Package: openconnect Version: 9.01-2 Severity: important X-Debbugs-Cc: none, Michael Welsh Duggan <m...@md5i.com>
Dear Maintainer, My place of work updated their Pulse VPN server. After this upgrade, I could no longer connect. For example:
$ openconnect --protocol=pulse vpn.sei.cmu.edu/ipsec Connected to 128.237.28.52:443 SSL negotiation with vpn.sei.cmu.edu Connected to HTTPS on vpn.sei.cmu.edu with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(ECDSA-SHA512)-(AES-256-GCM) Got HTTP response: HTTP/1.1 101 Switching Protocols Enter user credentials: Username:mwd Password: Enter secondary credentials: Secondary password: Unexpected Pulse config packet: < 0000: 00 00 0a 4c 00 00 00 01 00 00 01 66 00 00 01 fc |...L.......f....| < 0010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| < 0020: 2e 20 f0 00 00 00 00 00 00 00 01 56 2e 00 00 0d |. .........V....| < 0030: 03 00 00 00 40 25 00 01 01 2c 00 00 0d 03 00 00 |....@%...,......| < 0040: 00 40 26 00 01 01 2e 00 00 18 01 00 00 00 07 00 |.@&.............| < 0050: 00 10 00 00 ff ff 00 00 00 00 ff ff ff ff 00 00 |................| < 0060: 01 08 03 00 00 00 40 00 00 01 01 40 01 00 01 01 |......@....@....| < 0070: 40 1f 00 01 00 40 20 00 01 01 40 21 00 01 01 40 |@....@ ...@!...@| < 0080: 05 00 04 00 00 05 78 00 03 00 04 0a 40 ff 64 40 |......x.....@.d@| < 0090: 06 00 24 61 64 2e 73 65 69 2e 63 6d 75 2e 65 64 |..$ad.sei.cmu.ed| < 00a0: 75 2c 73 65 69 2e 63 6d 75 2e 65 64 75 2c 63 65 |u,sei.cmu.edu,ce| < 00b0: 72 74 2e 6f 72 67 00 40 07 00 04 00 00 00 01 00 |rt.org.@........| < 00c0: 04 00 04 ff ff ff ff 40 19 00 01 01 40 1a 00 01 |.......@....@...| < 00d0: 01 40 24 00 01 01 40 17 00 04 00 00 00 0f 40 0f |.@$...@.......@.| < 00e0: 00 02 00 00 40 10 00 02 00 05 40 11 00 02 00 03 |....@.....@.....| < 00f0: 40 12 00 04 00 00 04 b0 40 13 00 04 00 00 00 00 |@.......@.......| < 0100: 40 14 00 04 00 00 00 01 40 15 00 04 00 00 00 00 |@.......@.......| < 0110: 40 16 00 02 11 94 40 17 00 04 00 00 00 0f 40 18 |@.....@.......@.| < 0120: 00 04 00 00 00 3c 00 01 00 04 0a 40 c9 59 00 02 |.....<.....@.Y..| < 0130: 00 04 ff ff ff ff 40 0b 00 04 0a 40 cb 00 40 0a |......@....@..@.| < 0140: 00 01 01 40 0c 00 01 00 40 0d 00 01 00 40 0e 00 |...@....@....@..| < 0150: 01 00 40 1b 00 01 00 40 1c 00 01 00 00 13 00 01 |..@....@........| < 0160: 00 00 14 00 01 00 |......| Creating SSL connection failed Unknown error; exiting.
Applying the following patch from the openconnect upstream repository fixes this problem for me: https://gitlab.com/openconnect/openconnect/-/commit/c9831b382c7839682b3f1ea0a7f950e6cb55d5e8 -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.0.0-2-amd64 (SMP w/32 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages openconnect depends on: ii libc6 2.36-8 ii libgnutls30 3.7.8-5 ii libopenconnect5 9.01-2 ii libproxy1v5 0.4.18-1.2 ii libxml2 2.9.14+dfsg-1.1+b3 ii vpnc-scripts 0.1~git20220510-1 Versions of packages openconnect recommends: ii python3 3.11.1-3 ii python3-asn1crypto 1.5.1-2 ii python3-mechanize 1:0.4.8+pypi-5 ii python3-netifaces 0.11.0-2+b1 Versions of packages openconnect suggests: ii bash-completion 1:2.11-6 ii xdg-utils 1.1.3-4.1 -- no debconf information -- Michael Welsh Duggan (m...@md5i.com)