Hi, I'm using ocserv for a long time already, together with Cisco AnyConnect 4.x. For some reason, OTP stop working, since 0.11.9 (using EPEL repository), now I've installed 0.11.10-2.el7 from epel-testing, symptoms the same: Jan 29 19:05:37 main ocserv[23012]: worker: client certificate verification succeeded Jan 29 19:05:38 main ocserv[21382]: sec-mod: using 'certificate+plain' authentication to authenticate user (session: +lDq7R) Jan 29 19:05:48 main ocserv[21382]: sec-mod: auth cont received for <user> (session: +lDq7R) but we are on state 1! Jan 29 19:05:48 main ocserv[23012]: worker[<user>]: <IP?> worker-auth.c:1577: failed authentication for <'user'> I'm using, acutaally thee authentication methods in /etc/ocserv.conf: ``` auth = "certificate" auth = "plain[passwd=/etc/ocserv/ocpasswd,otp=/etc/users.otp]" ``` In AnyConnect windows I see input for username, password and OTP, everything is correct. Once, I've downgreded ocserv to 0.11.8 everything became working. Versins: # ocserv -version ocserv 0.11.8 Compiled with: seccomp, tcp-wrappers, oath, radius, gssapi, PAM, PKCS#11, AnyConnect GnuTLS version: 3.3.26 (compiled with 3.3.24) # ocserv -version ocserv 0.11.9 Compiled with: seccomp, tcp-wrappers, oath, radius, gssapi, PAM, PKCS#11, AnyConnect GnuTLS version: 3.3.26 # ocserv -version ocserv 0.11.10 Compiled with: seccomp, tcp-wrappers, oath, radius, gssapi, PAM, PKCS#11, AnyConnect GnuTLS version: 3.3.26