On Mon, Jan 11, 2021 at 2:03 PM John Hannafin <john.hanna...@gmail.com> wrote: > Sometime last year, we noticed that at > some point between version 8.03 and 8.06, using openconnect would > become unreliable. Using 8.03, I can run the command "sudo > openconnect --juniper --protocol=nc https://[REDACTED_HOSTNAME]";, and > the VPN will stay active and work for as long as I needed it. I > noticed with version 8.06 (perhaps earlier though?), that the VPN > would run for, about 15 minutes before failing and I'd have to quit > the VPN and resign in to get another 15 minutes or so of use. This > behavior still exists in 8.10 today. I can no longer run 8.03 due to > dependencies not existing for it in Fedora 33's repos, so I'm looking > to try and solve my problem for newer versions. Any guidance or help > would be greatly appreciated.
We've discovered a subtle bug in Juniper rekey/reconnection, which was introduced back in OpenConnect v8.04. Thanks to the efforts of a dedicated user who dug up this mailing list post, and was able to contribute detailed logs to help me solve this very tricky issue. See https://gitlab.com/openconnect/openconnect/-/issues/322 for the gory details. I've been able to write and test a fix for it: https://gitlab.com/openconnect/openconnect/-/merge_requests/293 It'd be helpful to have other users compile from source and test, so that we can confidently include this fix in the next release. Thanks, Dan _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
