>Do you happen to use multiple files for different users? Unfortunately ocserv cannot send the right hash if multiple files are specified because the anyconnect >protocol asks the hash before ocserv has the information about the logged in user. You may have to accept a single file for all users. >regards, >Nikos Hi Nikos, No I don't have multiple files, I just installed a clean Amazon Linux 2 Machine and used only these commands in the build script (I am writing them in case it helps others): ## Add the epel repo ## amazon-linux-extras install epel -y ## Installing packages ## yum install ocserv certbot -y ## Updating all packages ## yum update -y ## Then I generated a certificate using certbot ## certbot --agree-tos --manual-public-ip-logging-ok --no-eff-email --email hostmaster@xxxxxxxxxx --rsa-key-size 2048 --standalone certonly -d vpn.domain.com certbot renew ## Then I copied my private key and fullchain generated by certbot to these location## server-cert = /etc/pki/ocserv/public/server.crt server-key = /etc/pki/ocserv/private/server.key ## Then I modified /etc/ocserv/ocserv.conf ## - Configured the ipv4-network with my subnet ## And I started the service ## service ocserv start With only these couple lines, I were able to connect using the Openconnect client but I get the error using the Cisco AnyConnect Client. I know there is more to do to the machine like routing, firewall, etc, but it "works" out of the box with openconnect but fails with anyconnect. This is why I wonder if it's supposed to work or not before I invest more time in this. Thanks in advance _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
