Always set `clientos=Windows` in GlobalProtect requests (!5) · Merge requests · OpenConnect VPN projects / OpenConnect

The source project of this merge request has been removed.

Daniel Lenski requested to merge (removed):gp_always_clientos_Windows into master Sep 05, 2018

I've tried, whenever possible not to lie to the server about the client configuration. However, there are now multiple cases where a GlobalProtect server responds with a misleading error when the ssl-vpn/login.esp request doesn't contain the exact, magic value of clientos=Windows.

https://github.com/dlenski/openconnect/issues/86 ("Assign private IP address failed" unless clientos=Windows in ssl-vpn/login.esp request)
https://github.com/dlenski/openconnect/issues/116 ("Invalid username or password" unless clientos=Windows in ssl-vpn/login.esp request)

These cases are very difficult to debug because they seem to be suggesting totally unrelated errors.

For reliability, this patch makes openconnect always specify clientos=Windows in relevant requests, regardless of the actual vpninfo->platname. (The vpninfo->platname value can still be sent in the "free-form" os-version field, as far as I can tell.)

Signed-off-by: Daniel Lenski dlenski@gmail.com

Always set `clientos=Windows` in GlobalProtect requests

Merge request reports