ocserv: iOS Anyconnect unexpected POST URL /VPN?

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Thu Sep 15 08:14:29 PDT 2016


On Thu, Sep 1, 2016 at 2:56 PM, Frank H.Y. Wang <gladandong at gmail.com> wrote:
>> Could you be more specific on which feature are you referring to and
>> what are you trying to achieve? If it is about selecting groups on
>> login, I don't see why this cannot be automated from the openconnect
>> command line (see --authgroup).
> On the client side I am using Cisco AnyConnect. And I have created a custom
> profile.xml with server list like this:
>
>         <ServerList>
>                 <HostEntry>
>                         <HostName>Example (Forwarding)</HostName>
> <HostAddress>vpn.example.com</HostAddress>
> <UserGroup>Forwarding</UserGroup>
>                 </HostEntry>
>                 <HostEntry>
>                         <HostName>Example (Split-Tunneling)</HostName>
> <HostAddress>vpn.example.com</HostAddress>
> <UserGroup>Split-Tunneling</UserGroup>
>                 </HostEntry>
>         </ServerList>
>
> The goal is to show the user two separated VPN connections in the AnyConnect
> GUI to the same ocserv server, but with different group pre-specified. For
> example when the user want to connect with the "Forwarding" group, they can
> simply choose the "Example (Forwarding)" connection.
>
> The problem is that ocserv doesn't expect the group name in the
> authentication URL and rejected the authentication request. So I am
> wondering if we can take the authentication URL as another source of the
> group name.

We could use most likely register a generic handler, something like
"/groups", and have the groups specified as /groups/mygroup. If you
have a nice patch for that I'll certainly consider it.

regards,
Nikos



More information about the openconnect-devel mailing list