ocserv: iOS Anyconnect unexpected POST URL /VPN?

Kevin Cernekee cernekee at gmail.com
Sat Dec 5 11:39:17 PST 2015


On Sat, Dec 5, 2015 at 11:29 AM, Nikos Mavrogiannopoulos
<n.mavrogiannopoulos at gmail.com> wrote:
> On Sat, 2015-12-05 at 22:42 +0800, sskaje wrote:
>> I tried both haproxy + ocserv and ocserv, same error.
>> Anyone else met this?
>>
>> iOS 9.1, AnyConnect 3.0.12169
> [...]
>> ocserv[22505]: worker: 1.1.1.1 HTTP POST /VPN
>> ocserv[22505]: worker: 1.1.1.1 unexpected POST URL /VPN
>
> Hi,
>  That URL is not something ocserv handles. They must have changed their
> protocol.

If I configure the client to connect to e.g. "https://10.0.0.1/VPN"
instead of just "https://10.0.0.1", then it will POST the initial
request to /VPN.  Maybe it is just a configuration issue?

IIRC, the ASA lets you set up URL aliases that autoselect a specific
authgroup, which is why the user is allowed to specify a full URL
instead of just a hostname.



More information about the openconnect-devel mailing list