I haven't had any success trying to MITM the Pulse Secure handshake. With Fiddler on Windows, after setting up HTTPS decryption, the client just spins saying "Connecting". On Mon, 2018-09-03 at 11:00 +0200, Andreas Gnau wrote: > Hello Daniel, > I am experiencing the same problem. Thanks for bringing this up to a > wider audience and doing the research. I have done the same kind of > research a few months ago and I came to the same conclusion that > many > encountered this, but no-one found a solution. > > If I remember correctly, I have tried connecting with the same > hostname > as the Windows machine I usually connect to and it did not make a > difference. > > What would be the next steps to investigate this further? Will the > Pulse > Secure let me MITM the TLS-traffic to capture it to learn more? > > Regards, Andreas > > On 2018-08-30 06:23, Daniel Lenski wrote: > > I decided to dive into this by Googling `"error 0x08" openconnect`, > and found many more examples of the same "error 0x08" in > response to the Juniper "vestigial auth packet." > > None of them seem to have been resolved. I don't see any notable > commonalities among the reports either. > > I am cc'ing Andrew Tsvetinskiy, Nate Mow, Pete Flugstad, F?lix > Defrance, and Oleg Fominykh? because they all reported matching > failures on this list in the past. I'm intensely curious to know if > any > of them ever figured out how to connect to their Juniper VPNs > using OpenConnect. ? > > Cases reported on the mailing list: > > - http://lists.infradead.org/pipermail/openconnect-devel/2015-March/0 > 02820.html > (Oleg Fominykh) > - http://lists.infradead.org/pipermail/openconnect-devel/2015-August/ > 003132.html > (Nate Mow) > - http://lists.infradead.org/pipermail/openconnect-devel/2015-Novembe > r/003253.html > (Pete Flugstad) > - http://lists.infradead.org/pipermail/openconnect-devel/2017-April/0 > 04259.html > (F?lix Defrance) > - http://lists.infradead.org/pipermail/openconnect-devel/2017-July/00 > 4404.html > (Andrew Tsvetinskiy) > - http://lists.infradead.org/pipermail/openconnect-devel/2018-August/ > 005037.html > (Brandon Liles) > > Two more examples from around the web: > > - https://pastebin.com/MpjJPuGJ > (sdceng01 at sdcportal.sdc.se) > - https://www.reddit.com/r/debian/comments/6wqqaf/pulse_secure_on_deb > ian_91/dmbmvse > > Dan > > _______________________________________________ > openconnect-devel mailing list > openconnect-devel at lists.infradead.org > http://lists.infradead.org/mailman/listinfo/openconnect-devel > >
