Debugging UDP ESP failure
Karl O. Pinc
kop at karlpinc.com
Wed Jul 24 15:03:08 PDT 2024
Hi,
FWIW, while working on authenticating to Globalprotect with
double-SAML authentication, I noticed that my connection
always fails to establish a UDP ESP tunnel. No matter
the -vvv, I get no real information as to why.
I see no UDP traffic passing through my firewall related
to the VPN. Ever. (Unless I made some sort of stupid mistake.)
Should I be looking for/passing through the firewall _actual_ ESP
traffic?
Although I did notice some ICMP IPv6 packets. Which would have to
go through the VPN or else won't be passed by my firewall.
It's unclear if these have to do with ESP or not. Further,
FYI, they seem to be sent even when using --disable-ipv6.
I can use the VPN without ESP, and maybe the issue is
server-side anyway, but I thought I'd ask to see if there
was anything easy to try. If it's not easy I don't expect
I'll spend the time on it. I'd rather spend time getting
the double-SAML patch approved.
Thanks for the help.
Regards,
Karl <kop at karlpinc.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
More information about the openconnect-devel
mailing list