Re: --protocol=pulse and smb access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thursday 30 April 2020 18.11:29 David Woodhouse wrote:
> That seems odd; there shouldn't be any difference. The only *expected*
> difference is that the older NC protocol only supports Legacy IP.
>
> Do you have any IPv6 configuration on the VPN when you connect with
> Pulse?
>
> I suspect there's some weirdness with DNS or routing — or perhaps the
> VPN MTU. Can you reproduce with smbclient on the command line and
> debugging enabled? And can you capture the traffic on the VPN interface
> while you try, so we can compare both nc and pulse modes?

I'm afraid I don't know how to use smbclient (can't get it to work, I'll have 
to study the syntax a little more).

What I could get so far:

root@junior:/home/thierry# openconnect --protocol=pulse https://school.gyb.ch
Connected to 46.245.150.135:443
SSL negotiation with school.gyb.ch
Connected to HTTPS on school.gyb.ch with ciphersuite 
(TLS1.2)-(RSA)-(AES-128-GCM)
Got HTTP response: HTTP/1.1 101 Switching Protocols
Enter user credentials:
Username:<username>
Password: <password>
Connected as 10.1.248.7, using SSL, with ESP in progress

Tunnel seems to exist.
If I start my file manager (I use TDE's konqueror for this) the program opens 
but no password is asked.

root@junior:/home/thierry# openconnect --protocol=nc https://school.gyb.ch
GET https://school.gyb.ch/
Connected to 46.245.150.135:443
SSL negotiation with school.gyb.ch
Connected to HTTPS on school.gyb.ch with ciphersuite 
(TLS1.2)-(RSA)-(AES-128-GCM)
Got HTTP response: HTTP/1.1 302 Found
GET https://school.gyb.ch/dana-na/auth/url_1/welcome.cgi
SSL negotiation with school.gyb.ch
Connected to HTTPS on school.gyb.ch with ciphersuite 
(TLS1.2)-(RSA)-(AES-128-GCM)
frmLogin
username:<username>
password:<password>
POST https://school.gyb.ch/dana-na/auth/url_1/login.cgi
Got HTTP response: HTTP/1.1 302 Moved
GET https://school.gyb.ch/dana/home/index.cgi
Connected as 10.1.248.7, using SSL, with ESP in progress

This time the password is asked and I get in.

What I notice is that the first time I get "Switching Protocols".
Unfortunately I have no real information as to how the server works. Users are 
instructed to use the pulse software and all we are given are user name and 
password. I thought it would be better to use the pulse protocol but as long 
as nc works...

T. de Coulon



_______________________________________________
openconnect-devel mailing list
openconnect-devel@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/openconnect-devel




[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux