Thanks, that worked! (Both with and without --no-xmlpost). So I'm guessing the bug is just the NetworkManager failing to talk to KDE's applet? (At least, I've seen it fail in other ways - when asking for wifi password, etc.) 1. POST https://[HOSTNAME]/ Attempting to connect to server [IP]:443 Using certificate file Documents/myvpncert.pem Using private key file Documents/myvpnkey.pem Enter PEM pass phrase: Using client certificate 'dima' Adding supporting CA '[...]' SSL negotiation with [HOSTNAME] Connected to HTTPS on [HOSTNAME] Got HTTP response: HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Cache-Control: no-cache Pragma: no-cache Connection: Keep-Alive Date: Tue, 05 Nov 2013 07:30:12 GMT X-Aggregate-Auth: 1 HTTP body chunked (-2) XML POST enabled Please enter your username and password. Username:dima Password: POST https://[HOSTNAME]/ Got HTTP response: HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Cache-Control: no-cache Pragma: no-cache Connection: Keep-Alive Date: Tue, 05 Nov 2013 07:30:18 GMT X-Aggregate-Auth: 1 HTTP body chunked (-2) Enter your Google Authenticator Code: Response: POST https://[HOSTNAME]/ Got HTTP response: HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Cache-Control: no-cache Pragma: no-cache Connection: Keep-Alive Date: Tue, 05 Nov 2013 07:30:25 GMT X-Aggregate-Auth: 1 HTTP body chunked (-2) TCP_INFO rcv mss 1368, snd mss 1368, adv mss 1448, pmtu 1500 Got CONNECT response: HTTP/1.1 200 OK X-CSTP-Version: 1 X-CSTP-Address: 172.16.70.103 X-CSTP-Netmask: 255.255.255.0 X-CSTP-DNS: 172.16.128.6 X-CSTP-DNS: 172.17.8.6 X-CSTP-Lease-Duration: 86400 X-CSTP-Session-Timeout: 86400 X-CSTP-Idle-Timeout: 3600 X-CSTP-Disconnected-Timeout: 3600 X-CSTP-Default-Domain: [...] X-CSTP-Split-Include: [...] X-CSTP-Keep: true X-CSTP-Tunnel-All-DNS: false X-CSTP-DPD: 30 X-CSTP-Keepalive: 15 X-CSTP-MSIE-Proxy-Lockdown: true X-CSTP-Smartcard-Removal-Disconnect: true X-DTLS-Session-ID: 8F18733B5600E14033EB94C391F2B88A1725CCDB92A148E76F83484DA8C74087 X-DTLS-Port: 443 X-DTLS-Keepalive: 15 X-DTLS-DPD: 30 X-CSTP-MTU: 1355 X-DTLS-CipherSuite: AES128-SHA X-CSTP-Routing-Filtering-Ignore: false X-CSTP-Quarantine: false X-CSTP-Disable-Always-On-VPN: false X-CSTP-TCP-Keepalive: true X-CSTP-Post-Auth-XML: CSTP connected. DPD 30, Keepalive 15 DTLS option X-DTLS-Session-ID : 8F18733B5600E14033EB94C391F2B88A1725CCDB92A148E76F83484DA8C74087 DTLS option X-DTLS-Port : 443 DTLS option X-DTLS-Keepalive : 15 DTLS option X-DTLS-DPD : 30 DTLS option X-DTLS-CipherSuite : AES128-SHA DTLS initialised. DPD 30, Keepalive 15 Connected tun0 as 172.16.70.103, using SSL 2. GET https://[HOSTNAME]/ Attempting to connect to server [IP]:443 Using certificate file Documents/myvpncert.pem Using private key file Documents/myvpnkey.pem Enter PEM pass phrase: Using client certificate 'dima' Adding supporting CA '[...]' SSL negotiation with [HOSTNAME] Connected to HTTPS on [HOSTNAME] Got HTTP response: HTTP/1.0 302 Object Moved Content-Type: text/html Content-Length: 0 Cache-Control: no-cache Pragma: no-cache Connection: Close Date: Tue, 05 Nov 2013 07:34:10 GMT Location: /+webvpn+/index.html Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure HTTP body length: (0) GET https://[HOSTNAME]/+webvpn+/index.html SSL negotiation with [HOSTNAME] Connected to HTTPS on [HOSTNAME] Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpnlogin=1; secure Set-Cookie: tg=0DefaultWEBVPNGroup; path=/; secure X-Transcend-Version: 1 HTTP body chunked (-2) Please enter your username and password. Username:dima Password: POST https://[HOSTNAME]/+webvpn+/index.html Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 X-Transcend-Version: 1 HTTP body chunked (-2) Enter your Google Authenticator Code: Response: POST https://[HOSTNAME]/+webvpn+/login/challenge.html Got HTTP response: HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/xml Cache-Control: max-age=0 Set-Cookie: webvpnlogin=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure Set-Cookie: webvpn=; path=/; secure Set-Cookie: webvpnc=bu:/CACHE/stc/&p:t&iu:1/&ch:84C0E006194B69A3DA8068E3A1E5E37FBDB2CB0A&sh:545953497D0DDC13C2A70FF813CE72480F56A527&lu:/+CSCOT+/translation-table?textdomain%3DAnyConnect%26type%3Dmanifest; path=/; secure Set-Cookie: webvpnx= Set-Cookie: webvpnaac=1; path=/; secure X-Transcend-Version: 1 HTTP body chunked (-2) TCP_INFO rcv mss 1368, snd mss 1368, adv mss 1448, pmtu 1500 Got CONNECT response: HTTP/1.1 200 OK X-CSTP-Version: 1 X-CSTP-Address: 172.16.70.114 X-CSTP-Netmask: 255.255.255.0 X-CSTP-DNS: 172.16.128.6 X-CSTP-DNS: 172.17.8.6 X-CSTP-Lease-Duration: 86400 X-CSTP-Session-Timeout: 86400 X-CSTP-Idle-Timeout: 3600 X-CSTP-Disconnected-Timeout: 3600 X-CSTP-Default-Domain: [...] X-CSTP-Split-Include: [...] X-CSTP-Keep: true X-CSTP-Tunnel-All-DNS: true X-CSTP-DPD: 30 X-CSTP-Keepalive: 15 X-CSTP-MSIE-Proxy-Lockdown: true X-CSTP-Smartcard-Removal-Disconnect: true X-DTLS-Session-ID: EF7A1E93470FABDC14391621087D25D03DD7C40A5346D32CF516D26EEB2DD66B X-DTLS-Port: 443 X-DTLS-Keepalive: 15 X-DTLS-DPD: 30 X-CSTP-MTU: 1355 X-DTLS-CipherSuite: AES128-SHA X-CSTP-Routing-Filtering-Ignore: false X-CSTP-Quarantine: false X-CSTP-Disable-Always-On-VPN: false X-CSTP-TCP-Keepalive: true CSTP connected. DPD 30, Keepalive 15 DTLS option X-DTLS-Session-ID : EF7A1E93470FABDC14391621087D25D03DD7C40A5346D32CF516D26EEB2DD66B DTLS option X-DTLS-Port : 443 DTLS option X-DTLS-Keepalive : 15 DTLS option X-DTLS-DPD : 30 DTLS option X-DTLS-CipherSuite : AES128-SHA DTLS initialised. DPD 30, Keepalive 15 Connected tun0 as 172.16.70.114, using SSL