On Aug 29, 2018 11:43 PM, "David Woodhouse" <dwmw2 at infradead.org> wrote: > On Wed, 2018-08-29 at 15:13 -0400, Brandon Liles wrote: > > > > Read 3 bytes of SSL record > > < 0000: 01 00 08 > > Server response to hostname packet is error 0x08 > > Creating SSL connection failed > > From distant memory, that seems remarkably like the error we were > getting when it's configured only to let you have proxy web access, not > an IP tunnel? > This server definitely provides a full VPN if you use the "real" > client? You mentioned that on one of the previous incidences of this error, and there too the user reported that the server *did* indeed provide full connectivity: http://lists.infradead.org/pipermail/openconnect-devel/2015-March/002822.html It's hard to tell what the common feature of all of the "error 0x08" reports is ? possibly that they all require Host Checker / TNCC? Is it possible that this error means something like, "you're trying to connect the tunnel but haven't yet proven your very speshul securiteh to Host Checker"? What's confusing to me is that I thought Host Checker has to run *before* the server will hand out a DSID cookie, and that once it does no further special handling is needed. Dan
