here is a session I initiated with the verbose and dump options (which are not mentioned in the man page) grant@new-host-3:~[20200423-7:54][#124]$ sudo openconnect -vvv --dump --protocol=gp citadel.efilm.com -c ~grant/cert_grant_cert.p12 [sudo] password for grant: ************ POST https://citadel.efilm.com/global-protect/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Linux Attempting to connect to server 207.34.41.66:443 Connected to 207.34.41.66:443 Using certificate file /home/grant/cert_grant_cert.p12 Enter PKCS#12 pass phrase: ************ Using client certificate '/CN=grant/emailAddress=grant.janssen@xxxxxxxxx' SSL negotiation with citadel.efilm.com Matched peer certificate subject name 'citadel.efilm.com' Connected to HTTPS on citadel.efilm.com with ciphersuite TLSv1.2-AES256-GCM-SHA384 > POST /global-protect/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Linux HTTP/1.1 > Host: citadel.efilm.com > User-Agent: PAN GlobalProtect > Got HTTP response: HTTP/1.1 200 OK Date: Thu, 23 Apr 2020 14:55:20 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 414 Connection: keep-alive ETag: "eeb5e824b51" Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 19 Nov 1981 08:52:00 GMT X-FRAME-OPTIONS: DENY Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; path=/; secure; httponly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Strict-Transport-Security: max-age=31536000; X-XSS-Protection: 1; mode=block; X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; HTTP body length: (414) < <?xml version="1.0" encoding="UTF-8" ?> < <prelogin-response> < <status>Success</status> < <ccusername>grant</ccusername> < <autosubmit>true</autosubmit> < <msg></msg> < <newmsg></newmsg> < <authentication-message>Enter your IDM login credentials</authentication-message> < <username-label>Username</username-label> < <password-label>Password</password-label> < <panos-version>1</panos-version><region>US</region> < </prelogin-response> Login form: "Username: " user(TEXT)=(null), "Password: " passwd(PASSWORD) Enter your IDM login credentials Username: grant Password: ************ POST https://citadel.efilm.com/global-protect/getconfig.esp > POST /global-protect/getconfig.esp HTTP/1.1 > Host: citadel.efilm.com > User-Agent: PAN GlobalProtect > Cookie: PHPSESSID=******************************** > X-Pad: 00 > Content-Type: application/x-www-form-urlencoded > Content-Length: 190 > > jnlpReady=jnlpReady&ok=Login&direct=yes&clientVer=4100&prot=https:&ipv6-support=yes&clientos=Linux&os-version=linux-64&server=citadel.efilm.com&computer=new-host-3&user=grant&passwd=************ Got HTTP response: HTTP/1.1 200 OK Date: Thu, 23 Apr 2020 14:55:28 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 8096 Connection: keep-alive ETag: "ba35e824b51" Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 19 Nov 1981 08:52:00 GMT X-FRAME-OPTIONS: DENY Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Strict-Transport-Security: max-age=31536000; X-XSS-Protection: 1; mode=block; X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; HTTP body length: (8096) < <?xml version="1.0" encoding="UTF-8" ?> < <policy> < <portal-name>global_protect</portal-name> < <portal-config-version>4100</portal-config-version> < <version>5.1.3-12 </version> < <client-role>global-protect-full</client-role> < <agent-user-override-key>test</agent-user-override-key> < <root-ca> < <entry name="global_protect"> < <cert> < -----BEGIN CERTIFICATE----- < **************************************************************** < **************************************************************** < **************************************************************** < **************************************************************** < **************************************************************** < **************************************************************** < **************************************************************** < **************************************************************** < **************************************************************** < **************************************************************** < **************************************************************** < **************************************************************** < **************************************************************** < **************************************************************** < **************************************************************** < **************************************************************** < -----END