Questions about OpenConnect with Pulse and a bug
Schütz Dominik
Dominik.Schuetz at esolutions.de
Thu May 5 11:07:19 PDT 2022
Hi,
We would like to use OpenConnect (currently 9.01-0+9.1) productively as a VPN client (under Ubuntu 20.04 and 22.04) with Pulse as the backend (currently 9.1R14), but we still have the following open questions:
1. Is "--protocol=nc" used for Pulse SSL VPN and "--protocol=pulse" used for Pulse ESP (IPsec) VPN?
2. Does the "--protocol=pulse" fallback to SSL if the VPN connection with ESP doesn't work?
3. Why can't OpenConnect always establish a VPN connection with "--protocol=pulse"?
"Configured as xxx.xxx.xxx.xxx, with SSL connected and ESP in progress" is then displayed here, but sometimes "ESP session established with server" does not appear and consequently "ping domain" does not work, although the client has a company-internal IP address.
Here you have to disconnect the VPN connection and re-establish it again until "ESP session established with server" is there, then the VPN works with "--protocol=pulse" without any problems.
With "--protocl=nc" I don't have these problems, this is more reliable than "--protocol=pulse". Can it be a bug?
Thanks.
Regards,
Dominik
e.solutions GmbH
Despag-Straße 4a, 85055 Ingolstadt,
Phone +49845833321287
Dominik.Schuetz at esolutions.de
Please, find my mail encryption keys at: https://secmail.esolutions.de
Registered Office:
e.solutions GmbH
Despag-Straße 4a, 85055 Ingolstadt, Germany
Managing Directors Uwe Reder, Rainer Lange
Register Court Ingolstadt HRB 5221
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6003 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20220505/6cfde7e8/attachment.p7s>
More information about the openconnect-devel
mailing list