After a recent update our VPN server, I noticed that openconnect is not
able anymore to connect to it. To login to our VPN server I have to
select non-default auth group. According to http traffic dumps OpenConnect
5.01 tried to select a group, but server failed to respond properly.
After analysing dumps from official client, I noticed that it passes a
group in the "init" XML request. I created a simple workaround, that
passes group to the "init" request, if it was selected via command line
prompt. Full solution should include reselecting a group, however it
looks like it requires auth traffic restart, which is too intrusive
change.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
--- openconnect-5.01.orig/auth.c
+++ openconnect-5.01/auth.c
@@ -790,6 +790,11 @@ int xmlpost_initial_req(struct openconne
free(url);
if (!node)
goto bad;
+ if (vpninfo->authgroup) {
+ node = xmlNewTextChild(root, NULL, XCAST("group-select"), XCAST(vpninfo->authgroup));
+ if (!node)
+ goto bad;
+ }
if (cert_fail) {
node = xmlNewTextChild(root, NULL, XCAST("client-cert-fail"), NULL);
if (!node)
