On Thu, Sep 1, 2016 at 2:56 PM, Frank H.Y. Wang <gladandong at gmail.com> wrote: >> Could you be more specific on which feature are you referring to and >> what are you trying to achieve? If it is about selecting groups on >> login, I don't see why this cannot be automated from the openconnect >> command line (see --authgroup). > On the client side I am using Cisco AnyConnect. And I have created a custom > profile.xml with server list like this: > > <ServerList> > <HostEntry> > <HostName>Example (Forwarding)</HostName> > <HostAddress>vpn.example.com</HostAddress> > <UserGroup>Forwarding</UserGroup> > </HostEntry> > <HostEntry> > <HostName>Example (Split-Tunneling)</HostName> > <HostAddress>vpn.example.com</HostAddress> > <UserGroup>Split-Tunneling</UserGroup> > </HostEntry> > </ServerList> > > The goal is to show the user two separated VPN connections in the AnyConnect > GUI to the same ocserv server, but with different group pre-specified. For > example when the user want to connect with the "Forwarding" group, they can > simply choose the "Example (Forwarding)" connection. > > The problem is that ocserv doesn't expect the group name in the > authentication URL and rejected the authentication request. So I am > wondering if we can take the authentication URL as another source of the > group name. We could use most likely register a generic handler, something like "/groups", and have the groups specified as /groups/mygroup. If you have a nice patch for that I'll certainly consider it. regards, Nikos
