David, I have found what you are talking about with CURL on a post in April; I have tried the wrapper written by Kevin Cernekee And I passed the CSD !! :) Thanks a lot ! But now I'm blocked again because my credentials are not recognized. Default Policy in action apparently : Please enter your username and password. GROUP: [MY-Home-Computer|My-Corporate-Laptop]:My-Corporate-Laptop Username:MYUSERNAME Password:**** Username:MYUSERNAME Password:**** POST https://www.COMPANY_SITE.com/+webvpn+/index.html Failed to write to SSL socket: Error in the push function. N?gociation SSL with www.COMPANY_SITE.com Server certificate verify failed: signer not found Connected to HTTPS on www.COMPANY_SITE.com Login denied. TERMINATED VIA DEFAULT POLICY Please enter your username and password. GROUP: [MY-Home-Computer|My-Corporate-Laptop]: Thanks in advance -- Fromzy 2015-01-03 22:57 GMT+01:00 David Woodhouse <dwmw2 at infradead.org>: > On Sat, 2015-01-03 at 22:30 +0100, Fromzy wrote: >> >> As far as I understand I will never be able to connect to my company >> VPN with OpenConnect because of this policies. > > No, not at all. > > All you need to do is persuade cscan that its requirements *are* met. > Since you can run it in whatever environment you like, that shouldn't be > hard. > > Perhaps even easier, all you *actually* need to do is post something > back to the server which matches what cscan would post if it is happy. > > In the past, haven't some people achieved that with a simple script > invoking 'curl'? > > I think the cstub trojan leaves detailed logs, doesn't it? Do you know > what it's objecting to? > > -- > dwmw2