Tested with startssl cert, no luck. On Thu, Feb 6, 2014 at 2:22 PM, Kevin Cernekee <cernekee at gmail.com> wrote: > On Wed, Feb 5, 2014 at 8:40 PM, Steve <steve at thupdi.net> wrote: >> After several successful connected to ocserv, AnyConnect 3.1 on Mac >> always complaints: >> >> The service provider in your current location is restricting access to >> the Internet. You need to log on with the service provider before you >> can establish a VPN session. You can try this by visiting any website >> with your browser. >> >> Any fix or workaround for this issue? > > Hmm, that's really odd. I tried to reproduce your issue and I saw it > several times. It even persisted when I tried to connect to an ASA on > my LAN. Quitting and restarting the application didn't help (but this > might not restart vpnagentd). > > I then connected to a couple of external sites, such as vpn.uci.edu. > They did not show the warning. I didn't log in - just hit cancel at > the prompt. After that, I wasn't able to see the error again. > > I thought maybe there was a regression between my ocserv Mac support > commit (f928a11c) and the head of tree, but both revs seemed to > exhibit the same behavior. > > The fact that I never see it when connecting to an external site, but > I did see it connecting to a local ASA, makes me wonder if it might be > timing-related? Or possibly related to the use of self-signed or > otherwise unrecognized certificates. Some Linux versions of the > client have major bugs involving server certificate validation so that > code is suspect.