CERTIFICATE----- < </cert> < <install-in-cert-store>yes</install-in-cert-store> < </entry> < </root-ca> < <connect-method>user-logon</connect-method> < <on-demand>no</on-demand> < <refresh-config>yes</refresh-config> < <refresh-config-interval>24</refresh-config-interval> < <authentication-modifier> < <none/> < </authentication-modifier> < <authentication-override> < <accept-cookie>no</accept-cookie> < <generate-cookie>no</generate-cookie> < <cookie-encrypt-decrypt-cert></cookie-encrypt-decrypt-cert> < </authentication-override> < <use-sso>yes</use-sso> < <ip-address></ip-address> < <host></host> < <gateways> < <cutoff-time>5</cutoff-time> < <external> < <list> < <entry name="citadel.efilm.com"> < <priority-rule> < <entry name="Any"> < <priority>1</priority> < </entry> < </priority-rule> < <priority>1</priority> < <description>citadel.efilm.com</description> < </entry> < </list> < </external> < </gateways> < <gateways-v6> < <cutoff-time>5</cutoff-time> < <external> < <list> < <entry name="citadel.efilm.com"> < <fqdn>citadel.efilm.com</fqdn> < <priority-rule> < <entry name="Any"> < <priority>1</priority> < </entry> < </priority-rule> < <priority>1</priority> < </entry> < </list> < </external> < </gateways-v6> < <agent-ui> < <can-save-password>no</can-save-password> < <passcode></passcode> < <uninstall-passwd></uninstall-passwd> < <agent-user-override-timeout>0</agent-user-override-timeout> < <max-agent-user-overrides>0</max-agent-user-overrides> < <help-page></help-page> < <help-page-2></help-page-2> < <welcome-page> < <display>no</display> < <page></page> < </welcome-page> < <agent-user-override>allowed</agent-user-override> < <enable-advanced-view>yes</enable-advanced-view> < <enable-do-not-display-this-welcome-page-again>yes</enable-do-not-display-this-welcome-page-again> < <can-change-portal>yes</can-change-portal> < <show-agent-icon>yes</show-agent-icon> < <password-expiry-message></password-expiry-message> < <init-panel>no</init-panel> < < </agent-ui> < <hip-collection> < <hip-report-interval>3600</hip-report-interval> < <max-wait-time>20</max-wait-time> < <collect-hip-data>yes</collect-hip-data> < <default> < <category> < <member>antivirus</member> < <member>anti-spyware</member> < <member>host-info</member> < <member>data-loss-prevention</member> < <member>patch-management</member> < <member>firewall</member> < <member>anti-malware</member> < <member>disk-backup</member> < <member>disk-encryption</member> < </category> < </default> < </hip-collection> < <agent-config> < <save-user-credentials>0</save-user-credentials> < <portal-2fa>no</portal-2fa> < <internal-gateway-2fa>no</internal-gateway-2fa> < <auto-discovery-external-gateway-2fa>no</auto-discovery-external-gateway-2fa> < <manual-only-gateway-2fa>no</manual-only-gateway-2fa> < <uninstall>allowed</uninstall> < <client-upgrade>prompt</client-upgrade> < <enable-signout>yes</enable-signout> < <use-sso-macos>no</use-sso-macos> < <logout-remove-sso>yes</logout-remove-sso> < <krb-auth-fail-fallback>yes</krb-auth-fail-fallback> < <retry-tunnel>30</retry-tunnel> < <retry-timeout>5</retry-timeout> < <enforce-globalprotect>no</enforce-globalprotect> < <enforcer-exception-list/> < <captive-portal-exception-timeout>0</captive-portal-exception-timeout> < <captive-portal-login-url></captive-portal-login-url> < <traffic-blocking-notification-delay>15</traffic-blocking-notification-delay> < <display-traffic-blocking-notification-msg>yes</display-traffic-blocking-notification-msg> < <traffic-blocking-notification-msg><div style="font-family:'Helvetica Neue';"><h1 style="color:red;text-align:center; margin: 0; font-size: 30px;">Notice</h1><p style="margin: 0;font-size: 15px; line-height: 1.2em;">To access the network, you must first connect to GlobalProtect.