On Thu, Sep 28, 2017 at 2:48 PM, Abdulla Bubshait <darkstego at gmail.com> wrote:
>
> > You should use --dump to show the complete chain of HTTPS request and
> > response headers.
>
> Thanks for this. It seems openconnect is indeed issuing the three DTLS
> lines, but nothing seems to be coming in response.
Huh? indeed.
> I wonder how the anyconnect client is able to create a DTLS connection
> in this case.
This is just a guess, but it's possible that your VPN gateway is only
configured to offer a DTLS connection to specific whitelisted versions
of the AnyConnect connect (perhaps to work around bugs in older ones).
--useragent=STRING
Use STRING as 'User-Agent:' field value in HTTP header.
(e.g. --useragent 'Cisco AnyConnect VPN Agent for
Windows 2.2.0133')
Perhaps if you spoof the User-Agent sent by the Windows client with
openconnect --useragent, the gateway will comply?
Thanks,
Dan
