Skip to main content
Start a Conversation

Unsolved

argj

22 Posts

4084

March 18th, 2020 13:00

Wyse 3040 VPN Error

hi, i have a UTM PaloAlto whit SSL VPN Enable this Palo Alto use by default GlobalProtect Client i am trying to connect my Wyse 3040 and i get the next error:

 

XML response has no "auth" node

 

when i search for the error on internet i get the next solution: 

 

This VPN is based on HTTPS and ESP, with routing and configuration information distributed in XML format.
GlobalProtect mode is requested by adding --protocol=gp to the command line:
  openconnect --protocol=gp vpn.example.com

 

how i can add the parameter openconnect --protocol=gp to the Wyse 3040 ?

DELL-Scott H

Moderator

 • 

878 Posts

March 19th, 2020 07:00

ThinOS has a built in VPN client but it is a bit limited

it is an OpenVPN client.

Some VPN solution do have an OpenVPN compatibility mode. That’s the reason why Anyconnect works. So, “just” make sure your solution is OpenVPN compatible and only needs user/password for authentication, as ThinOS does not support any other authentication methods.

argj

22 Posts

April 5th, 2020 09:00

Hi, thanks for your time and help but the problem is:

 

1 - Dell have to upgrade the client of OpenConnect in the current firmware 8.6_303 the version of the openconnect is version 5.01 and to day the last version 8.X

The version 8.X of the OpenConnect Client support the next Firewalls:

AnnyConnect
Juniper
Global Protect(Palo Alo)
Pulse Secure

 

The first version 8.X Support Global Protect

OpenConnect v8.00 (PGP signature) — 2019-01-05
Clear form submissions (which may include passwords) before freeing (CVE-2018-20319).
Allow form responses to be provided on command line.
Add support for SSL keys stored in TPM2.
Fix ESP rekey when replay protection is disabled.
Drop support for GnuTLS older than 3.2.10.
Fix --passwd-on-stdin for Windows to not forcibly open console.
Fix portability of shell scripts in test suite.
Add Google Authenticator TOTP support for Juniper.
Add RFC7469 key PIN support for cert hashes.
Add protocol method to securely log out the Juniper session.
Relax requirements for Juniper hostname packet response to support old gateways.
Add API functions to query the supported protocols.
Verify ESP sequence numbers and warn even if replay protection is disabled.
Add support for PAN GlobalProtect VPN protocol (--protocol=gp).
Reorganize listing of command-line options, and include information on supported protocols.
SIGTERM cleans up the session similarly to SIGINT.

 

Dell Wyse Current Version:

OpenConnect v5.01 (PGP signature) — 2013-06-01
Attempt to handle  in aggregate auth mode.
Don't include X-Aggregate-Auth: header in fallback mode.
Enable AES256 mode for DTLS with GnuTLS (RH#955710).
Add --dump-http-traffic option for debugging.
Be more permissive in parsing XML forms.
Use original URL when falling back to non-XML POST mode.
Add --no-xmlpost option to revert to older, compatible behaviour.
Close connection before falling back to non-xmlpost mode (RH#964650).
Improve error handling when server closes connection (Debian #708928).

 

i have to resolve my problem installing the OCSVR (OpenConnect Server Version 1.1.0) now the Wyse 3040 Firmware 8.6_303  connect to my Corporate Network, but i want to use my Palo Alto as VPN server and not the OpenConnect.

 

BrunoAra

1 Message

July 6th, 2020 05:00

Thanks a lot!

Was this post helpful?

View All

No Events found!

Top