On Fri, 2022-05-20 at 12:38 +0000, Schütz Dominik wrote: > Hi, > > On some Ubuntu 20.04 clients with OpenConnect v9.01 and "--protocol=pulse" we > have the problem that with ESP the Kerberos tickets are not correct. If you > use the official Pulse UI for Ubuntu and ESP, the problems do not occur. > > > We get the following messages on port 88: > # tcpdump -i any -nn -q -e host xx.x.x.x > ... > 11:05:39.369009 Out xx.x.xxx.xxx.51144 > xx.x.x.xx.88: UDP, bad length 2007 > > 1368
Hm, which end is that capture from? Can you capture at *both* ends? And is that port 51144 on the client side, sending to the KDC on the VPN? I suspect a fragmentation issue. Can you reproduce with large ping packets, e.g. 'ping -s 2000'? Perhaps you can reproduce to a host on the VPN where you *can* do a packet capture, if capturing on/near the KDC is hard.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
