On Wed, Feb 5, 2014 at 8:40 PM, Steve <steve at thupdi.net> wrote: > After several successful connected to ocserv, AnyConnect 3.1 on Mac > always complaints: > > The service provider in your current location is restricting access to > the Internet. You need to log on with the service provider before you > can establish a VPN session. You can try this by visiting any website > with your browser. > > Any fix or workaround for this issue? Hmm, that's really odd. I tried to reproduce your issue and I saw it several times. It even persisted when I tried to connect to an ASA on my LAN. Quitting and restarting the application didn't help (but this might not restart vpnagentd). I then connected to a couple of external sites, such as vpn.uci.edu. They did not show the warning. I didn't log in - just hit cancel at the prompt. After that, I wasn't able to see the error again. I thought maybe there was a regression between my ocserv Mac support commit (f928a11c) and the head of tree, but both revs seemed to exhibit the same behavior. The fact that I never see it when connecting to an external site, but I did see it connecting to a local ASA, makes me wonder if it might be timing-related? Or possibly related to the use of self-signed or otherwise unrecognized certificates. Some Linux versions of the client have major bugs involving server certificate validation so that code is suspect.
