I?ve got problems with openconnect it seems to work but sometihing seems to be wrong with default gw or such im here posting the output of the openconnect command: sudo openconnect XXXX.XXX.XX --dump-http-traffic --user=userxxx [sudo] password for eric: Sorry, try again. [sudo] password for eric: POST https://XXXX.XXX.XX/ Attempting to connect to server xxx.xxx.xxx.xx:443 Connected to 1 xxx.xxx.xx.xx :443 SSL negotiation with XXXXXX.XXXXX.XX Connected to HTTPS on XXXXXX.XXXXX.XX POST / HTTP/1.1 Host: XXXXXX.XXXXX.XX User-Agent: Open AnyConnect VPN Agent v7.08 Accept: / Accept-Encoding: identity X-Transcend-Version: 1 X-Aggregate-Auth: 1 X-AnyConnect-Platform: linux-64 X-Support-HTTP-Auth: true X-Pad: 000000000000000000000000000000000000000 Content-Type: application/x-www-form-urlencoded Content-Length: 217 <?xml version=?1.0? encoding=?UTF-8??> <config-auth client=?vpn? type=?init?><version who=?vpn?>v7.08</version><device-id>linux-64</device-id><group-access>h ttps://XXXXXX.XXXXX.XX</group-access></config-auth>; Got HTTP response: HTTP/1.0 302 Temporary moved Set-Cookie: tg=0Q1BfQ29ubmVjdC1kb3Q=; path=/; secure Content-Length: 0 Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Tue, 28 Nov 2017 08:49:43 GMT X-Frame-Options: SAMEORIGIN Location: /+webvpn+/index.html HTTP body length: (0) GET https://XXXXXX.XXXXX.XX/ Attempting to connect to server xxx.xxx.xxx.xx:443 Connected to xxx.xxx.xxx.xx:443 SSL negotiation with XXXXXX.XXXXX.XX Connected to HTTPS on XXXXXX.XXXXX.XX GET / HTTP/1.1 Host: XXXXXX.XXXXX.XX User-Agent: Open AnyConnect VPN Agent v7.08 Cookie: tg=0Q1BfQ29ubmVjdC1kb3Q= Accept: / Accept-Encoding: identity X-Transcend-Version: 1 X-Support-HTTP-Auth: true Got HTTP response: HTTP/1.0 302 Temporary moved Set-Cookie: tg=0Q1BfQ29ubmVjdC1kb3Q=; path=/; secure Content-Length: 0 Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Tue, 28 Nov 2017 08:49:44 GMT X-Frame-Options: SAMEORIGIN Location: /+webvpn+/index.html HTTP body length: (0) GET https://XXXXXX.XXXXX.XX/+webvpn+/index.html SSL negotiation with XXXXXX.XXXXX.XX Connected to HTTPS on XXXXXX.XXXXX.XX GET /+webvpn+/index.html HTTP/1.1 Host: XXXXXX.XXXXX.XX User-Agent: Open AnyConnect VPN Agent v7.08 Cookie: tg=0Q1BfQ29ubmVjdC1kb3Q= Accept: / Accept-Encoding: identity X-Transcend-Version: 1 X-Support-HTTP-Auth: true Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnlogin=1; secure X-Frame-Options: SAMEORIGIN X-Transcend-Version: 1 HTTP body chunked (-2) < <?xml version=?1.0? encoding=?UTF-8??> < <!? < Copyright ? 2013 by Cisco Systems, Inc. < All rights reserved. < --> < <auth id=?main?> < <title>SSL VPN Service</title> < <ca status=?disabled? href="/+CSCOCA+/login.html" /> < < < < <banner></banner> < <message>Please enter your username and password.</message> < < < <form method=?post? action="/+webvpn+/index.html"> < < <input type=?text? name=?username? label=?Username:? /> < <input type=?password? name=?password? label=?Password:? /> < < < <input type=?hidden? name=?tgroup? value=?CP_Connect-dot? /> < < <input type=?submit? name=?Login? value=?Login? /> < <input type=?reset? name=?Clear? value=?Clear? /> < < < </form> < </auth> < Please enter your username and password. Password: POST https://XXXXXX.XXXXX.XX/+webvpn+/index.html POST /+webvpn+/index.html HTTP/1.1 Host: XXXXXX.XXXXX.XX User-Agent: Open AnyConnect VPN Agent v7.08 Cookie: tg=0Q1BfQ29ubmVjdC1kb3Q=; webvpnlogin=1 Accept: / Accept-Encoding: identity X-Transcend-Version: 1 X-Support-HTTP-Auth: true X-Pad: 0000000 Content-Type: application/x-www-form-urlencoded Content-Length: 57 username=userxxx&password=4717900042&tgroup=CP_Connect-dot Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpnlogin=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpn=<elided>; path=/; secure Set-Cookie: webvpnc=bu:/CACHE/stc/&p:t&iu:1/&sh:3586B5BFBB2E5B9BCE941D080B1AB542449 6D049&lu:/+CSCOT+/translation- table?textdomain%3DAnyConnect%26type%3Dmanifest&fu:profiles%2FCPRO_Conn ect-dot.xml&fh:2D688AB42581E931DCC461496BDA1CA9E3A0CEAF; path=/; secure Set-Cookie: webvpnx= Set-Cookie: webvpnaac=1; path=/; secure X-Frame-Options: SAMEORIGIN X-Transcend-Version: 1 HTTP body chunked (-2) < <?xml version=?1.0? encoding=?UTF-8??