Hi, Is there a way to configure the network-manager connection file to pass the authgroup into openconnect? I'm interested in switching from using a shell-script wrapper to run openconnect as an unprivileged user to using the NetworkManager-Openconnect hack discussed here: https://bugzilla.redhat.com/show_bug.cgi?id=1218335, with PKCS#11 authentication. It seems that when connecting to the vpn this way, the PKCS#11 card is authenticated, then the GUI returns to a normal login page with an Auth Group drop down. If we select the group for smart card users, and click login the things seem to work, but it's very confusing to end-users. (I manage a lot of linux desktops and laptops for semi-linux saavy scientists). We're running CentOS, Scientific Linux and RHEL 7. The script solution causes us two issues: 1. Security - sudo makes it difficult to specify the exact command line args required to use PKCS#11 certificate string with -c. If I wildcard the sudo rule, then someone could manually run the command and get access to root through manipulating the -s/S argument. 2. Using CTRL-C close the VPN connection after running openconnect on the command line results in leaving behind vpn0 still with an active IP address, this messes up DNS and routing. If there are any suggestions to resolve the scripted method's issues those would be welcome too :) Many thanks! --Sean
