My work is currently transitioning from a Cisco IPSEC VPN system to a Cisco AnyConnect VPN system. I have grown very fond of having an open-source client with Network Manager integration in vpnc and would love to continue that with openconnect. Unfortunately, when I try to connect with openconnect, I end up getting "AnyConnect is not enabled on the VPN server" errors (XML shows that it's error 89) after entering password. Doing a little research, I see that this may indicate a version mismatch between client and server (the AnyConnect client deployed for Windows is version 2.5). Checking the csd logs, I don't see anything to indicate an error there (there are some "failed to initialize mozilla certificates" warnings at the end, though). I've also manually downloaded the CSD binary and run it directly, passing in the token, ticket, group, host, and debug=all and got similar results. I added some debug output to my openconnect client, and the XML received does advertise this binary as a Linux option. Also, I noticed that the POST request only send the group, user, and password. Does it not need to send the "ticket" and "token"? I am a professional software engineer, so I can handle some debugging and coding, but I'm new to this protocol. Any ideas on what I can do to work on getting this to work? Sorry if this is a bit rambling; I'm not sure what information you guys would need. Thanks! - Keith
