Andris Raugulis

> ``` > gateway = vpn-someplace.company.com > gateway_url = https://vpn-someplace.company.com > ``` > > I understand that for you thi rule does not apply, but could you probably add a...

> `xxx_cli_cert` -> could we probably rename that to `xxx_client_cert` ? > > At least I always understand "cli" as "commandline", not "client" in my abbreviation 1st level cache. Heh,...

> Note: I am still able to connect after all of your recent changes yesterday and today, using the current HEAD. Does it work with certificate authentication and verification? If...

P.S. I've commited the fix and also added OKTA totp support (previously, it supported only Google).

@dlenski, no, this is correct, openconnect do ask for additional input and fails with ioctl error as @nicklan, @Atoms and me mentioned. This one - `fgets (stdin): Inappropriate ioctl for...

And yes, to answer question, which You asked previously, without PIPE, it also waits for some input... before writing out "Please enter your username and password".

Here's the backtrace for two `read()`: This is before "Please enter your username and password" ``` (gdb) bt #0 0x0000000803fde4e8 in _read () from /lib/libc.so.7 #1 0x0000000803fddda0 in getdtablesize ()...

So, first read happens in https://github.com/dlenski/openconnect/blob/master/main.c#L1276 and second in https://github.com/dlenski/openconnect/blob/master/main.c#L2007. Actually, that was my initial guess, that it asks for password and later for cookie, but didn't verify. Looks like...

@dlenski, yes, I also noticed that it works only with clientos of Windows, that's why I that into https://github.com/arthepsy/pan-globalprotect-okta/blob/master/gp-okta.py#L308 ... P.S. Won't you commit that patch, which doesn't require additional...

New version (already implemented in _develop_ branch) will include "recommendations", based on detected sshd version and "best effort". Although, take into account, that some issues can't be resolved without upgrading...