DNS not resolving on OpenConnect w/ Juniper Pulse Secure Gateway

Sam McLeod samm at infoxchange.org.au
Tue Apr 7 03:36:15 PDT 2015

We're trying to get OpenConnect working to replace the Junos Pulse client on OSX and Linux clients connecting to our Juniper MAG 2600 VPN gateway.
OpenConnect correctly authenticates and establishes the connection however DNS does not work over the link.

- I've checked /etc/resolv.conf on my OSX machine and our internal DNS server has been correctly added.

- A tcpdump shows the DNS request traffic on the utun1 interface however the MAG 2600 returns an NXDomain:

20:20:57.596050 IP <internal IP of MAG>.55812 ><internal IP of DNS Server>.domain: 31256+ A? <internal hostname>. (28)
20:20:57.623131 IP <internal IP of DNS Server>.domain > <internal IP of MAG>.55812: 31256 NXDomain 0/0/0 (28)

- Here's where it gets really strange:

After waiting several minutes I am suddenly able to make DNS requests correctly, however connecting or pinging a host by hostname does not work:

% host <internal server FQDN>
<internal server FQDN> has address <internal server IP>

% ssh <internal server FQDN>
ssh: Could not resolve hostname <internal server FQDN>: nodename nor servname provided, or not known

% ping <internal server FQDN>
ping: cannot resolve <internal server FQDN>: Unknown host

% ping <internal server IP>
PING <internal server IP> (<internal server IP>): 56 data bytes
64 bytes from <internal server IP>: icmp_seq=0 ttl=61 time=28.003 ms
64 bytes from <internal server IP>: icmp_seq=1 ttl=61 time=30.082 ms

- In addition to this strange behaviour it appears that the DNS search domains are not being applied to the connection as well.

Sam McLeod.

More information about the openconnect-devel mailing list