On Mon, Mar 22, 2021 at 1:38 PM William Bell <william.b...@frog.za.net> wrote: > > When I try --os=win > > If forces me to the HIDDEN_NONMFA group, which I used to use and works. > I no longer have permissions to use that group. > > I have also included the windows client's output below.
Lemme get this straight… - If you use OpenConnect to spoof the AnyConnect-for-Windows client, the server forces you to use the HIDDEN_NONMFA group, which you don't have access to? - If you use the AnyConnect-for-Windows client, it allows you to connect correctly? What's the difference between the two? How are the requests from OpenConnect-spoofing-AnyConnect distinguished from AnyConnect? (This question *might* require a MITM log to answer.) It also seems to me that whoever set your server up just didn't test it with OpenConnect, or just didn't test it with Linux clients. It's hard to tell whether this was intentional (to prevent use of anything other than the official AnyConnect-for-Windows client) or just the result of misconfiguration/inadequate testing. In my experience, the latter is much more common. You probably have a good idea. In any case, even if your administrators ARE TRYING to prevent you from connecting with a non-standard client, it's always possible to circumvent this… just have to figure out how to emulate the behavior of the official client in a more indistinguishable way. Dan _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
