Openconnect no-xmlpost

David Woodhouse dwmw2 at
Tue Nov 4 04:27:32 PST 2014

On Tue, 2014-11-04 at 11:15 +0100, Peter Magnusson wrote:
> In the server logs it says "Certificate was succesfully validated"
> over and over each time it loops trough the parts above. Nothing more.
> The interesting part is if i wait for exactly 2 minutes and try again
> it will work again like it did the first time. So this seems like a
> timeout of some sort.
> However, if i try the openconnect command with −−no−xmlpost it works
> perfectly every time. The problem is that in the next step i would
> like to use the Openconnect NetworkManager plugin and this does not
> seem to have support for the −−no−xmlpost flag. Also the manual
> ( says to report if
> the −−no−xmlpost flag is needed.
> Can anyone give me any suggestions as to why this is not working as
> expected ? Please let me know if i can provide any more information.

You should get a lot of log output in ~/.cisco/hostscan/log/cstub.log —
especially if you set '-log debug' in your

Can you compare those logs between successful and unsuccessful runs?

Also, how are you killing openconnect? Does it make a difference if you
send it SIGHUP and let it sign off gracefully, vs. SIGTERM to just kill
it. You're looking for a message saying 'Send BYE packet:' in the
graceful termination case.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <>

More information about the openconnect-devel mailing list