Sorry I lost track of this response. Interesting log. Indeed, it *does not* appear as if your VPN is requesting a CSD scan. However, it *is* offering up some kind of “umbrella roaming security” profile. Is there anything interesting/relevant that appears in either https://${VPNGATEWAY}/CACHE/stc/profiles/!companyProfile.xml or https://${VPNGATEWAY}/CACHE/stc/profiles/umbrella.xml? You should be able to inspect these with an ordinary web browser. (By the way, I wondered if this could be in some way related to the connection banner, which must be “accepted” in order to continue. However, David Woodhouse incorporated some changes to address this in OpenConnect v8.0+, and you are running the latest-and-greatest OpenConnect v8.05. https://gitlab.com/openconnect/openconnect/issues/1) End portion from your log: > Got CONNECT response: HTTP/1.1 200 OK > X-CSTP-Version: 1 > X-CSTP-Protocol: Copyright (c) 2004 Cisco Systems, Inc. > X-CSTP-Address: xxx.xxx.68.231 > X-CSTP-Netmask: xxx.xxx.248.0 > X-CSTP-Hostname: NL-AMS-VA05.company.com > X-CSTP-DNS: xxx.xxx.2.88 > X-CSTP-DNS: xxx.xxx.157.115 > X-CSTP-Lease-Duration: 72000 > X-CSTP-Session-Timeout: 72000 > X-CSTP-Session-Timeout-Alert-Interval: 60 > X-CSTP-Session-Timeout-Remaining: 72000 > X-CSTP-Idle-Timeout: 1800 > X-CSTP-Disconnected-Timeout: 1800 > X-CSTP-Default-Domain: vpn.company.com > X-CSTP-Split-Exclude: xxx.xxx.0.0/255.255.255.255 > X-CSTP-Split-Exclude: xxx.xxx.99.0/255.255.255.0 > X-CSTP-Split-DNS: corp.company.com > X-CSTP-Split-DNS: hq.company.com > X-CSTP-Split-DNS: company.com > X-CSTP-Split-DNS: eng.company.com > X-CSTP-Split-DNS: rtp.company.com > X-CSTP-Split-DNS: europe.company.com > X-CSTP-Split-DNS: nane.company.com > X-CSTP-Split-DNS: atc.company.com > X-CSTP-Keep: true > X-CSTP-Tunnel-All-DNS: false > X-CSTP-DPD: 30 > X-CSTP-Keepalive: 20 > X-CSTP-Banner: THIS%20SYSTEM%20IS%20RESTRICTED%20TO%20AUTHORIZED%20USERS%20FOR%20AUTHORIZED%20USE%20ONLY.%20%20UNAUTHORIZED%20ACCESS%20IS%20STRICTLY%20PROHIBITED%20AND%20MAY%20BE%20PUNISHABLE%20UNDER%20THE%20COMPUTER%20FRAUD%20AND%20ABUSE%20ACT%20OF%201986%20OR%20OTHER%20APPLICABLE%20LAWS.%20%20IF%20NOT%20AUTHORIZED%20TO%20ACCESS%20THIS%20SYSTEM%2C%20DISCONNECT%20NOW.%20%20BY%20CONTINUING%2C%20YOU%20CONSENT%20TO%20YOUR%20ACTIVITIES%20BEING%20MONITORED.%20%20ALL%20PERSONS%20ARE%20HEREBY%20NOTIFIED%20THAT%20THE%20USE%20OF%20THIS%20SYSTEM%20CONSTITUTES%20CONSENT%20TO%20MONITORING%20AND%20AUDITING.%0A > X-CSTP-MSIE-Proxy-Lockdown: true > X-CSTP-Smartcard-Removal-Disconnect: true > X-DTLS-Session-ID: > 0F297F8CD504D15046B2367FFA949AC8106CDA9C9C0D648F186FC330E99DD014 > X-DTLS-Port: 443 > X-DTLS-Keepalive: 20 > X-DTLS-DPD: 30 > X-CSTP-MTU: 1271 > X-DTLS-MTU: 1322 > X-DTLS-CipherSuite: DHE-RSA-AES256-SHA > X-CSTP-Routing-Filtering-Ignore: false > X-CSTP-Quarantine: false > X-CSTP-Disable-Always-On-VPN: false > X-CSTP-Client-Bypass-Protocol: true > X-CSTP-TCP-Keepalive: true > X-CSTP-Post-Auth-XML: <elided> > CSTP connected. DPD 30, Keepalive 20 > CSTP Ciphersuite: (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-256-GCM) > DTLS option X-DTLS-Session-ID : > 0F297F8CD504D15046B2367FFA949AC8106CDA9C9C0D648F186FC330E99DD014 > DTLS option X-DTLS-Port : 443 > DTLS option X-DTLS-Keepalive : 20 > DTLS option X-DTLS-DPD : 30 > DTLS option X-DTLS-MTU : 1322 > DTLS option X-DTLS-CipherSuite : DHE-RSA-AES256-SHA > DTLS initialised. DPD 30, Keepalive 20 > Connected as xxx.xxx.68.231, using SSL, with DTLS in progress > No work to do; sleeping for 1000 ms... > No work to do; sleeping for 1000 ms... > Established DTLS connection (using GnuTLS). Ciphersuite > (DTLS0.9)-(DHE-CUSTOM)-(AES-256-CBC)-(SHA1). > Initiating MTU detection (min=576, max=1322) > Sending MTU DPD probe (1322 bytes) > Received MTU DPD probe (1322 bytes) > No change in MTU after detection (was 1322) > No work to do; sleeping for 1000 ms... > Connect Banner: > | THIS SYSTEM IS RESTRICTED TO AUTHORIZED USERS FOR AUTHORIZED USE > ONLY. UNAUTHORIZED ACCESS IS STRICTLY PROHIBITED AND MAY BE > PUNISHABLE UNDER THE COMPUTER FRAUD AND ABUSE ACT OF 1986 OR OTHER > APPLICABLE LAWS. IF NOT AUTHORIZED TO ACCESS THIS SYSTEM, DISCONNECT > NOW. BY CONTINUING, YOU CONSENT TO YOUR ACTIVITIES BEING MONITORED. > ALL PERSONS ARE HEREBY NOTIFIED THAT THE USE OF THIS SYSTEM > CONSTITUTES CONSENT TO MONITORING AND AUDITING. > | > add host xxx.xxx.208.21: gateway xxx.xxx.1.1 > xxx.xxx.1.1 > xxx.xxx.0.1 > add net xxx.xxx.64.0: gateway xxx.xxx.68.231 > add net xxx.xxx.99.0: gateway xxx.xxx.1.1 > xxx.xxx.1.1 > xxx.xxx.0.1 > add net xxx.xxx.0.0: gateway xxx.xxx.1.1 > xxx.xxx.1.1 > xxx.xxx.0.1 > delete net default: gateway xxx.xxx.1.1 > xxx.xxx.1.1 > xxx.xxx.0.1 > add net default: gateway xxx.xxx.68.231 > No work to do; sleeping for 1000 ms... > Sent DTLS packet of 72 bytes; DTLS send returned 73 > On Sun, Dec 1, 2019 at 1:49 AM Applied Nominate <applied.nominate@xxxxxxxxx> wrote: > > > > I hope I did a good job at anonymizing ! > > > > POST https://vpnserver.company.com/corp > > Attempting to connect to server xxx.xxx.208.21:443 > > Connected to xxx.xxx.208.21:443 > > SSL negotiation with vpnserver.company.com > > Connected to HTTPS on vpnserver.company.com > > > POST /corp HTTP/1.1 > > > Host: vpnserver.company.com > > > User-Agent: Open AnyConnect VPN Agent v8.05 > > > Accept: */* > > > Accept-Encoding: identity > > > X-Transcend-Version: 1 > > > X-Aggregate-Auth: 1 > > > X-AnyConnect-Platform: mac-intel > > > X-Support-HTTP-Auth: true > > > X-Pad: 0000000000000000000000000000000000 > > > Content-Type: application/x-www-form-urlencoded > > > Content-Length: 222 > > > > > > <?xml version="1.0" encoding="UTF-8"?> > > > <config-auth client="vpn" type="init"><version who="vpn">v8.05</version><device-id>mac-intel</device-id><group-access>https://vpnserver.company.com/corp</group-access></config-auth> > > Got HTTP response: HTTP/1.1 200 OK > > Content-Type: text/html; charset=utf-8 > > Transfer-Encoding: chunked > > Cache-Control: no-cache > > Pragma: no-cache > > Connection: Keep-Alive > > Date: Sun, 01 Dec 2019 09:42:06 GMT > > X-Frame-Options: SAMEORIGIN > > X-Aggregate-Auth: 1 > > HTTP body chunked (-2) > > < <?xml version="1.0" encoding="UTF-8"?