</p></div></traffic-blocking-notification-msg> < <allow-traffic-blocking-notification-dismissal>yes</allow-traffic-blocking-notification-dismissal> < <display-captive-portal-detection-msg>no</display-captive-portal-detection-msg> < <captive-portal-detection-msg><div style="font-family:'Helvetica Neue';"><h1 style="color:red;text-align:center; margin: 0; font-size: 30px;">Captive Portal Detected</h1><p style="margin: 0; font-size: 15px; line-height: 1.2em;">GlobalProtect has temporarily permitted network access for you to connect to the Internet. Follow instructions from your internet provider.</p><p style="margin: 0; font-size: 15px; line-height: 1.2em;">If you let the connection time out, open GlobalProtect and click Connect to try again.</p></div></captive-portal-detection-msg> < <captive-portal-notification-delay>5</captive-portal-notification-delay> < <certificate-store-lookup>user-and-machine</certificate-store-lookup> < <scep-certificate-renewal-period>7</scep-certificate-renewal-period> < <ext-key-usage-oid-for-client-cert></ext-key-usage-oid-for-client-cert> < <retain-connection-smartcard-removal>yes</retain-connection-smartcard-removal> < <rediscover-network>yes</rediscover-network> < <resubmit-host-info>yes</resubmit-host-info> < <can-continue-if-portal-cert-invalid>yes</can-continue-if-portal-cert-invalid> < <user-switch-tunnel-rename-timeout>0</user-switch-tunnel-rename-timeout> < <pre-logon-tunnel-rename-timeout>-1</pre-logon-tunnel-rename-timeout> < <preserve-tunnel-upon-user-logoff-timeout>0</preserve-tunnel-upon-user-logoff-timeout> < <ipsec-failover-ssl>0</ipsec-failover-ssl> < <ssl-only-selection>0</ssl-only-selection> < <max-internal-gateway-connection-attempts>0</max-internal-gateway-connection-attempts> < <portal-timeout>5</portal-timeout> < <connect-timeout>5</connect-timeout> < <receive-timeout>30</receive-timeout> < <enforce-dns>yes</enforce-dns> < <append-local-search-domain>no</append-local-search-domain> < <flush-dns>no</flush-dns> < <proxy-multiple-autodetect>no</proxy-multiple-autodetect> < <use-proxy>yes</use-proxy> < <wsc-autodetect>yes</wsc-autodetect> < <mfa-enabled>no</mfa-enabled> < <mfa-listening-port>4501</mfa-listening-port> < <mfa-trusted-host-list/> < <mfa-notification-msg>You have attempted to access a protected resource that requires additional authentication. Proceed to authenticate at</mfa-notification-msg> < <mfa-prompt-suppress-time>0</mfa-prompt-suppress-time> < <ipv6-preferred>yes</ipv6-preferred> < <change-password-message></change-password-message> < < </agent-config> < <portal-userauthcookie>empty</portal-userauthcookie> < <portal-prelogonuserauthcookie>empty</portal-prelogonuserauthcookie> < <config-digest>********************************</config-digest> < </policy> Ignoring portal's HIP report interval (60 minutes), because no HIP report script provided. 1 gateway servers available: citadel.efilm.com (citadel.efilm.com) Please select GlobalProtect gateway. GATEWAY: [citadel.efilm.com]:citadel.efilm.com POST https://citadel.efilm.com/ssl-vpn/login.esp > POST /ssl-vpn/login.esp HTTP/1.1 > Host: citadel.efilm.com > User-Agent: PAN GlobalProtect > Cookie: PHPSESSID=******************************** > X-Pad: 00 > Content-Type: application/x-www-form-urlencoded > Content-Length: 190 > > jnlpReady=jnlpReady&ok=Login&direct=yes&clientVer=4100&prot=https:&ipv6-support=yes&clientos=Linux&os-version=linux-64&server=citadel.efilm.com&computer=new-host-3&user=grant&passwd=************ Got HTTP response: HTTP/1.1 200 OK Date: Thu, 23 Apr 2020 14:55:28 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 724 Connection: keep-alive ETag: "245b5e824b51" Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 19 Nov 1981 08:52:00 GMT X-FRAME-OPTIONS: DENY Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Set-Cookie: PHPSESSID=********************************; secure; HttpOnly Strict-Transport-Security: max-age=31536000; X-XSS-Protection: 1; mode=block; X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; HTTP body length: (724) < <?xml version="1.0" encoding="utf-8"?