On Sun, Dec 17, 2017 at 12:30 PM, Daniel Lenski <dlenski at gmail.com> wrote: > This patch is intended to support protocols, like GlobalProtect, which > require a specific User-Agent header value to be set in order to work > correctly. It would basically be a slightly more generic version of what David added in: http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/4387e14cf4183d4603b42d5e98583904d8579f3c > It could be written in other ways (for example, a callable function to > add the appropriate HTTP header, rather than a fixed string), but in > the absence of any known use for a more complex version, this seems > like the most straightforward approach. The expectation that OpenConnect can use an HTTPS User-Agent header based on a truthful name and version of the connecting software is fairly deeply embedded in the API right now and it's probably a good idea to keep it. I believe it works fine for all, or nearly all, AnyConnect and Juniper VPNs. I've certainly never found one where I *had* to override the User-Agent string in order for the server to let me connect. However, there *are* some cases where Juniper servers generate much simpler-to-parse HTML forms if they are accessed with "User-Agent: ncsvc", which is the value sent by the mini-HTML-browser built into the official NC clients' connection GUI. I mentioned one such example which I've exploited here: http://lists.infradead.org/pipermail/openconnect-devel/2017-January/004190.html -Dan