> > > < <config-auth client="vpn" type="auth-request" aggregate-auth-version="2"> > > < <opaque is-for="sg"> > > < <tunnel-group>corp</tunnel-group> > > < <config-hash>1569489007760</config-hash> > > < </opaque> > > < <auth id="main"> > > < <title>Login</title> > > < <message>Please enter your username and password.</message> > > < <banner></banner> > > < <form> > > < <input type="text" name="username" label="Username:"></input> > > < <input type="password" name="password" label="Password:"></input> > > < </form> > > < </auth> > > < </config-auth> > > XML POST enabled > > Please enter your username and password. > > Username:username > > Password: > > POST https://vpnserver.company.com/ > > > POST / HTTP/1.1 > > > Host: vpnserver.company.com > > > User-Agent: Open AnyConnect VPN Agent v8.05 > > > Accept: */* > > > Accept-Encoding: identity > > > X-Transcend-Version: 1 > > > X-Aggregate-Auth: 1 > > > X-AnyConnect-Platform: mac-intel > > > X-Support-HTTP-Auth: true > > > X-Pad: 000000000000000000000000000000000000000000000 > > > Content-Type: application/x-www-form-urlencoded > > > Content-Length: 339 > > > > > > <?xml version="1.0" encoding="UTF-8"?> > > > <config-auth client="vpn" type="auth-reply"><version who="vpn">v8.05</version><device-id>mac-intel</device-id><opaque is-for="sg"> > > > <tunnel-group>corp</tunnel-group> > > > <config-hash>1569489007760</config-hash> > > > </opaque><auth><username>username</username><password>TynsoeN08#</password></auth></config-auth> > > Got HTTP response: HTTP/1.1 200 OK > > Content-Type: text/html; charset=utf-8 > > Transfer-Encoding: chunked > > Cache-Control: no-cache > > Pragma: no-cache > > Connection: Keep-Alive > > Date: Sun, 01 Dec 2019 09:42:14 GMT > > X-Frame-Options: SAMEORIGIN > > X-Aggregate-Auth: 1 > > HTTP body chunked (-2) > > < <?xml version="1.0" encoding="UTF-8"?> > > < <config-auth client="vpn" type="complete" aggregate-auth-version="2"> > > < <session-id>23318528</session-id> > > < <session-token>4D7787@23318528@45D1@02E78708DD9E1CCAA260FB60BD5A8FA77C31C3D0</session-token> > > < <auth id="success"> > > < <banner>THIS SYSTEM IS RESTRICTED TO AUTHORIZED USERS FOR AUTHORIZED > > USE ONLY. UNAUTHORIZED ACCESS IS STRICTLY PROHIBITED AND MAY BE > > PUNISHABLE UNDER THE COMPUTER FRAUD AND ABUSE ACT OF 1986 OR OTHER > > APPLICABLE LAWS. IF NOT AUTHORIZED TO ACCESS THIS SYSTEM, DISCONNECT > > NOW. BY CONTINUING, YOU CONSENT TO YOUR ACTIVITIES BEING MONITORED. > > ALL PERSONS ARE HEREBY NOTIFIED THAT THE USE OF THIS SYSTEM > > CONSTITUTES CONSENT TO MONITORING AND AUDITING.
