On Thu, 2015-10-01 at 15:55 +0000, Edwards, Kristofer wrote: > I am running into an issue if libp11-kit0 is above version 0.20.7-1 > openconnect will no longer allow juniper connections.? It will go > through the entire process and show that it established the > connection > but the resources are not available.? > > it shows the response of? > Connected to HTTPS on vpn.myconnection.com > SSL negotiation with vpn.myconnection.com > Connected to HTTPS on vpn.myconnection.com > Connected tun0 as x.x.x.x, using SSL? > ESP session established with server > > drop to command line attempt connection to my workstation and it will > not resolve nor ping. > > Rollback the libp11-kit0 version to 0.20.7-1 and everything is > working as normal. That's bizarre, especially if you aren't even *using* PKCS#11 Does the problem go away if you rebuild GnuTLS and/or OpenConnect against the newer p11-kit? What version did you upgrade to? I note that libp11-kit didn't bump its soname between the 0.20.7 release and later releases, and if there *was* an incompatible change then it probably should have. But I'm still confused as to how an ABI incompatibility in libp11-kit would lead to the symptoms you describe. -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5691 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160224/8fa74d44/attachment.bin>