Comments (9)
alexandru-2016
commented on July 22, 2024
1
I'm not sure if the untrusted server is the problem, perhaps cisco is now able to determine that there is a man in the middle attack happening.
from hostscan-bypass.
Gilks
commented on July 22, 2024
Untrusted connections are blocked by default. I've never used the AnyConnect client for linux. I assume there's a section in one of the config files that allow untrusted connections. Check out the blog post. Is there a graphical version for linux? If so, it may be the same steps as seen in the blog.
from hostscan-bypass.
NTMan
commented on July 22, 2024
You means uncheck option "Block connections to untrusted servers"?
Yes, I already tried to connect without this option, but same error message here.
Screenshots
I even tried to connect from AnyConnect mobile client but the client shows the same error message.
Screenshots
from hostscan-bypass.
alexandru-2016
commented on July 22, 2024
I have the same error. Allowing untrusted connections in the settings did not help.
from hostscan-bypass.
Gilks
commented on July 22, 2024
This is an AnyConnect client problem. This is not a hostscan-bypass issue.
If troubleshooting the certificate error has yielded no results then I would recommend using Let's Encrypt and putting a legitimate certificate on a domain you own. That will remove the need to connect to an untrusted host.
from hostscan-bypass.
Gilks
commented on July 22, 2024
I assure you it is because of an untrusted certificate. That's what this error is in reference to:
error: AnyConnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network.
from hostscan-bypass.
Gilks
commented on July 22, 2024
Any update on this issue?
from hostscan-bypass.
NTMan
commented on July 22, 2024
I assure you it is because of an untrusted certificate.
And, how to use trusted certificate?
Without hostscan bypass proxy script Android AnyConnect client connected without described error.
from hostscan-bypass.
Gilks
commented on July 22, 2024
It makes sense that you can connect directly to the ASA with Android because the certificate is being verified properly. Users on OS X were describing a similar issue. It has to do with the fact that your system is not respecting the AnyConnect option to connect to untrusted sources.
The cert/key arguments can be seen with the -h command.
Usage of /tmp/go-build751505018/b001/exe/hostscan-bypass:
-c string
Use a config file (set TLS ect) - Commandline params overwrite config file
-cert string
Use a specific certificate file
-client-cert string
Read client certificate from file.
-client-key string
Read client key from file. If only client-cert is given, the key and cert will be read from the same file.
-l string
Local address to listen on
-o string
Output name for CSD hostscan bypass
-p int
Local Port to listen on
-r string
Remote Server address host:port
-s Create a TLS Proxy
exit status 2
So to specify a cert/key:
sudo go run hostscan-bypass.go -l 0.0.0.0 -p 443 -r yourserver.com:443 -s -client-cert cert.pem -client-key key.pem
from hostscan-bypass.
Related Issues (17)
- unexpected EOF when running hostscan-bypass HOT 1
- Login denied (multiple issues) HOT 3
- Connection is good, but never stops to write the bypass HOT 2
- How to run it on Windows 10 PC? HOT 9
- Unable to connect into my server using AnyConnect HOT 4
- On MacOS EOF is never triggered - Potential fix HOT 2
- tls: failed to parse private key HOT 5
- How to forward the certificate validation request. HOT 1
- Does this issue have a CVE? HOT 2
- tls: handshake failure issue HOT 1
- Possible protocol change HOT 6
- OS X Troubleshooting HOT 47
- RSA token with hostscan bypass HOT 3
- Doesn't work with TLS_RSA_WITH_AES_256_CBC_SHA256 cipher HOT 16
- Unable to obtain CSD file HOT 5
- Getting the below error HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hostscan-bypass.