On 8/31/16 6:53 PM, Nikos Mavrogiannopoulos wrote:
> Could you be more specific on which feature are you referring to and
> what are you trying to achieve? If it is about selecting groups on
> login, I don't see why this cannot be automated from the openconnect
> command line (see --authgroup).
>
> regards,
> Nikos
Thanks Nikos,
On the client side I am using Cisco AnyConnect. And I have created a
custom profile.xml with server list like this:
<ServerList>
<HostEntry>
<HostName>Example (Forwarding)</HostName>
<HostAddress>vpn.example.com</HostAddress>
<UserGroup>Forwarding</UserGroup>
</HostEntry>
<HostEntry>
<HostName>Example (Split-Tunneling)</HostName>
<HostAddress>vpn.example.com</HostAddress>
<UserGroup>Split-Tunneling</UserGroup>
</HostEntry>
</ServerList>
The goal is to show the user two separated VPN connections in the
AnyConnect GUI to the same ocserv server, but with different group
pre-specified. For example when the user want to connect with the
"Forwarding" group, they can simply choose the "Example (Forwarding)"
connection.
The problem is that ocserv doesn't expect the group name in the
authentication URL and rejected the authentication request. So I am
wondering if we can take the authentication URL as another source of the
group name.
ocserv[29387]: main: x.x.x.x:51561 main received worker's message
'session info' of 6 bytes
ocserv[29392]: TLS[<5>]: REC[0x22d2010]: SSL 3.3 Application Data packet
received. Epoch 0, length: 283
ocserv[29392]: TLS[<5>]: REC[0x22d2010]: Expected Packet Application
Data(23)
ocserv[29392]: TLS[<5>]: REC[0x22d2010]: Received Packet Application
Data(23) with length: 283
ocserv[29392]: TLS[<5>]: REC[0x22d2010]: Decrypted Packet[1] Application
Data(23) with length: 259
ocserv[29392]: worker: x.x.x.x HTTP processing: Cache-Control: no-cache
ocserv[29392]: worker: x.x.x.x HTTP processing: Connection: close
ocserv[29392]: worker: x.x.x.x HTTP processing: Pragma: no-cache
ocserv[29392]: worker: x.x.x.x HTTP processing: Host:
sgwlaxpri.vastorigin.com
ocserv[29392]: worker: x.x.x.x HTTP processing: User-Agent: AnyConnect
Windows 4.3.01095
ocserv[29392]: worker: x.x.x.x User-agent: 'AnyConnect Windows 4.3.01095'
ocserv[29392]: worker: x.x.x.x HTTP processing: X-Transcend-Version: 1
ocserv[29392]: worker: x.x.x.x HTTP processing: X-Aggregate-Auth: 1
ocserv[29392]: worker: x.x.x.x HTTP processing: X-AnyConnect-Platform: win
ocserv[29392]: worker: x.x.x.x HTTP processing: Content-Length: 618
ocserv[29392]: worker: x.x.x.x HTTP POST /Forwarding
ocserv[29392]: TLS[<5>]: REC[0x22d2010]: SSL 3.3 Application Data packet
received. Epoch 0, length: 642
ocserv[29392]: TLS[<5>]: REC[0x22d2010]: Expected Packet Application
Data(23)
ocserv[29392]: TLS[<5>]: REC[0x22d2010]: Received Packet Application
Data(23) with length: 642
ocserv[29392]: TLS[<5>]: REC[0x22d2010]: Decrypted Packet[2] Application
Data(23) with length: 618
ocserv[29392]: worker: x.x.x.x unexpected POST URL /Forwarding
Frank
