On Wed, Mar 25, 2020 at 7:29 PM jcxocd@xxxxxxxxxx <john@xxxxxxxxxx> wrote: > > I can connect successfully to my company's cisco vpn like this: > > echo '<password>' | sudo openconnect --csd-user=john --csd-wrapper=/home/john/cisco/csd-post.sh --user=johnid --authgroup=MyCoGroup --no-xmlpost --os=android --passwd-on-stdin mcra.mclaneco.com > > But if I try to set it up using the Network Manager GUI (including the csd-post.sh wrapper) I end up getting an error like this: > GET https://vpn.mycompany.com/CACHE/sdesktop/install/binaries/sfinst > Got HTTP response: HTTP/1.1 404 Not Found > > I believe I overcame this issue on command line by adding --os=android. > But I cannot seem to find how to achieve that thru the GUI settings. > I found a settings file in /etc/NetworkManager/system-connections but the settings there don't correspond to the command line flags. > > Is there any setting somewhere I can do this? Any other suggestions? > Thank you! > John Although the OpenConnect API/library has a `set_reported_os` function, the NetworkManager GUI doesn't (yet) offer the ability to use it. (The NM GUI is in general fairly limited in the options it offers… it's fairly hard to keep up with changes to the CLI and library.) > Any other suggestions? What happens if you connect from the command line *without* adding `--os=android`? echo '<password>' | sudo openconnect --csd-user=john --csd-wrapper=/home/john/cisco/csd-post.sh --user=johnid --authgroup=MyCoGroup --no-xmlpost --passwd-on-stdin mcra.mclaneco.com --dump -vvv Do the detailed logs (`--dump -vvv`) shed any light on what's going on? I suspect that your csd-post.sh script may be overly tailored for Android. If you haven't already, you may want to try the latest version from the development repository (https://gitlab.com/openconnect/openconnect/-/blob/master/trojans/csd-post.sh), in which David has added the ability for the script to try to figure out what information the server *wants* it to send, much like what we think the Cisco hostscan actually does. Dan _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
