On Sun, Apr 28, 2024 at 7:24 AM David Woodhouse <dw...@infradead.org> wrote: > > On Sat, 2024-04-27 at 22:56 -0400, marc...@gmail.com wrote: > > > > I've been looking online for an alternative to Cisco AnyConnect client > > (which I haven't been able to get working on Linux) and I saw people > > recommending OpenConnect. My workplace VPN is configured to do > > certificate enrollment when connecting for the very first time, which > > I believe is done through SCEP (simple certificate enrollment > > protocol). I've installed and tried NetworkManager-openconnect but it > > doesn't seem to do this initial certificate enrollment. Does > > OpenConnect implement SCEP? > > It doesn't. And unless it's integrated with the protocol to the point > where it *absolutely* necessary, I think I'd prefer it to remain that > way — at least for OpenConnect *itself*. > > But if this is a setup that people need to use, we should definitely > work out how to integrate it with an existing SCEP client.
Thanks for the quick reply. I agree about not spending resources on it unless there's high enough demand, or unless OpenConnect is intended as a fully equivalent drop-in replacement for Cisco AnyConnect. In the meantime it might help to just add a section on www.infradead.org/openconnect/anyconnect.html that mentions the lack of SCEP. Thanks! _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
