Unable to connect to vpn - Invalid session id #112
Description
I am getting the following error:
echo <cookie> | sudo openconnect --protocol=gp '--useragent=PAN GlobalProtect' --user=<username>@northwestern.edu --os=win --usergroup=gateway:prelogin-cookie --passwd-on-stdin vpn-connect.northwestern.edu -vvv --dump-http-traffic
POST https://vpn-connect.northwestern.edu/ssl-vpn/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Windows
Attempting to connect to server 129.105.179.52:443
Connected to 129.105.179.52:443
SSL negotiation with vpn-connect.northwestern.edu
Connected to HTTPS on vpn-connect.northwestern.edu with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
> POST /ssl-vpn/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Windows HTTP/1.1
> Host: vpn-connect.northwestern.edu
> User-Agent: PAN GlobalProtect
>
Got HTTP response: HTTP/1.1 200 OK
Date: Mon, 23 Dec 2024 21:34:38 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 1525
Connection: keep-alive
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: SESSID=<sessid>; Path=/; SameSite=Lax; HttpOnly; Secure
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';
HTTP body length: (1525)
< <?xml version="1.0" encoding="UTF-8" ?>
< <prelogin-response>
< <status>Success</status>
< <ccusername></ccusername>
< <autosubmit>false</autosubmit>
< <msg></msg>
< <newmsg></newmsg>
< <license>yes</license>
< <authentication-message>Enter login credentials</authentication-message>
< <username-label>Username</username-label>
< <password-label>Password</password-label>
< <panos-version>1</panos-version>
< <saml-default-browser>yes</saml-default-browser>
< <cas-auth></cas-auth>
< <saml-auth-status>0</saml-auth-status>
< <saml-auth-method>REDIRECT</saml-auth-method>
< <saml-request-timeout>600</saml-request-timeout>
< <saml-request-id>0</saml-request-id>
< <saml-request>****some hex id****</saml-request>
< <auth-api>no</auth-api><server-ip>129.105.179.52</server-ip><region>US</region>
< </prelogin-response>
Destination form field prelogin-cookie was specified; assuming SAML REDIRECT authentication is complete.
Prelogin form _login: "Username: " user(TEXT)=(null), "prelogin-cookie: " prelogin-cookie(PASSWORD)
Enter login credentials
POST https://vpn-connect.northwestern.edu/ssl-vpn/login.esp
> POST /ssl-vpn/login.esp HTTP/1.1
> Host: vpn-connect.northwestern.edu
> User-Agent: PAN GlobalProtect
> Cookie: SESSID=<sessid>
> X-Pad: 0000000000000000000000000000000000000000000000000000000000000
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 323
>
> jnlpReady=jnlpReady&ok=Login&direct=yes&clientVer=4100&prot=https:&internal=no&ipv6-support=yes&clientos=Windows&os-version=win&server=vpn-connect.northwestern.edu&computer=saipavanchitta-lenovo&user=spc5197%40northwestern.edu&prelogin-cookie=<cookie>
Got HTTP response: HTTP/1.1 200 OK
Date: Mon, 23 Dec 2024 21:34:38 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 69
Connection: keep-alive
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: SESSID=e75ee0c3-4296-4191-8812-756d9f7023e7; Path=/; SameSite=Lax; HttpOnly; Secure
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';
HTTP body length: (69)
< <html>
< <body>Error: Login fails (invalid session id)</body>
< </html>
Failed to parse non-XML server response
Response was: Error: Login fails (invalid session id)
Failed to complete authentication
I have also seen similar issues open on openconnect: https://gitlab.com/openconnect/openconnect/-/issues/671. Does not seem like that is solved too. Is there anything I can do to make this work?