><jnlp><application-desc><argument>(null)</argument><argument>9c637334ded57bca8da31371254866c6</argument><argument>0196ba5b3854efffbf7f9a02080c94bc9c4e7572</argument><argument>globalprotect_client-N</argument><argument>grant</argument><argument>LDAP_paloalto_user</argument><argument>vsys1</argument><argument>production.efilm.com</argument><argument>(null)</argument><argument></argument><argument></argument><argument></argument><argument>tunnel</argument><argument>-1</argument><argument>4100</argument><argument></argument><argument></argument><argument></argument><argument></argument><argument>4</argument><argument>unknown</argument><argument></argument></application-desc></jnlp> GlobalProtect login returned authentication-source=LDAP_paloalto_user GlobalProtect login returned unexpected argument value arg[19]=4 GlobalProtect login returned unexpected argument value arg[20]=unknown Please report 2 unexpected values above (of which 0 fatal) to <openconnect-devel@xxxxxxxxxxxxxxxxxxx> POST https://citadel.efilm.com/ssl-vpn/getconfig.esp > POST /ssl-vpn/getconfig.esp HTTP/1.1 > Host: citadel.efilm.com > User-Agent: PAN GlobalProtect > Cookie: PHPSESSID=******************************** > X-Pad: 0000000000000000000000000000000000 > Content-Type: application/x-www-form-urlencoded > Content-Length: 286 > > client-type=1&protocol-version=p1&app-version=4.0.5-8&clientos=Linux&os-version=linux-64&hmac-algo=sha1%2cmd5%2csha256&enc-algo=aes-128-cbc%2caes-256-cbc&authcookie=********************************&portal=globalprotect_client-N&user=grant&domain=production.efilm.com&computer=new-host-3 Got HTTP response: HTTP/1.1 200 OK Date: Thu, 23 Apr 2020 14:55:28 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 1550 Connection: keep-alive ETag: "23d5e824b51" Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 19 Nov 1981 08:52:00 GMT X-FRAME-OPTIONS: DENY Strict-Transport-Security: max-age=31536000; X-XSS-Protection: 1; mode=block; X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; HTTP body length: (1550) < < <response status="success"> < <need-tunnel>yes</need-tunnel> < <ssl-tunnel-url>/ssl-tunnel-connect.sslvpn</ssl-tunnel-url> < <portal>globalprotect_client-N</portal> < <user>grant</user> < <lifetime>2592000</lifetime> < <timeout>10800</timeout> < <disconnect-on-idle>10800</disconnect-on-idle> < <bw-c2s>1000</bw-c2s> < <bw-s2c>1000</bw-s2c> < <gw-address>207.34.41.66</gw-address> < <ip-address>10.1.217.219</ip-address> < <netmask>255.255.255.255</netmask> < <ip-address-preferred>yes</ip-address-preferred> < <dns> < <member>10.1.80.3</member> < <member>10.1.80.4</member> < </dns> < <wins> < </wins> < <dns-suffix> < <member>production.efilm.com</member> < </dns-suffix> < <default-gateway>10.1.217.219</default-gateway> < <mtu>0</mtu> < <no-direct-access-to-local-network>no</no-direct-access-to-local-network> < <access-routes> < <member>10.1.130.69/30</member> < <member>10.1.129.65/29</member> < <member>10.1.135.65/29</member> < <member>10.1.130.65/30</member> < <member>10.1.129.245/30</member> < <member>10.110.12.0/23</member> < <member>10.1.79.0/24</member> < <member>10.1.80.0/20</member> < <member>10.1.96.0/23</member> < <member>10.1.129.192/27</member> < <member>10.1.130.0/26</member> < <member>10.1.130.128/26</member> < <member>10.1.132.0/24</member> < <member>10.1.133.0/24</member> < <member>10.1.134.0/26</member> < <member>10.1.135.192/26</member> < <member>10.1.156.0/24</member> < <member>10.1.157.0/24</member> < </access-routes> < <exclude-access-routes> < </exclude-access-routes> < </response> Session will expire after 43200 minutes. Tunnel timeout (rekey interval) is 180 minutes. Idle timeout is 180 minutes. TCP_INFO rcv mss 1460, snd mss 1460, adv