As easy as in Android???? Hopefully...

Kevin Cernekee cernekee at
Tue Mar 31 12:34:21 PDT 2015

On Tue, Mar 31, 2015 at 11:19 AM, Nicolás Escudero
<nicolasescudero at> wrote:
> Wow, no clue...
> Yes, I have curl:
> pi at raspberrypi ~ $ curl --version
> curl 7.38.0 (arm-unknown-linux-gnueabihf) libcurl/7.38.0
> OpenSSL/1.0.1k zlib/1.2.8 libidn/1.29 libssh2/1.4.3 librtmp/2.3
> Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps
> pop3 pop3s rtmp rtsp scp sftp smtp smtps telnet tftp
> Features: AsynchDNS IDN IPv6 Largefile GSS-API SPNEGO NTLM NTLM_WB SSL
> libz TLS-SRP
> and:
> pi at raspberrypi ~ $ openconnect --version
> OpenConnect version v6.00
> Using GnuTLS. Features present: PKCS#11, RSA software token, HOTP
> software token, TOTP software token, DTLS
> pi at raspberrypi ~ $
> Tried letting it run for several minutes and the resfresh loop never ends...
> I'm not even sure I'm getting what the issue is here.. No idea how to
> further troubleshoot this...
> Any ideas??

Can you get a TOKEN_SUCCESS or TOKEN_INVALID response from the server
by feeding the CSD parameters back into the script?  e.g.

        /tmp/ /foobar -ticket "7A1D19AA785BD4956A844C4C" \
        -stub "0" -group "" -certhash "3C7CBD3FB35F41A34E4F0A66C9C33645:" \
        -url "" \

When I run this, I see:

<?xml version="1.0" encoding="ISO-8859-1"?>

(although this ticket might be tied to my IP, or it might expire
before you try it, so it wouldn't be shocking if it came back with

More information about the openconnect-devel mailing list