Issues staying connected to Pulse Secure on OpenConnect v8.10

Daniel Lenski dlenski at gmail.com
Tue Oct 12 21:21:10 PDT 2021


On Mon, Jan 11, 2021 at 2:03 PM John Hannafin <john.hannafin at gmail.com> wrote:
> Sometime last year, we noticed that at
> some point between version 8.03 and 8.06, using openconnect would
> become unreliable.  Using 8.03, I can run the command "sudo
> openconnect --juniper --protocol=nc https://[REDACTED_HOSTNAME]", and
> the VPN will stay active and work for as long as I needed it.  I
> noticed with version 8.06 (perhaps earlier though?), that the VPN
> would run for, about 15 minutes before failing and I'd have to quit
> the VPN and resign in to get another 15 minutes or so of use.  This
> behavior still exists in 8.10 today.  I can no longer run 8.03 due to
> dependencies not existing for it in Fedora 33's repos, so I'm looking
> to try and solve my problem for newer versions.  Any guidance or help
> would be greatly appreciated.

We've discovered a subtle bug in Juniper rekey/reconnection, which was
introduced back in OpenConnect v8.04.

Thanks to the efforts of a dedicated user who dug up this mailing list
post, and was able to contribute detailed logs to help me solve this
very tricky issue. See
https://gitlab.com/openconnect/openconnect/-/issues/322 for the gory
details.

I've been able to write and test a fix for it:
https://gitlab.com/openconnect/openconnect/-/merge_requests/293

It'd be helpful to have other users compile from source and test, so
that we can confidently include this fix in the next release.

Thanks,
Dan



More information about the openconnect-devel mailing list