GnuTLS "Error in the pull function" : cannot establish connection with VPN server

Pawel Stankowski Pawel.Stankowski at
Fri Jan 15 08:15:35 PST 2016

Hello open-connect developers,

I experience some unexpected behavior after some time in Ubuntu 15.04.
Upgrade to Ubuntu 15.10 did not help.

Thing is that openconnect stopped establishing connection with my
company's VPN, possibly after some change on server side or after
security upgrade of some package in my ubuntu, not sure.

Here is the output I got (after upgrade to Ubuntu 15.10):
# openconnect --version
OpenConnect version v7.06
Using GnuTLS. Features present: PKCS#11, RSA software token, HOTP
software token, TOTP software token, DTLS
past at past-ubuntu:~$ 
# openconnect -v <VPN IP>
POST https://<VPN IP>
Attempting to connect to server XX.XX.XX.XXX:443
SSL negotiation with <VPN IP>
SSL connection failure: Error in the pull function.
Failed to open HTTPS connection to <VPN IP>
Failed to obtain WebVPN cookie

Seems that the problem is related to pull function used by GNU TLS
library. I built the newest master version from source code and had the
same error.

Then I switched from GnuTLS to OpenSSL by writing:
../configure --with-vpnc-script="/usr/share/vpnc-scripts/vpnc-script" 
-without-gnutls --with-openssl=yes

... and I successfully connected to the same VPN using v6.00 tag. I
couldn't compile master using the same configuration flags, seems that
OpenSSL is no longer supported as the only SSL library...

Could you help me to determine what is wrong with Ubuntu packages, that
they do not work properly on my PC?



Best regards / Pozdrawiam

Paweł Stankowski

E-mail: pawel.stankowski at

More information about the openconnect-devel mailing list