[solved] Re: Is it possible to force use of the authgroup?
Andrew Stubbs
andrew.stubbs at gmail.com
Fri Apr 11 08:24:41 PDT 2014
On 11/04/14 16:10, Kevin Cernekee wrote:
> Your authgroup can be set a couple of ways:
>
> - Through the dropdown (which doesn't seem to be enabled here)
> - From a group-url, e.g. https://vpn.foobar.com/mygroup
> - From your client cert
Option 2 is a winner!
I don't know what they changed on the server, but adding the authgroup
to the url fixes the problem.
> For the latter item, we did see some cases where the client cert would
> not be requested. You can try --no-http-keepalive as a quick
> workaround.
That just causes it to repeat "Refreshing +CSCOE+/sdesktop/wait.html
after 1 second..." seemingly forever. It was very reminiscent of the bad
old days, but didn't appear to work around the problem.
> Does the official Linux Anyconnect client work? Which version?
I only tried the official client on Windows. I don't really want to let
that stuff near my real computer. ;-)
Thanks very much. My problem is solved.
Andrew
More information about the openconnect-devel
mailing list