</banner> > > < <message id="0" param1="" param2=""></message> > > < </auth> > > < <capabilities> > > < <crypto-supported>ssl-dhe</crypto-supported> > > < </capabilities> > > < <config client="vpn" type="private"> > > < <vpn-base-config> > > < <optional-modules>dart,umbrella,iseposture</optional-modules> > > < <base-package-uri>/CACHE/stc/2</base-package-uri> > > < <server-cert-hash>1BA1E531155E35517C1BA8F7F6C029AEEEA4524A</server-cert-hash> > > < </vpn-base-config> > > < <opaque is-for="vpn-client"><service-profile-manifest> > > < <ServiceProfiles rev="1.0"> > > < <Profile service-type="user"> > > < <FileName></FileName> > > < <FileExtension>xml</FileExtension> > > < <Directory></Directory> > > < <DeployDirectory></DeployDirectory> > > < <Description>AnyConnect VPN Profile</Description> > > < <DownloadRemoveEmpty>false</DownloadRemoveEmpty> > > < </Profile> > > < <Profile service-type="nam"> > > < <FileName>configuration.xml</FileName> > > < <FileExtension>nsp</FileExtension> > > < <Directory>Network Access Manager\system</Directory> > > < <DeployDirectory>Network Access Manager\newConfigFiles</DeployDirectory> > > < <Description>NAM Service Profile</Description> > > < <DownloadRemoveEmpty>false</DownloadRemoveEmpty> > > < </Profile> > > < <Profile service-type="feedback"> > > < <FileName>CustomerExperience_Feedback.xml</FileName> > > < <FileExtension>fsp</FileExtension> > > < <Directory>CustomerExperienceFeedback</Directory> > > < <DeployDirectory>CustomerExperienceFeedback</DeployDirectory> > > < <Description>Feedback Service Profile</Description> > > < <DownloadRemoveEmpty>false</DownloadRemoveEmpty> > > < </Profile> > > < <Profile service-type="telemetry"> > > < <FileName>Telemetry_ServiceProfile.xml</FileName> > > < <FileExtension>tsp</FileExtension> > > < <Directory>Telemetry</Directory> > > < <DeployDirectory>Telemetry</DeployDirectory> > > < <Description>Telemetry Service Profile</Description> > > < <DownloadRemoveEmpty>false</DownloadRemoveEmpty> > > < </Profile> > > < <Profile service-type="websecurity"> > > < <FileName>WebSecurity_ServiceProfile.wso</FileName> > > < <FileExtension>wsp</FileExtension> > > < <DerivedFileExtension>wso</DerivedFileExtension> > > < <Directory>websecurity</Directory> > > < <DeployDirectory>websecurity</DeployDirectory> > > < <Description>Web Security Service Profile</Description> > > < <DownloadRemoveEmpty>false</DownloadRemoveEmpty> > > < </Profile> > > < <Profile service-type="iseposture"> > > < <FileName>ISEPostureCFG.xml</FileName> > > < <FileExtension>isp</FileExtension> > > < <Directory>iseposture</Directory> > > < <DeployDirectory>iseposture</DeployDirectory> > > < <Description>ISE Posture Profile</Description> > > < <DownloadRemoveEmpty>false</DownloadRemoveEmpty> > > < </Profile> > > < <Profile service-type="iseposturejson"> > > < <FileName>ISEPosture.json</FileName> > > < <FileExtension>json</FileExtension> > > < <Directory>iseposture</Directory> > > < <DeployDirectory>iseposture</DeployDirectory> > > < <Description>ISE Posture JSON Profile</Description> > > < <DownloadRemoveEmpty>false</DownloadRemoveEmpty> > > < </Profile> > > < <Profile service-type="ampenabler"> > > < <FileName>AMPEnabler_ServiceProfile.xml</FileName> > > < <FileExtension>asp</FileExtension> > > < <Directory>AMPEnabler</Directory> > > < <DeployDirectory>AMPEnabler</DeployDirectory> > > < <Description>AMP Enabler Service