I've added some code to distinguish between different rekey methods in: git://gitorious.org/openconnect-x/openconnect-x.git rekey I think that the "ssl" rekey option of anyconnect suits better the design of ocserv, as it allows for seamless rekey of both channels (without breaking the connection). However, openconnect always assumes the new-tunnel rekey method, and with this patch it is made aware of the different options (and currently simply ignore the ones that are unsupported). regards, Nikos
