Juniper SSL VPN login fails: A TLS packet with unexpected length was received.
David Woodhouse
dwmw2 at infradead.org
Thu Aug 6 01:26:17 PDT 2015
On Mon, 2015-05-18 at 21:18 -0400, Tom Metro wrote:
> Failed to read from SSL socket: A TLS packet with unexpected length was
> received.
> Failed to obtain WebVPN cookie
>
>
> When searching for answers, the most relevant hit was:
>
> https://bugs.launchpad.net/ubuntu/+source/openconnect/+bug/1225276
>
> from 2013, which suggested this patch:
>
> http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/c7077b96b
>
> which I confirmed is already in the version of the code I'm using.
Apologies for delayed response. I suspect your failing box is using an
ancient version of GnuTLS which didn't have the explicit
GNUTLS_E_PREMATURE_TERMINATION error code, and just returned the
'unexpected length' error instead.
Coffeee.... archives.... brain... Hah. This came up before:
http://comments.gmane.org/gmane.network.vpn.openconnect.devel/1324
I had a workaround, as described there. I'd even got confirmation from
Nikos that it wasn't entirely the wrong thing to do.
But I didn't bother to apply it because it was only ever seen with
Juniper servers, and at the time we didn't support Juniper at all; this
was a rather bizarre user trying OpenConnect against a Juniper server
in the days when it *only* supported AnyConnect.
I've just pushed a fix; can you test it please?
--
David Woodhouse Open Source Technology Centre
David.Woodhouse at intel.com Intel Corporation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5691 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150806/f6792b1a/attachment.bin>
More information about the openconnect-devel
mailing list