Profile</Description> > > < <DownloadRemoveEmpty>false</DownloadRemoveEmpty> > > < </Profile> > > < <Profile service-type="nvm"> > > < <FileName>NVM_ServiceProfile.xml</FileName> > > < <FileExtension>nvmsp</FileExtension> > > < <Directory>NVM</Directory> > > < <DeployDirectory>NVM</DeployDirectory> > > < <Description>Network Visibility Service Profile</Description> > > < <DownloadRemoveEmpty>false</DownloadRemoveEmpty> > > < </Profile> > > < <Profile service-type="umbrella"> > > < <FileName>OrgInfo.json</FileName> > > < <FileExtension>json</FileExtension> > > < <Directory>umbrella</Directory> > > < <DeployDirectory>umbrella</DeployDirectory> > > < <Description>Umbrella Roaming Security Profile</Description> > > < <DownloadRemoveEmpty>false</DownloadRemoveEmpty> > > < </Profile> > > < </ServiceProfiles> > > < </service-profile-manifest> > > < <vpn-client-pkg-version> > > < <pkgversion>4,6,03049</pkgversion> > > < </vpn-client-pkg-version> > > < <vpn-core-manifest> > > < <vpn rev="1.0"> > > < <file version="4.6.03049" id="VPNCore" is_core="yes" type="dmg" > > action="install"> > > < <uri>binaries/anyconnect-macos-4.6.03049-core-vpn-webdeploy-k9.dmg</uri> > > < <display-name>AnyConnect Secure Mobility Client</display-name> > > < </file> > > < <file version="4.6.03049" id="DART" is_core="no" type="dmg" > > action="install" module="dart"> > > < <uri>binaries/anyconnect-macos-4.6.03049-dart-webdeploy-k9.dmg</uri> > > < <display-name>AnyConnect DART</display-name> > > < </file> > > < <file version="4.6.03049" id="WebSecurity" is_core="no" type="dmg" > > action="install" module="websecurity"> > > < <uri>binaries/anyconnect-macos-4.6.03049-websecurity-webdeploy-k9.dmg</uri> > > < <display-name>AnyConnect Web Security</display-name> > > < </file> > > < <file version="4.6.03049" id="AMPEnabler" is_core="no" type="dmg" > > action="install" module="ampenabler"> > > < <uri>binaries/anyconnect-macos-4.6.03049-amp-webdeploy-k9.dmg</uri> > > < <display-name>AnyConnect AMP Enabler</display-name> > > < </file> > > < <file version="4.6.03049" id="Posture" is_core="no" type="dmg" > > action="install" module="posture"> > > < <uri>binaries/anyconnect-macos-4.6.03049-posture-webdeploy-k9.dmg</uri> > > < <display-name>AnyConnect Posture</display-name> > > < </file> > > < <file version="4.6.03049" id="ISEPosture" is_core="no" type="dmg" > > action="install" module="iseposture"> > > < <uri>binaries/anyconnect-macos-4.6.03049-iseposture-webdeploy-k9.dmg</uri> > > < <display-name>AnyConnect ISE Posture</display-name> > > < </file> > > < <file version="4.6.03049" id="NVM" is_core="no" type="dmg" > > action="install" module="nvm"> > > < <uri>binaries/anyconnect-macos-4.6.03049-nvm-webdeploy-k9.dmg</uri> > > < <display-name>AnyConnect Network Visibility</display-name> > > < </file> > > < <file version="4.6.03049" id="Umbrella" is_core="no" type="dmg" > > action="install" module="umbrella"> > > < <uri>binaries/anyconnect-macos-4.6.03049-umbrella-webdeploy-k9.dmg</uri> > > < <display-name>AnyConnect Umbrella Roaming