Hi, (I posted this question at SuperUser.com [1] yesterday, but no reply thus far, so I thought I should ask the mailing list; it seems to be the official help channel.) In the past I could connect to a certain Cisco VPN server. I've been away travelling for 7 weeks, and now I'm back home, but no longer able to connect to the VPN server. Now the server suddenly asks me to run a 'Cisco Secure Desktop' trojan, and I've configured OpenConnect to do this (both via a GUI dialog, and the `--csd-user` command line option to `openconnect`), still I'm no longer able to get the VPN connection working. The VPN connection log ends with these four lines repeated over and over again: ``` GET https://vpn.server.com/+CSCOE+/sdesktop/wait.html SSL negotiation with vpn.server.com Connected to HTTPS on vpn.server.com Refreshing +CSCOE+/sdesktop/wait.html after 1 second... ``` Do you have any idea about what's happening or how I can fix this? Would you guess that the problem is a VPN server side configuration change? The 'Cisco Secure Desctop' script perhaps? The VPN server has never asked me to run the 'Cisco Secure Desktop' script before, when I was able to connect. ? Or do you think my OS has upgraded OpenConnect to a somehow incompatible version? Other people are able to connect to the VPN server ? they use Mac or Windows, not Linux, though. My OS: Linux Mint 17. OpenConnect version v5.02. Things I've tested: 1. I read at: https://bbs.archlinux.org/viewtopic.php?pid=1172567#p1172567 that I could wrap the 'Cisco Secure Desktop' script in a shell script, via the --csd-wrapperoption; the suggested script looks like below, but running it had no effect. ``` #!/bin/bash -x exec 2>&1 > /dev/null CSD_BINARY="$1" shift $CSD_BINARY "$@" ``` 2. I read at: http://lists.infradead.org/pipermail/openconnect-devel/2013-July/001119.html that the `--no-xmlpost` flag might help; it didn't have any effect though. 3. I read at: http://lists.infradead.org/pipermail/openconnect-devel/2013-July/001117.html that the 'Cisco Secure Desctop' script might need 32 bit support, but apparently my OS already has that: ``` $ dpkg --print-foreign-architectures i386 ``` Someone else has encountered the same problem: http://nerdanswer.com/answer.php?q=327709 (It's a ServerFault question, but it was apparently deleted at ServerFault, off-topic over there I'd guess. There were no answers to the question.) Here's the full OpenConnect log: ``` POST https://vpn.server.com/ Attempting to connect to server 111.222.333.444:443 Using client certificate 'My-Full-Name' Adding supporting CA 'TC TrustCenter Class 2 L1 CA XI' SSL negotiation with vpn.server.com Connected to HTTPS on vpn.server.com Got HTTP response: HTTP/1.0 302 Object Moved GET https://vpn.server.com/ Attempting to connect to server 111.222.333.444:443 SSL negotiation with vpn.server.com Connected to HTTPS on vpn.server.com Got HTTP response: HTTP/1.0 302 Object Moved GET https://vpn.server.com/+webvpn+/index.html SSL negotiation with vpn.server.com Connected to HTTPS on vpn.server.com GET https://vpn.server.com/CACHE/sdesktop/install/binaries/sfinst GET https://vpn.server.com/+CSCOE+/sdesktop/wait.html Refreshing +CSCOE+/sdesktop/wait.html after 1 second... GET https://vpn.server.com/+CSCOE+/sdesktop/wait.html SSL negotiation with vpn.server.com Connected to HTTPS on vpn.server.com Refreshing +CSCOE+/sdesktop/wait.html after 1 second... GET https://vpn.server.com/+CSCOE+/sdesktop/wait.html SSL negotiation with vpn.server.com Connected to HTTPS on vpn.server.com Refreshing +CSCOE+/sdesktop/wait.html after 1 second... GET https://vpn.server.com/+CSCOE+/sdesktop/wait.html SSL negotiation with vpn.server.com Connected to HTTPS on vpn.server.com Refreshing +CSCOE+/sdesktop/wait.html after 1 second... GET https://vpn.server.com/+CSCOE+/sdesktop/wait.html SSL negotiation with vpn.server.com Connected to HTTPS on vpn.server.com Refreshing +CSCOE+/sdesktop/wait.html after 1 second... (... continues forever) ``` Thanks for your time and any help, Best regards, KajMagnus [1]: http://superuser.com/questions/836157/openconnect-cannot-connect-to-vpn-server-refreshes-wait-html-forever