mss 1460, pmtu 1500 No MTU received. Calculated 1439 for SSL tunnel. No ESP keys received POST https://citadel.efilm.com/ssl-vpn/hipreportcheck.esp > POST /ssl-vpn/hipreportcheck.esp HTTP/1.1 > Host: citadel.efilm.com > User-Agent: PAN GlobalProtect > Cookie: PHPSESSID=******************************** > X-Pad: 00000000000000000000000000000000 > Content-Type: application/x-www-form-urlencoded > Content-Length: 224 > > client-role=global-protect-full&authcookie=********************************&portal=globalprotect_client-N&user=grant&domain=production.efilm.com&computer=new-host-3&client-ip=10.1.217.219&md5=******************************** Got HTTP response: HTTP/1.1 200 OK Date: Thu, 23 Apr 2020 14:55:28 GMT Content-Type: application/xml; charset=UTF-8 Content-Length: 87 Connection: keep-alive ETag: "72b5e824b51" X-Content-Type-Options: nosniff Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Content-Security-Policy: default-src 'self' Expires: Thu, 19 Nov 1981 08:52:00 GMT X-FRAME-OPTIONS: DENY Strict-Transport-Security: max-age=31536000; X-XSS-Protection: 1; mode=block; X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; HTTP body length: (87) < < <response status="success"> < <hip-report-needed>no</hip-report-needed> < </response> Gateway says no HIP report submission is needed. Connecting to HTTPS tunnel endpoint ... > GET /ssl-tunnel-connect.sslvpn?authcookie=********************************&user=grant HTTP/1.1 > Set up UDP failed; using SSL instead Connected as 10.1.217.219, using SSL, with ESP disabled RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument RTNETLINK answers: Invalid argument Sending IPv6 data packet of 48 bytes No work to do; sleeping for 10000 ms... Sending IPv6 data packet of 48 bytes No work to do; sleeping for 6000 ms... Sending IPv6 data packet of 48 bytes No work to do; sleeping for 2000 ms... Send GPST DPD/keepalive request ================================================================================================= I do now see I have a couple of errors GlobalProtect login returned unexpected argument value arg[19]=4 GlobalProtect login returned unexpected argument value arg[20]=unknown Please report 2 unexpected values above (of which 0 fatal) to <openconnect-devel@xxxxxxxxxxxxxxxxxxx> ================================================================================================= I see all the routes are xmitted from the firewall in the dump, but still only get 14 of 18 the tunnel routes Though the count below is 16, I only actually have 14, since the DNS servers are added as /32 routes ) grant@new-host-3:~[20200422-17:45][#115]$ netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlp2s0 10.1.79.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 10.1.80.0 0.0.0.0 255.255.240.0 U 0 0 0 tun0 10.1.80.3 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 10.1.80.4 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 10.1.96.0 0.0.0.0 255.255.254.0 U 0 0 0 tun0 10.1.129.192 0.0.0.0 255.255.255.224 U 0 0 0 tun0 10.1.130.0 0.0.0.0 255.255.255.192 U 0 0 0 tun0 10.1.130.128 0.0.0.0 255.255.255.192 U 0 0 0 tun0 10.1.132.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 10.1.133.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 10.1.134.0 0.0.0.0 255.255.255.192 U 0 0 0 tun0 10.1.135.192 0.0.0.0 255.255.255.192 U 0 0 0 tun0 10.1.156.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 10.1.157.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 10.1.217.218 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 10.110.12.0 0.0.0.0 255.255.254.0 U 0 0 0 tun0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wlp2s0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 207.34.41.66 192.168.1.1 255.255.255.255 UGH 0 0 0 wlp2s0 grant@new-host-3:~[20200423-7:36][#116]$ netstat -rn | grep tun0 | wc -l 16 grant@new-host-3:~[20200423-7:48][#117]$ Please let me know if there is anything I can do to assist in resolving this Thank You Dan - grant _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