Security</display-name> > > < </file> > > < </vpn> > > < </vpn-core-manifest> > > < > > < <custom-attr> > > < <no-dhcp-server-route><![CDATA[true > > < true]]></no-dhcp-server-route> > > < <DeferredUpdateAllowed><![CDATA[true]]></DeferredUpdateAllowed> > > < <dynamic-split-exclude-domains><![CDATA[company.hosted.panopto.com, > > cdn-video-stg.company.com.edgekey.net, > > cdn-video.company.com.edgekey.net, gtm-video.company.com.edgekey.net, > > s-cloudfront.cdn.panopto.com, d2y36twrtb17ty.cloudfront.net, > > CF-video.company.com.edgekey.net]]></dynamic-split-exclude-domains> > > < </custom-attr> > > < </opaque> > > < <vpn-profile-manifest> > > < <vpn rev="1.0"> > > < <file type="profile" service-type="user"> > > < <uri>/CACHE/stc/profiles/!companyProfile.xml</uri> > > < <hash type="sha1">E8818DB22D46A8BEF2D0200298453199D92A6603</hash> > > < </file> > > < <file type="profile" service-type="umbrella"> > > < <uri>/CACHE/stc/profiles/umbrella.xml</uri> > > < <hash type="sha1">AC2C73674328D7E67F5F943B2E15C840DB98863F</hash> > > < </file> > > < </vpn> > > < </vpn-profile-manifest> > > < </config> > > < </config-auth> > > > CONNECT /CSCOSSLC/tunnel HTTP/1.1 > > > Host: vpnserver.company.com > > > User-Agent: Open AnyConnect VPN Agent v8.05 > > > Cookie: webvpn=4D7787@23318528@45D1@02E78708DD9E1CCAA260FB60BD5A8FA77C31C3D0 > > > X-CSTP-Version: 1 > > > X-CSTP-Hostname: iMac-Yann.local > > > X-CSTP-Accept-Encoding: lzs > > > X-CSTP-Base-MTU: 1406 > > > X-CSTP-MTU: 1296 > > > X-CSTP-Address-Type: IPv6,IPv4 > > > X-CSTP-Full-IPv6-Capability: true > > > X-DTLS-Master-Secret: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > > > X-DTLS-CipherSuite: PSK-NEGOTIATE:OC-DTLS1_2-AES256-GCM:OC2-DTLS1_2-CHACHA20-POLY1305:OC-DTLS1_2-AES128-GCM:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA > > > X-DTLS12-CipherSuite: ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256 > > > X-DTLS-Accept-Encoding: lzs > > > > > Got CONNECT response: HTTP/1.1 200 OK > > X-CSTP-Version: 1 > > X-CSTP-Protocol: Copyright (c) 2004 Cisco Systems, Inc. > > X-CSTP-Address: xxx.xxx.68.231 > > X-CSTP-Netmask: xxx.xxx.248.0 > > X-CSTP-Hostname: NL-AMS-VA05.company.com > > X-CSTP-DNS: xxx.xxx.2.88 > > X-CSTP-DNS: xxx.xxx.157.115 > > X-CSTP-Lease-Duration: 72000 > > X-CSTP-Session-Timeout: 72000 > > X-CSTP-Session-Timeout-Alert-Interval: 60 > > X-CSTP-Session-Timeout-Remaining: 72000 > > X-CSTP-Idle-Timeout: 1800 > > X-CSTP-Disconnected-Timeout: 1800 > > X-CSTP-Default-Domain: vpn.company.com > > X-CSTP-Split-Exclude: xxx.xxx.0.0/255.255.255.255 > > X-CSTP-Split-Exclude: xxx.xxx.99.0/255.255.255.0 > > X-CSTP-Split-DNS: corp.company.com > > X-CSTP-Split-DNS: hq.company.com > > X-CSTP-Split-DNS: company.com > > X-CSTP-Split-DNS: eng.company.com > > X-CSTP-Split-DNS: rtp.company.com > > X-CSTP-Split-DNS: europe.company.com > > X-CSTP-Split-DNS: nane.company.com > > X-CSTP-Split-DNS: atc.company.com > > X-CSTP-Keep: true > > X-CSTP-Tunnel-All-DNS: false > > X-CSTP-DPD: 30 > > X-CSTP-Keepalive: 20 > > X-CSTP-Banner: THIS%20SYSTEM%20IS%20RESTRICTED%20TO%20AUTHORIZED%20USERS%20FOR%20AUTHORIZED%20USE%20ONLY.