Unfortunately we have no automated testing with anyconnect clients, so it could be that new clients expect something different, or that we simply regressed in that feature. I'd suggest reporting the issue at: https://gitlab.com/openconnect/ocserv with as much debugging info as possible. regards, Nikos On Tue, Jan 7, 2020 at 7:09 PM Ian Lord <Ian.Lord@xxxxxxxx> wrote: > > >Do you happen to use multiple files for different users? Unfortunately ocserv cannot send the right hash if multiple files are specified because the anyconnect >protocol asks the hash before ocserv has the information about the logged in user. You may have to accept a single file for all users. > > >regards, > >Nikos > > Hi Nikos, > > No I don't have multiple files, I just installed a clean Amazon Linux 2 Machine and used only these commands in the build script (I am writing them in case it helps others): > > ## Add the epel repo ## > amazon-linux-extras install epel -y > > ## Installing packages ## > yum install ocserv certbot -y > > ## Updating all packages ## > yum update -y > > ## Then I generated a certificate using certbot ## > certbot --agree-tos --manual-public-ip-logging-ok --no-eff-email --email hostmaster@xxxxxxxxxx --rsa-key-size 2048 --standalone certonly -d vpn.domain.com > certbot renew > > ## Then I copied my private key and fullchain generated by certbot to these location## > server-cert = /etc/pki/ocserv/public/server.crt > server-key = /etc/pki/ocserv/private/server.key > > ## Then I modified /etc/ocserv/ocserv.conf ## > - Configured the ipv4-network with my subnet > > ## And I started the service ## > service ocserv start > > With only these couple lines, I were able to connect using the Openconnect client but I get the error using the Cisco AnyConnect Client. > > I know there is more to do to the machine like routing, firewall, etc, but it "works" out of the box with openconnect but fails with anyconnect. > > This is why I wonder if it's supposed to work or not before I invest more time in this. > > Thanks in advance _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel