After upgraded to latest git head, it breaks iOS' AnyConnect client, but works for Windows :P ocserv[24206]: SRVIP:55568 accepted connection ocserv[24180]: sec-mod received request from pid 24206 and uid 65534 ocserv[24206]: SRVIP:55568 sending message 6 to main ocserv[24179]: SRVIP:55568 main received message 6 of 318 bytes ocserv[24206]: SRVIP:55568 TLS handshake completed ocserv[24206]: SRVIP:55568 client needs compact auth ocserv[24206]: SRVIP:55568 worker-auth.c:553: cannot find username in client XML message ocserv[24206]: SRVIP:55568 worker-auth.c:713: failed reading username ocserv[24206]: SRVIP:55568 sending message 1 to main ocserv[24179]: SRVIP:55568 main received message 1 of 13 bytes ocserv[24179]: SRVIP:55568 auth init for user 'testuser' from 'SRVIP:55568' ocserv[24179]: SRVIP:55568 sending message 2 to worker ocserv[24206]: SRVIP:55568 received auth reply message 2 ocserv[24206]: SRVIP:55568 continuing authentication for '' ocserv[24206]: SRVIP:55568 sending message 3 to main ocserv[24179]: SRVIP:55568 main received message 3 of 3 bytes ocserv[24179]: SRVIP:55568 auth req for user 'testuser' ocserv[24179]: SRVIP:55568 accepting user 'testuser' ocserv[24179]: SRVIP:55568 auth deinit for user 'testuser' ocserv[24179]: SRVIP:55568 selected IP for 'testuser': 10.10.11.148 ocserv[24179]: SRVIP:55568 assigned IPv4 to 'testuser': 10.10.11.149 ocserv[24179]: SRVIP:55568 assigning tun device vpns0 ocserv[24179]: SRVIP:55568 user 'testuser' of group '[unknown]' authenticated ocserv[24179]: SRVIP:55568 sending (socket) message 2 to worker ocserv[24206]: SRVIP:55568 received auth reply message 1 ocserv[24206]: SRVIP:55568 user 'testuser' logged in ocserv[24179]: SRVIP:55568 handle_commands:378: command socket closed On Sun, Jan 12, 2014 at 8:32 PM, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote: > On 01/12/2014 01:30 PM, Thomas Glanzmann wrote: > >>> Now the client manages to establish a TCP connection but terminates >>> immediately because "VPN establishment capability from a remote >>> Desktop is disabled"... So I guess there is again something it doesn't >>> like. >> could you please push your changes, that I can try to reproduce locally. >> Also on the win7 desktop, I now connected using RDP (remote desktop) to >> my ASA and applied the policy from there. Now the AnyConnect can connect >> to any other VPN server as well, in case you want to try again. But I >> think that you already have fixed it. I'll try to reproduce as soon as >> you push the changes. > > It should be there already. The commit needed is > 2e2310187ddce390f88e8590cf2a838f1434a548 > "Replaced the username cookie with a compact auth option." > > regards, > Nikos > > > _______________________________________________ > openconnect-devel mailing list > openconnect-devel at lists.infradead.org > http://lists.infradead.org/mailman/listinfo/openconnect-devel