%20%20UNAUTHORIZED%20ACCESS%20IS%20STRICTLY%20PROHIBITED%20AND%20MAY%20BE%20PUNISHABLE%20UNDER%20THE%20COMPUTER%20FRAUD%20AND%20ABUSE%20ACT%20OF%201986%20OR%20OTHER%20APPLICABLE%20LAWS.%20%20IF%20NOT%20AUTHORIZED%20TO%20ACCESS%20THIS%20SYSTEM%2C%20DISCONNECT%20NOW.%20%20BY%20CONTINUING%2C%20YOU%20CONSENT%20TO%20YOUR%20ACTIVITIES%20BEING%20MONITORED.%20%20ALL%20PERSONS%20ARE%20HEREBY%20NOTIFIED%20THAT%20THE%20USE%20OF%20THIS%20SYSTEM%20CONSTITUTES%20CONSENT%20TO%20MONITORING%20AND%20AUDITING.%0A > > X-CSTP-MSIE-Proxy-Lockdown: true > > X-CSTP-Smartcard-Removal-Disconnect: true > > X-DTLS-Session-ID: > > 0F297F8CD504D15046B2367FFA949AC8106CDA9C9C0D648F186FC330E99DD014 > > X-DTLS-Port: 443 > > X-DTLS-Keepalive: 20 > > X-DTLS-DPD: 30 > > X-CSTP-MTU: 1271 > > X-DTLS-MTU: 1322 > > X-DTLS-CipherSuite: DHE-RSA-AES256-SHA > > X-CSTP-Routing-Filtering-Ignore: false > > X-CSTP-Quarantine: false > > X-CSTP-Disable-Always-On-VPN: false > > X-CSTP-Client-Bypass-Protocol: true > > X-CSTP-TCP-Keepalive: true > > X-CSTP-Post-Auth-XML: <elided> > > CSTP connected. DPD 30, Keepalive 20 > > CSTP Ciphersuite: (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-256-GCM) > > DTLS option X-DTLS-Session-ID : > > 0F297F8CD504D15046B2367FFA949AC8106CDA9C9C0D648F186FC330E99DD014 > > DTLS option X-DTLS-Port : 443 > > DTLS option X-DTLS-Keepalive : 20 > > DTLS option X-DTLS-DPD : 30 > > DTLS option X-DTLS-MTU : 1322 > > DTLS option X-DTLS-CipherSuite : DHE-RSA-AES256-SHA > > DTLS initialised. DPD 30, Keepalive 20 > > Connected as xxx.xxx.68.231, using SSL, with DTLS in progress > > No work to do; sleeping for 1000 ms... > > No work to do; sleeping for 1000 ms... > > Established DTLS connection (using GnuTLS). Ciphersuite > > (DTLS0.9)-(DHE-CUSTOM)-(AES-256-CBC)-(SHA1). > > Initiating MTU detection (min=576, max=1322) > > Sending MTU DPD probe (1322 bytes) > > Received MTU DPD probe (1322 bytes) > > No change in MTU after detection (was 1322) > > No work to do; sleeping for 1000 ms... > > Connect Banner: > > | THIS SYSTEM IS RESTRICTED TO AUTHORIZED USERS FOR AUTHORIZED USE > > ONLY. UNAUTHORIZED ACCESS IS STRICTLY PROHIBITED AND MAY BE > > PUNISHABLE UNDER THE COMPUTER FRAUD AND ABUSE ACT OF 1986 OR OTHER > > APPLICABLE LAWS. IF NOT AUTHORIZED TO ACCESS THIS SYSTEM, DISCONNECT > > NOW. BY CONTINUING, YOU CONSENT TO YOUR ACTIVITIES BEING MONITORED. > > ALL PERSONS ARE HEREBY NOTIFIED THAT THE USE OF THIS SYSTEM > > CONSTITUTES CONSENT TO MONITORING AND AUDITING. > > | > > > > add host xxx.xxx.208.21: gateway xxx.xxx.1.1 > > xxx.xxx.1.1 > > xxx.xxx.0.1 > > add net xxx.xxx.64.0: gateway xxx.xxx.68.231 > > add net xxx.xxx.99.0: gateway xxx.xxx.1.1 > > xxx.xxx.1.1 > > xxx.xxx.0.1 > > add net xxx.xxx.0.0: gateway xxx.xxx.1.1 > > xxx.xxx.1.1 > > xxx.xxx.0.1 > > delete net default: gateway xxx.xxx.1.1 > > xxx.xxx.1.1 > > xxx.xxx.0.1 > > add net default: gateway xxx.xxx.68.231 > > No work to do; sleeping for 1000 ms... > > Sent DTLS packet of 72 bytes; DTLS send returned 73 -Dan _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
