Red Hat Bugzilla – Bug 985443
openconnect-5.01 XML POST doesn't send specified group correctly
Last modified: 2014-12-08 11:20:18 EST
Description of problem:
After upgrading to F19, my openconnect VPN doesn't allow access to certain resources. Issue was traced to my client being issued an IP address from the default group. After reading the man page, adding --no-xmlpost to the command restores expected behavior.
Version-Release number of selected component (if applicable):
openconnect -v -v -v --authgroup ORG-UNIT -u uid --no-cert-check vpn1.example.com
openconnect -v -v -v --authgroup ORG-UNIT -u uid --no-cert-check --no-xmlpost vpn1.example.com
Incorrect IP address assignment resulting from incorrect/missing group sent in new XML POST.
Correct IP address.
This should be worked around in 5.02 (in Fedora 20) and properly fixed in the 6.00 release (rawhide, coming to 20 soon).
Are you still on Fedora 19, or are you able to test with F20?
I'll push out an update for Fedora 19 too.
Oh, pushing the update to F19/F20 is non-trivial since it involves an ABI change in the libopenconnect library... which the KDE authentication tool isn't yet fully prepared to cope with.
If you can confirm that OpenConnect v6.00 works correctly, I'll try to work out the upgrade process.