On Mon, Mar 22, 2021 at 10:27 PM William Bell <william.b...@frog.za.net> wrote: > > It also seems to me that whoever set your server up just didn't test > > it with OpenConnect, or just didn't test it with Linux clients. It's > > hard to tell whether this was intentional (to prevent use of anything > > other than the official AnyConnect-for-Windows client) or just the > > result of misconfiguration/inadequate testing. In my experience, the > > latter is much more common. You probably have a good idea. > > They either did not have the money to do it, I asked for the Linux > client and they said they did not have one, windows only. > > The version we are using seems no longer available at Cisco. > > > > > In any case, even if your administrators ARE TRYING to prevent you > > from connecting with a non-standard client, it's always possible to > > circumvent this… just have to figure out how to emulate the behavior > > of the official client in a more indistinguishable way. > > Could it be that the client is reading the credentials from a cookie > that the browser temporary creates or something from the browser by some > other means. All browsers seem to work. So to get this working, at some > point openconnect should open/start the default browser and "do the same > thing"
This sounds like your VPN may be using Cisco SSO/SAML. See https://gitlab.com/openconnect/openconnect/-/merge_requests/75 for work-in-progress to support this. Easy way to tell: run with `--dump-http-traffic` and see if the initial auth form contains tags like `<sso-`. Dan _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
