On Fri, Nov 22, 2019 at 1:10 AM Ruiyang Wu <ruiyangwu@xxxxxxxxxxxxxxxx> wrote: > > Hello, > > Here is the summary of my issue: > 1. I ran openconnect on Windows Powershell (as admin) as follows: > openconnect --protocol=gp --user=<USERNAME> vpn.****.com > > 2. Openconnect version: > Using GnuTLS. Features present: PKCS#11, HOTP software token, > TOTP software token, Yubikey OATH, System keys, DTLS, ESP > Supported protocols: anyconnect (default), nc, gp, pulse > You're missing the line that includes the actual OpenConnect version number (e.g. 7.08, 8.05). What is it? > 3. Operating system: > MSYS_NT-10.0-WOW 2.10.0(0.325/5/3) 2018-04-05 00:47 i686 Msys > > 4. I was able to connect to the VPN server, and get an ipv4 address: > Connected to HTTPS on **.**.**.** > GlobalProtect login returned authentication-source=** > POST https://**.**.**.**/ssl-vpn/getconfig.esp > Session will expire after 1440 minutes. > Tunnel timeout (rekey interval) is 120 minutes. > Idle timeout is 180 minutes. > No MTU received. Calculated 1326 for ESP tunnel > POST https://**.**.**.**/ssl-vpn/hipreportcheck.esp > Connected as **.**.**.**, using SSL, with ESP in progress > Microsoft (R) Windows Script Host Version 5.812 > Copyright (C) Microsoft Corporation. All rights reserved. > Microsoft (R) Windows Script Host Version 5.812 > Copyright (C) Microsoft Corporation. All rights reserved. > VPN Gateway: **.**.**.** > Internal Address: **.**.**.** > Internal Netmask: **.**.**.** > Internal Gateway: **.**.**.** > Interface: "Local Area Connection" > MTU: 1326 > Configuring "Local Area Connection" interface for Legacy IP... > done. > Configuring Legacy IP networks: > Waiting for interface to come up... > Waiting for interface to come up... > Route configuration done. > ESP session established with server > ESP tunnel connected; exiting HTTPS mainloop. > > 5. The TAP adapter property in Windows control panel showed "no > network access". And all the internet traffic seemed to avoid the TAP > adapter so the result is like I was not using VPN at all. > > 6. Globalprotect GUI by Palo Alto Networks works fine. > > 6. I can use anyconnect VPN (from another VPN provider) with the same > openconnect build on the same machine. > > 8. I also tried on macOS, the problem is the same. I actually could > visit contents on the LAN of the VPN provider, but all other internet > connection failed (I can't test this on Windows because of 5) What version of the Windows routing configuration script are you using? (https://gitlab.com/openconnect/vpnc-scripts/blob/master/vpnc-script-win.js) _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
