Fallback to GET after "HTTP response: HTTP/1.1 400 Bad Request " from initial POST
Cisco VPN provided by my employer. Server definitely NOT under my control and/or in any way debugable. Installed openconnect and for like one year everything worked perfectly with openconnect launched directly from CLI: ``` openconnect --protocol=anyconnect --no-dtls https://vpn.employer.example.com/ ``` About a month ago my console started showing "Unexpected 400 result from server" and redirects "Moved Permanently" from `https://vpn.employer.example.com/` to `https://vpn.employer.example.com/+vpn+/index.html`. Altered the command to include the new URL but the 400 error is still here: ``` openconnect -v --syslog --timestamp --protocol=anyconnect --no-dtls https://vpn.employer.example.com/+vpn+/index.html [2023-09-07 10:22:49] POST https://vpn.employer.example.com/+vpn+/index.html [2023-09-07 10:22:49] Attempting to connect to server 192.168.1.10:443 [2023-09-07 10:22:49] Connected to 192.168.1.10:443 [2023-09-07 10:22:49] SSL negotiation with vpn.employer.example.com [2023-09-07 10:22:49] Connected to HTTPS on vpn.employer.example.com with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-12 8-GCM) [2023-09-07 10:22:49] Got HTTP response: HTTP/1.1 400 Bad Request [2023-09-07 10:22:49] Strict-Transport-Security: max-age=31536000; includeSubDomains [2023-09-07 10:22:49] Connection: close [2023-09-07 10:22:49] X-Transcend-Version: 1 [2023-09-07 10:22:49] HTTP body http 1.0 (-1) [2023-09-07 10:22:49] TLS/DTLS socket closed uncleanly [2023-09-07 10:22:49] Unexpected 400 result from server [2023-09-07 10:22:49] GET https://vpn.employer.example.com/+vpn+/index.html [2023-09-07 10:22:49] Attempting to connect to server 192.168.1.10:443 [2023-09-07 10:22:49] Connected to 192.168.1.10:443 [2023-09-07 10:22:49] SSL negotiation with vpn.employer.example.com [2023-09-07 10:22:49] Connected to HTTPS on vpn.employer.example.com with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-12 8-GCM) [2023-09-07 10:22:49] Got HTTP response: HTTP/1.1 200 OK [2023-09-07 10:22:49] Strict-Transport-Security: max-age=31536000; includeSubDomains [2023-09-07 10:22:49] Transfer-Encoding: chunked [2023-09-07 10:22:49] Content-Type: text/xml [2023-09-07 10:22:49] Cache-Control: max-age=0 [2023-09-07 10:22:49] Set-Cookie: vpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure [2023-09-07 10:22:49] Set-Cookie: vpn_as=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure [2023-09-07 10:22:49] Set-Cookie: vpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure [2023-09-07 10:22:49] Set-Cookie: vpnlogin=1; secure [2023-09-07 10:22:49] X-Frame-Options: SAMEORIGIN [2023-09-07 10:22:49] X-Transcend-Version: 1 [2023-09-07 10:22:49] HTTP body chunked (-2) Please enter your username and password. Password: [2023-09-07 10:23:12] POST https://vpn.employer.example.com/+vpn+/index.html [2023-09-07 10:23:12] Got HTTP response: HTTP/1.1 200 OK [2023-09-07 10:23:12] Strict-Transport-Security: max-age=31536000; includeSubDomains [2023-09-07 10:23:12] Transfer-Encoding: chunked [2023-09-07 10:23:12] Content-Type: text/xml [2023-09-07 10:23:12] Cache-Control: max-age=0 [2023-09-07 10:23:12] Set-Cookie: vpnlogin=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure [2023-09-07 10:23:12] Set-Cookie: vpn_as=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure [2023-09-07 10:23:12] Set-Cookie: samlPreauthSessionHash=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure [2023-09-07 10:23:12] Set-Cookie: acSamlv2Token=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure [2023-09-07 10:23:12] Set-Cookie: acSamlv2Error=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure [2023-09-07 10:23:12] Set-Cookie: vpn=<elided>; path=/; secure [2023-09-07 10:23:12] Set-Cookie: vpnc=bu:/CACHE/stc/&p:t&iu:1/&sh:<...longhash...>&lu:/+CSCOT+/tanslation-table?textdomain%3DAnyConnect%26type%3Dmanifest&fu:profiles%2VPNCLIENT-IKEV2.xml&fh:<...longhash...>; path=/; secure [2023-09-07 10:23:12] Set-Cookie: vpnx= [2023-09-07 10:23:12] Set-Cookie: vpnaac=1; path=/; secure [2023-09-07 10:23:12] X-Frame-Options: SAMEORIGIN [2023-09-07 10:23:12] X-Transcend-Version: 1 [2023-09-07 10:23:12] HTTP body chunked (-2) [2023-09-07 10:23:12] TCP_INFO rcv mss 1400, snd mss 1400, adv mss 1448, pmtu 1500 [2023-09-07 10:23:12] Got CONNECT response: HTTP/1.1 200 OK [2023-09-07 10:23:12] X-CSTP-Version: 1 [2023-09-07 10:23:12] X-CSTP-Protocol: Copyright (c) 2004 Cisco Systems, Inc. [2023-09-07 10:23:12] X-CSTP-Address: 172.7.5.190 [2023-09-07 10:23:12] X-CSTP-Netmask: 255.255.0.0 [2023-09-07 10:23:12] X-CSTP-Hostname: vpn-bx [2023-09-07 10:23:12] X-CSTP-Lease-Duration: 1209600 [2023-09-07 10:23:12] X-CSTP-Session-Timeout: none [2023-09-07 10:23:12] X-CSTP-Session-Timeout-Alert-Interval: 60 [2023-09-07 10:23:12] X-CSTP-Session-Timeout-Remaining: none [2023-09-07 10:23:12] X-CSTP-Idle-Timeout: 1800 [2023-09-07 10:23:12] X-CSTP-Disconnected-Timeout: 1800 [2023-09-07 10:23:12] X-CSTP-Keep: true [2023-09-07 10:23:12] X-CSTP-Tunnel-All-DNS: false [2023-09-07 10:23:12] X-CSTP-DPD: 30 [2023-09-07 10:23:12] X-CSTP-Keepalive: 20 [2023-09-07 10:23:12] X-CSTP-MSIE-Proxy-Lockdown: true [2023-09-07 10:23:12] X-CSTP-Smartcard-Removal-Disconnect: true [2023-09-07 10:23:12] X-CSTP-MTU: 1335 [2023-09-07 10:23:12] X-CSTP-Routing-Filtering-Ignore: false [2023-09-07 10:23:12] X-CSTP-Quarantine: false [2023-09-07 10:23:12] X-CSTP-Disable-Always-On-VPN: false [2023-09-07 10:23:12] X-CSTP-Client-Bypass-Protocol: false [2023-09-07 10:23:12] X-CSTP-TCP-Keepalive: true [2023-09-07 10:23:12] CSTP connected. DPD 30, Keepalive 20 [2023-09-07 10:23:12] Configured as 172.7.5.190, with SSL connected and DTLS disabled [2023-09-07 10:23:12] Session authentication will expire at Sun Sep 10 10:23:12 2023 ```
issue