I'm afraid tuning parameters does not help at all. I unsuccessfully > > tried various combinantions. > Then I dumped the /opt/cisco/anyconnect/bin/vpnui traffic, tried what > the official client sends and still no success.
Hmmm. So you can see all (or almost all) of the traffic between the official client and the server, and you see NO differences between what OpenConnect sends and what the official clients send…? > What can I do more? What to dump? It's quite difficult to say without seeing some of this traffic and comparing carefully. It sounds like you've already read https://www.infradead.org/openconnect/mitm.html, and have a good idea of how to capture the traffic from the official client. > I'm able to dump (SSLKEYLOGFILE) ui's traffic and partly also the > vpnagentd's traffic but there are still some tls streams unreadable. Any idea about the *timing* or *quantity* of those TLS streams which you can't see, relative to other requests which you can see? Dan _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
