GnuTLS "Error in the pull function" : cannot establish connection with VPN server

Nikos Mavrogiannopoulos n.mavrogiannopoulos at
Tue Jan 19 00:07:01 PST 2016

On Mon, Jan 18, 2016 at 1:11 PM, Pawel Stankowski
<Pawel.Stankowski at> wrote:
>> > e is the output I got (after upgrade to Ubuntu 15.10):
>> > # openconnect --version
>> > OpenConnect version v7.06
>> > Using GnuTLS. Features present: PKCS#11, RSA software token, HOTP
>> > software token, TOTP software token, DTLS
>> > past at past-ubuntu:~$
>> > # openconnect -v <VPN IP>
>> > POST https://<VPN IP>
>> > Attempting to connect to server XX.XX.XX.XXX:443
>> > SSL negotiation with <VPN IP>
>> > SSL connection failure: Error in the pull function.
>> This is most likely a networking error. You can check the connection
>> status with wireshark, and/or set GNUTLS_DEBUG_LEVEL=6 for more
>> information.
> Seems that there is some incompatibility between GnuTLS and this VPN
> server. I reproduced the same problem on Debian 8 "Jessie". The same
> server works fine with both AnyConnect and openconnect compiled without
> GnuTLS. I get known that the server I connect to is some Cisco ASA
> Firewall.

Which version of gnutls is that? Could  you try running
gnutls-cli-debug on that server?

More information about the openconnect-devel mailing list