On Thu, Oct 24, 2019 at 9:19 AM Adam Allgood <avram.meir@xxxxxxxxx> wrote: > > Questions: > > - What additional details do you get if you run with `-vvv --dump`? > > (much more verbose logging) > > I won't overwhelm the mailing list with the full contents of the file, > but here is a snippet that may be helpful: Interesting. Even in your more verbose log, it appears that OpenConnect is totally and entirely failing to receive any response over the DTLS channel… except for the MTU DPD probe at the beginning. This is why I suggest upgrading to a more recent version in which David Woodhouse has made the DTLS MTU detection much more robust and… > > - Does --no-dtls make any difference? > > It does not seem to make any difference. … and also I'm quite surprised that --no-dtls does not make a difference. This option makes OpenConnect communicate entirely over the HTTPS/TLS channel which is already used for authentication, and not try to open a DTLS channel at all. You're *sure* it makes no difference? No ability to receive any packets the VPN server over the TLS channel? No additional clues in the log with `--no-dtls -vvv --dump`? > I tried building OpenConnect from a zipped tarball on the FTP site, > but I got errors from make that there was no intall targets. Can you > recommend a good step-by-step install guide? And based on the logging > info above, do you still think the newer version may be helpful? Since you're on Ubuntu, take a look at https://github.com/dlenski/openconnect#building-from-source-on-linux (Note that my “fork” is obsolete now that GlobalProtect support has been merged back into the mainline, but the same build dependencies should work with the official OpenConnect v8.05.) Thanks, Dan _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
