On Thursday 30 April 2020 18.11:29 David Woodhouse wrote: > That seems odd; there shouldn't be any difference. The only *expected* > difference is that the older NC protocol only supports Legacy IP. > > Do you have any IPv6 configuration on the VPN when you connect with > Pulse? > > I suspect there's some weirdness with DNS or routing — or perhaps the > VPN MTU. Can you reproduce with smbclient on the command line and > debugging enabled? And can you capture the traffic on the VPN interface > while you try, so we can compare both nc and pulse modes? I'm afraid I don't know how to use smbclient (can't get it to work, I'll have to study the syntax a little more). What I could get so far: root@junior:/home/thierry# openconnect --protocol=pulse https://school.gyb.ch Connected to 46.245.150.135:443 SSL negotiation with school.gyb.ch Connected to HTTPS on school.gyb.ch with ciphersuite (TLS1.2)-(RSA)-(AES-128-GCM) Got HTTP response: HTTP/1.1 101 Switching Protocols Enter user credentials: Username:<username> Password: <password> Connected as 10.1.248.7, using SSL, with ESP in progress Tunnel seems to exist. If I start my file manager (I use TDE's konqueror for this) the program opens but no password is asked. root@junior:/home/thierry# openconnect --protocol=nc https://school.gyb.ch GET https://school.gyb.ch/ Connected to 46.245.150.135:443 SSL negotiation with school.gyb.ch Connected to HTTPS on school.gyb.ch with ciphersuite (TLS1.2)-(RSA)-(AES-128-GCM) Got HTTP response: HTTP/1.1 302 Found GET https://school.gyb.ch/dana-na/auth/url_1/welcome.cgi SSL negotiation with school.gyb.ch Connected to HTTPS on school.gyb.ch with ciphersuite (TLS1.2)-(RSA)-(AES-128-GCM) frmLogin username:<username> password:<password> POST https://school.gyb.ch/dana-na/auth/url_1/login.cgi Got HTTP response: HTTP/1.1 302 Moved GET https://school.gyb.ch/dana/home/index.cgi Connected as 10.1.248.7, using SSL, with ESP in progress This time the password is asked and I get in. What I notice is that the first time I get "Switching Protocols". Unfortunately I have no real information as to how the server works. Users are instructed to use the pulse software and all we are given are user name and password. I thought it would be better to use the pulse protocol but as long as nc works... T. de Coulon _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
