Connecting to anyconnect vpn - system verification

Daniel Lenski dlenski at
Thu Feb 2 12:54:20 PST 2023

I'm afraid tuning parameters does not help at all. I unsuccessfully
> tried various combinantions.
> Then I dumped the /opt/cisco/anyconnect/bin/vpnui traffic, tried what
> the official client sends and still no success.

Hmmm. So you can see all (or almost all) of the traffic between the
official client and the server, and you see NO differences between
what OpenConnect sends and what the official clients send…?

> What can I do more? What to dump?

It's quite difficult to say without seeing some of this traffic and
comparing carefully. It sounds like you've already read, and have a good idea
of how to capture the traffic from the official client.

> I'm able to dump (SSLKEYLOGFILE) ui's traffic and partly also the
> vpnagentd's traffic but there are still some tls streams unreadable.

Any idea about the *timing* or *quantity* of those TLS streams which
you can't see, relative to other requests which you can see?


More information about the openconnect-devel mailing list