> On 9 May 2016, at 18:05, David Woodhouse <dwmw2 at infradead.org> wrote: > On Mon, 2016-05-09 at 17:57 +0930, O'Connor, Daniel wrote: >> >> The default route is definitely set to the VPN, and I do see traffic >> flowing over to it but no reply. > > What services? Do you even get a SYNACK in response to outgoing SYN > packets? If so, and it's just *data* that fails, try reducing the MTU > on the 'tun0' interface? No, no ACK :( > It sounds like a firewall or something is preventing your traffic. Are > you connecting to the *same* services that work with the NC client? I have a link in my Lotus Notes client (seriously...) that goes to the same URL I put into open connect. > Do you definitely end up with actual IP routing? Can you do a similar > capture with that client and see what's different? > > Or are you perhaps using it in its application proxy mode, when you do > it through the web browser? I definitely have IP access, I can browse shares and SSH to a box inside the network. After connection I end up at.. https://vpnhost/dana/home/sessions.cgi The 'network connect' button goes to this URL https://vpnhost/dana/nc/ncrun.cgi?launch_nc=1 It does run a rat ware program when using IE (via ActiveX I assume). If I try Chrome it wants to install Java and I haven't tried that yet. If I connect with Openconnect and then use Safari it dumps me out to the login page, some viewing of the page source shows that it blocks Macs on purpose (probably a mod by the IT dept..?). Even using IE (in a VM on OSX) gets booted back to the login page so I wondered if it needed the DSID cookie set. I had a quick go with py-mechanize and I could fetch the Network Connect page after setting DSID, DSASSERTREF and DSFirstAccess (cribbed from OC debug output). I've run out of time to do more on it tonight - I'll have to try again later. Thanks for the help so far :) -- Daniel O'Connor "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C
