On Sun, Jun 3, 2018 at 4:27 AM, Stephen Davies <sdavies at sdc.com.au> wrote: > On 02/06/18 18:50, Daniel Lenski wrote: >> >> On Sat, Jun 2, 2018 at 11:00 AM, Stephen Davies <sdavies at sdc.com.au> >> wrote: > Down with paranoia! > > I love simple solutions like this but unfortunately, it did not work for me. > > I added --useragent="Cisco AnyConnect VPN Agent for Windows 4.6.01098" to my > command line and then to my config file but neither made any difference to > the output. > > I tried 7.06 (from Centos 7) and 7.08 built here with OpenSSL 1.1.0h. > > The results were the same except that 7.08 gave additional messages re the > issuer certificate. > > I then managed to find that the Windoze AnyConnect client that they use is > 4.2.01035 so I tried that in the useragent but still no joy. > > Is there something different in that old version of AnyConnect? Drat! I was excessively confident about the correct solution there. 1. What exactly is in your config file? 2. If you run `openconnect --dump -vvvv`, you should get a ton of additional information that helps pinpoint exactly where the server decides it doesn't like your client. Dan
