On Fri, Dec 4, 2015 at 6:24 PM, Andrew Falk <falk0069 at gmail.com> wrote: > I got two other co-workers hook up this way as well and we are all > successfully able to connect now. I'm having my co-workers use the > "--os-android" flag, but I question if this isn't going to lead to other > issues in the future. All, I want to do is continue if the CSD failed to > download or skip it altogether. I wouldn't expect any problems as long as the ASA configuration doesn't change. But your admin could (inadvertently or otherwise) modify the hostscan/posture settings in a way that breaks this configuration. BTW, there is a new Chrome OS AnyConnect client that we may want to learn how to mimic. It's implemented using PNaCl, which means it wouldn't be possible for the gateway to send down native CSD binaries to probe the system. In this sense it is similar to iOS. > What I'd like to eventually do is put together a tutorial for other Linux > users who are stuck. I spent a long time getting this to work and I think > others might find it useful. For the Android case, it would be easy enough to add code to openconnect that POSTs an appropriate CSD response without needing a wrapper script. I think you could probably extend this to cover other OSes, e.g. if "--os win" is specified it could download the data.xml file, find the appropriate "os_check" clause, and send the corresponding "location" name. In your case this was "Default" but it varies. This wouldn't be enough to satisfy checks for up-to-date antivirus software, service pack levels, registry keys, etc. but it might cover the more common situations anyway.
