icon class="ftnt-forticlient"></f-icon>
< <span>Launch FortiClient</span>
< </button>
< <iframe id="launch-forticlient-iframe" style="display:none"></iframe>
< <button id="saml-login-bn" class="primary" type="button" name="saml_login_bn" onClick="launchSamlLogin()" style="display:none">
< SSO Login
< </button>
< </div>
< </div>
< </div>
< </form>
< </div>
< </body>
< <input type=hidden name="ftm_push_enabled" id="ftm_push_enabled" value="1"><input type=hidden name=just_logged_in value=1><input type=hidden name=magic id=magic_id value=""><input type=hidden name=reqid id=reqid_id value="0"><input type=hidden name=grpid id=grpid_id value=""><input type=hidden name=realm id=realm_id value=""><input type=hidden name=redir value="/sslvpn/portal.html"><input type=hidden name=saml_login id=saml_login_id value="1"><script type="text/javascript" src="/js/legacy_theme_setup.js"></script><script type="text/javascript" src="/sslvpn/js/login.js "></script><script type="text/javascript" src="/remote/fgt_lang?lang=en"></script><script>document.onkeydown = key_pressdown;function load_login_strings() {var tmp = document.getElementById("err_val");var name = document.getElementById("username");var pass = document.getElementById("credential");if (tmp) {tmp.innerHTML = fgt_lang["error"] + ": " + fgt_lang[tmp.getAttribute('title')];}name.placeholder = fgt_lang["Username"];pass.placeholder = fgt_lang["sslvpn_portal::Password"];}window.onload = load_login_strings;</script>
< </html>
Password:
Regards, Marek
Edited by Dimitri Papadopoulos Orfanos