My issue was that the passwords were being sent in the wrong order. I needed to send my regular password first and my token 2nd.
I had to apply this diff to auth.c which made rsa token generation similar to whatever "LIBOAUTH" does.
- if ((strcmp(opt->name, "password") && strcmp(opt->name, "answer")) ||
+ if ((strcmp(opt->name, "secondary_password") != 0) ||
this essentially mirrors the logic here:
static int can_gen_totp_code(struct openconnect_info *vpninfo,
struct oc_auth_form *form,
struct oc_form_opt *opt)
{
#ifdef HAVE_LIBOATH
if ((strcmp(opt->name, "secondary_password") != 0) ||
vpninfo->toke
I have no idea if this is the "correct" fix for other people or not.