> < <auth id=?success?> < <title>SSL VPN Service</title> < <message>Success</message> < <success/> < </auth> < < TCP_INFO rcv mss 1368, snd mss 1368, adv mss 1448, pmtu 1500 CONNECT /CSCOSSLC/tunnel HTTP/1.1 Host: XXXXXX.XXXXX.XX User-Agent: Open AnyConnect VPN Agent v7.08 Cookie: webvpn=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx X-CSTP-Version: 1 X-CSTP-Hostname: lovdot064bx X-CSTP-Accept-Encoding: oc-lz4,lzs X-CSTP-Base-MTU: 1500 X-CSTP-MTU: 1406 X-CSTP-Address-Type: IPv6,IPv4 X-CSTP-Full-IPv6-Capability: true X-DTLS-Master-Secret: E2BCF0FDB0BCFC28501F71A45327A4218DF5887BBCF38E4AEE3ED65A4DA18249CF5BA35 CC0E92F728F62022BC2B9EE9E X-DTLS-CipherSuite: PSK-NEGOTIATE:OC-DTLS1_2-AES256-GCM:OC2-DTLS1_2- CHACHA20-POLY1305:DHE-RSA-AES256-SHA:OC-DTLS1_2-AES128-GCM:DHE-RSA- AES128-SHA:DES-CBC3-SHA:AES256-SHA:AES128-SHA X-DTLS-Accept-Encoding: oc-lz4,lzs Got CONNECT response: HTTP/1.1 200 OK X-CSTP-Version: 1 X-CSTP-Protocol: Copyright ? 2004 Cisco Systems, Inc. X-CSTP-Address: 10.16.10.10 X-CSTP-Netmask: 255.255.255.0 X-CSTP-Hostname: a-uso-01mh11-30wf04-2.orebroll.se X-CSTP-DNS: 10.10.55.10 X-CSTP-DNS: 10.50.55.10 X-CSTP-Lease-Duration: 1209600 X-CSTP-Session-Timeout: none X-CSTP-Idle-Timeout: 36000 X-CSTP-Disconnected-Timeout: 36000 X-CSTP-Default-Domain: orebroll.se X-CSTP-Keep: true X-CSTP-Tunnel-All-DNS: false X-CSTP-DPD: 30 X-CSTP-Keepalive: 20 X-CSTP-MSIE-Proxy-Lockdown: true X-CSTP-Smartcard-Removal-Disconnect: true X-DTLS-Session-ID: 2D193D167309B0422B7D32B1589B24F89DCF0B0D2CF899056C8C13AF9437C0B1 X-DTLS-Port: 443 X-DTLS-Keepalive: 20 X-DTLS-DPD: 30 X-CSTP-MTU: 1200 X-DTLS-MTU: 1200 X-DTLS-CipherSuite: AES128-SHA X-CSTP-Routing-Filtering-Ignore: false X-CSTP-Quarantine: false X-CSTP-Disable-Always-On-VPN: false X-CSTP-Client-Bypass-Protocol: false X-CSTP-TCP-Keepalive: true CSTP connected. DPD 30, Keepalive 20 CSTP Ciphersuite: (TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-256-GCM) DTLS option X-DTLS-Session-ID : 2D193D167309B0422B7D32B1589B24F89DCF0B0D2CF899056C8C13AF9437C0B1 DTLS option X-DTLS-Port : 443 DTLS option X-DTLS-Keepalive : 20 DTLS option X-DTLS-DPD : 30 DTLS option X-DTLS-MTU : 1200 DTLS option X-DTLS-CipherSuite : AES128-SHA DTLS initialised. DPD 30, Keepalive 20 Connected as 10.16.10.10, using SSL Established DTLS connection (using GnuTLS). Ciphersuite (DTLS0.9)- (RSA)-(AES-128-CBC)-(SHA1). Initiating IPv4 MTU detection (min=600, max=1200) Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE). Failed to send DPD request (1200 -5) Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE). Failed to send DPD request (1199 -5) Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE). Failed to send DPD request (1198 -5) Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE). Failed to send DPD request (1197 -5) Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE). Failed to send DPD request (1196 -5) Failed to write to SSL socket: The transmitted packet is too large (EMSGSIZE). Failed to send DPD request (1195 -5) Detected MTU of 1194 bytes (was 1200) Send CSTP Keepalive Send CSTP DPD Got CSTP DPD response Send DTLS DPD Got DTLS DPD response after this I?m able to connect to internet but noting on the ?inside? of my company net checkin ip a yealds : lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:28:f8:d9:68:31 brd ff:ff:ff:ff:ff:ff inet 192.168.43.90/24 brd 192.168.43.255 scope global dynamic wlp3s0 valid_lft 3301sec preferred_lft 3301sec inet6 fe80::9581:8bb6:10e7:c87a/64 scope link valid_lft forever preferred_lft forever 3: enp0s31f6: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000 link/ether ac:e2:d3:3a:b2:59 brd ff:ff:ff:ff:ff:ff 9: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1194 qdisc fq_codel state UNKNOWN group default qlen 500 link/none inet 10.16.10.11/32 scope global tun0 valid_lft forever preferred_lft forever and ip route show default dev tun0 scope link default via 192.168.43.1 dev wlp3s0 proto static metric 600 10.16.10.0/24 dev tun0 scope link 10.16.10.0/24 dev tun0 scope link metric 5 192.168.43.0/24 dev wlp3s0 proto kernel scope link src 192.168.43.90 metric 600 xxx.xxx.xxx.xx via 192.168.43.1 dev wlp3s0 src 192.168.43.90 any ideas are welcome /Eric
