On Thu, Apr 30, 2020 at 9:11 AM David Woodhouse <dwmw2@xxxxxxxxxxxxx> wrote: > > On Thu, 2020-04-30 at 18:02 +0200, Thierry de Coulon wrote: > > with --protocol=pulse, the tunnel is created, but on smb access I never get > > asked for the password, so I get no access. > > > > with --protocol=nc (which I understand to be same as --juniper) everything > > works as before. > > > > Just wondering if this is the intended way it should work. > > That seems odd; there shouldn't be any difference. The only *expected* > difference is that the older NC protocol only supports Legacy IP. > > Do you have any IPv6 configuration on the VPN when you connect with > Pulse? > > I suspect there's some weirdness with DNS or routing — or perhaps the > VPN MTU. Can you reproduce with smbclient on the command line and > debugging enabled? And can you capture the traffic on the VPN interface > while you try, so we can compare both nc and pulse modes? Right. There is most likely a difference in routing between the two VPN configurations. My guess is that there's something that's confusing Windows Active Directory authentication here… it uses a very complex and messy combination of DNS and Kerberos and SMB. A difference in DNS servers may be playing a role. Using the command-line smbclient and playing around with different authentication options should help to debug it. Dan _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
