On Sat, Dec 5, 2015 at 11:29 AM, Nikos Mavrogiannopoulos <n.mavrogiannopoulos at gmail.com> wrote: > On Sat, 2015-12-05 at 22:42 +0800, sskaje wrote: >> I tried both haproxy + ocserv and ocserv, same error. >> Anyone else met this? >> >> iOS 9.1, AnyConnect 3.0.12169 > [...] >> ocserv[22505]: worker: 1.1.1.1 HTTP POST /VPN >> ocserv[22505]: worker: 1.1.1.1 unexpected POST URL /VPN > > Hi, > That URL is not something ocserv handles. They must have changed their > protocol. If I configure the client to connect to e.g. "https://10.0.0.1/VPN" instead of just "https://10.0.0.1", then it will POST the initial request to /VPN. Maybe it is just a configuration issue? IIRC, the ASA lets you set up URL aliases that autoselect a specific authgroup, which is why the user is allowed to specify a full URL instead of just a hostname.