Pulse Secure and 6in4 or 4in6 with ESP

[Christian Deckelmann]

Hello,


Pulse Secure states that 4in6 and 6in4 are supported in their latest 
release (9.1R9).

https://www-prev.pulsesecure.net/download/techpubs/current/2182/pulse-connect-secure/pcs/9.1rx/9.1r9/ps-pcs-sa-9.1r9.0-releasenotes.pdf 
<https://www-prev.pulsesecure.net/download/techpubs/current/2182/pulse-connect-secure/pcs/9.1rx/9.1r9/ps-pcs-sa-9.1r9.0-releasenotes.pdf>

Page 9


It looks like below with openconnect 8.10.

Gateway has IPv6 on the external interace. Client has IPv6 as well.

In the tunnel, only IPv4 is configured.


I could provide a Pulse Gateway for testing.

Thanks,

Christian

Unknown attr 0x4000 len 1: 00

Unknown attr 0x4001 len 1: 00

Unknown attr 0x401f len 1: 00

Unknown attr 0x4020 len 1: 00

Unknown attr 0x4021 len 1: 00

Received MTU 1400 from server

Received DNS server X.X.X.X

Received DNS server Y.Y.Y.Y

Received DNS search domain XXXXXXX.com

Unknown attr 0x4007 len 4: 00 00 00 01

Unknown attr 0x4019 len 1: 00

ESP only: 0

Unknown attr 0x4024 len 1: 00

ESP to SSL fallback: 0 seconds

Unknown attr 0x400f len 2: 00 00

ESP encryption: 0x0000 (unknown)

ESP HMAC: 0x0000 (unknown)

ESP key lifetime: 0 seconds

ESP key lifetime: 0 bytes

ESP replay protection: 0

Unknown attr 0x4015 len 4: 00 00 00 00

ESP port: 0

ESP to SSL fallback: 0 seconds

Unknown attr 0x4018 len 4: 00 00 00 00

Received internal Legacy IP address A.A.A.A

Received netmask 255.255.255.255

Received internal gateway address 10.200.200.200

Unknown attr 0x400a len 1: 01

Unknown attr 0x400c len 1: 00

Unknown attr 0x400d len 1: 00

Unknown attr 0x400e len 1: 00

Unknown attr 0x401b len 1: 00

Unknown attr 0x401c len 1: 00

Unknown attr 0x13 len 268: 3c 61 64 76 61 6e 63 65 64 2d 63 6f 6e 66 69 
67...

Unknown attr 0x14 len 1: 00

Set up UDP failed; using SSL instead

Connected as A.A.A.A, using SSL, with ESP disabled