I'm connecting to a VPN endpoint that uses a non-standard field name for the oath/totp challenge. There was a set of patches to openconnect here http://lists.infradead.org/pipermail/openconnect-devel/2015-December/003330.html that add a token-field option. These still apply cleanly and the patch resolves my issue replying with a token. Can this patchset be applied to HEAD? If there was some reason this wasn't merged I'd be happy to help get it in to a state where it can be. Here's the challenge, dumped with --dump-http-traffic, I'm seeing: Got HTTP response: HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Cache-Control: no-cache Pragma: no-cache Connection: Keep-Alive Date: **redacted** X-Frame-Options: SAMEORIGIN X-Aggregate-Auth: 1 HTTP body chunked (-2) < <?xml version="1.0" encoding="UTF-8"?> < <config-auth client="vpn" type="auth-request" aggregate-auth-version="2"> < <opaque is-for="sg"> < <tunnel-group>**redacted**</tunnel-group> < <auth-handle>**redacted**</auth-handle> < <group-alias>**redacted**</group-alias> < <config-hash>**redacted**</config-hash> < </opaque> < <auth id="challenge"> < <title>Login</title> < <message id="2" param1="Enter your security code:" param2="">%s</message> < <form> < <input type="password" name="answer" label="Response:"></input> < <input type="submit" name="Continue" label="continue"></input> < </form> < </auth> < </config-auth> - Tyson