Hi all, Thanks for this project and effort on providing open source

Message DEBUG: Empty cookie originates here: </p

I am having the exact same issue. Using openfortivpn 1.19.0 in <code class="notran

No cookie given about openfortivpn HOT 2 OPEN

jpahullo commented on July 18, 2024

No cookie given

from openfortivpn.

Comments (2)

DimitriPapadopoulos commented on July 18, 2024

Message DEBUG: Empty cookie originates here:

openfortivpn/src/http.c

Lines 417 to 443 in bf94c2f

    
           int auth_set_cookie(struct tunnel *tunnel, const char *line) 
        
           { 
        
           	int ret = ERR_HTTP_NO_COOKIE; 
        
           	if (line) { 
        
           		const char *cookie_start; 
        
           		cookie_start = strstr(line, "SVPNCOOKIE="); 
        
           		if (cookie_start != NULL) { 
        
           			const char *cookie_end; 
        
           			size_t cookie_len; 
        
           			cookie_end = strpbrk(cookie_start, "\r\n;"); 
        
           			if (cookie_end) 
        
           				cookie_len = cookie_end - cookie_start; 
        
           			else 
        
           				cookie_len = strlen(cookie_start); 
        
           			if (cookie_len > COOKIE_SIZE) { 
        
           				log_error("Cookie larger than expected: %zu > %d\n", 
        
           				          cookie_len, COOKIE_SIZE); 
        
           			} else { 
        
           				strncpy(tunnel->cookie, cookie_start, COOKIE_SIZE); 
        
           				tunnel->cookie[cookie_len] = '\0'; 
        
           				if (tunnel->cookie[11] == '\0') { 
        
           					log_debug("Empty cookie.\n");

Message Could not authenticate to gateway. Please check the password, client certificate, etc. is then printed from:

openfortivpn/src/tunnel.c

Lines 1346 to 1351 in bf94c2f

    
           if (config->cookie) 
        
           	ret = auth_set_cookie(&tunnel, config->cookie); 
        
           else 
        
           	ret = auth_log_in(&tunnel); 
        
           if (ret != 1) { 
        
           	log_error("Could not authenticate to gateway. Please check the password, client certificate, etc.\n");

Finally, message No cookie given (-7) associated to ERR_HTTP_NO_COOKIE originates here if I'm not mistaken:

openfortivpn/src/http.c

Lines 692 to 711 in bf94c2f

    
           	if (ret == ERR_HTTP_NO_COOKIE) { 
        
           		struct vpn_config *cfg = tunnel->config; 
        
           		/* 
        
           		 * If the response body includes a tokeninfo= parameter, 
        
           		 * it means the VPN gateway expects two-factor authentication. 
        
           		 * It sends a one-time authentication credential for example 
        
           		 * by email or SMS, and expects to receive it back in the 
        
           		 * second authentication stage. No SVPNCOOKIE will be provided 
        
           		 * until after the second call to /remote/logincheck. 
        
           		 * 
        
           		 * If we receive neither a tokeninfo= parameter nor an 
        
           		 * SVPNCOOKIE, it means our authentication attempt was 
        
           		 * rejected. 
        
           		 */ 
        
           		ret = get_value_from_response(res, "tokeninfo=", token, 128); 
        
           		if (ret != 1) { 
        
           			// No SVPNCOOKIE and no tokeninfo, return error. 
        
           			ret = ERR_HTTP_NO_COOKIE;

Unless you are willing to send the HTTP requests and answers, you should look into auth_log_in() for clues on why openfortivpn cannot extract the cookie.

Note that Windows clients are usually VPN IPSec, while Linux clients are VPN TLS.

from openfortivpn.

BrunoTeixeira1996 commented on July 18, 2024

I am having the exact same issue.
Using openfortivpn 1.19.0 in Linux Teixeira 6.1.0-17-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.69-1 (2023-12-30) x86_64 GNU/Linux.
Any idea why?

from openfortivpn.

No cookie given about openfortivpn HOT 2 OPEN

Comments (2)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent

	int auth_set_cookie(struct tunnel tunnel, const char line)
	{
	int ret = ERR_HTTP_NO_COOKIE;

	if (line) {
	const char *cookie_start;

	cookie_start = strstr(line, "SVPNCOOKIE=");
	if (cookie_start != NULL) {
	const char *cookie_end;
	size_t cookie_len;

	cookie_end = strpbrk(cookie_start, "\r\n;");
	if (cookie_end)
	cookie_len = cookie_end - cookie_start;
	else
	cookie_len = strlen(cookie_start);

	if (cookie_len > COOKIE_SIZE) {
	log_error("Cookie larger than expected: %zu > %d\n",
	cookie_len, COOKIE_SIZE);
	} else {
	strncpy(tunnel->cookie, cookie_start, COOKIE_SIZE);
	tunnel->cookie[cookie_len] = '\0';

	if (tunnel->cookie[11] == '\0') {
	log_debug("Empty cookie.\n");

	if (config->cookie)
	ret = auth_set_cookie(&tunnel, config->cookie);
	else
	ret = auth_log_in(&tunnel);
	if (ret != 1) {
	log_error("Could not authenticate to gateway. Please check the password, client certificate, etc.\n");

	if (ret == ERR_HTTP_NO_COOKIE) {
	struct vpn_config *cfg = tunnel->config;

	/*
	* If the response body includes a tokeninfo= parameter,
	* it means the VPN gateway expects two-factor authentication.
	* It sends a one-time authentication credential for example
	* by email or SMS, and expects to receive it back in the
	* second authentication stage. No SVPNCOOKIE will be provided
	* until after the second call to /remote/logincheck.
	*
	* If we receive neither a tokeninfo= parameter nor an
	* SVPNCOOKIE, it means our authentication attempt was
	* rejected.
	*/

	ret = get_value_from_response(res, "tokeninfo=", token, 128);
	if (ret != 1) {
	// No SVPNCOOKIE and no tokeninfo, return error.
	ret = ERR_HTTP_NO_COOKIE;