Ocserv cisco anyconnect compatibility and radius group policy setting

[Troy Beisigl]

Hello,

I am in the process of testing ocserv with cisco Anyconnect compatibility. It seems to work using local passwords and with radius authentication if using a single profile. However, while testing using radius and specifying which group policy should be used for a login, it would seem that alternate groups that would specify what routes should be used is not working. 

Here is an example of how I am testing this vs how it is working on a cisco ASA. 

User1 - Normal user with split tunnel
User2 - User with tunnel all traffic
User3 - User restricted to split tunnel with only 1 /24 tunneled route.

User1 logs in on Cisco and gets routes a, b, c, d, e, and f tunneled and all others use local network connection.
User1 logs in on ocserv and the same works as this is a default profile.

User2 - logs in on Cisco and all traffic is tunneled. 
User2 - tries to login on ocserv and login fails.

User3 - logs in on Cisco and gets a x.x.x.x/24 tunneled and all others use local network connection.
User3 - tries to login on ocserv and login fails. 

Radius does send the group policy that should be associated to the user. Pulled from a tcpdump packet capture below.

Class Attribute (25), length: 21, Value: Co1-Intranet-Policy

So my main question is how can I setup ocserv to receive these class attributes and use them to specify what routes the user should have tunneled?

I am running version 1.3.0

Best,

-Troy