Hi,
FWIW, while working on authenticating to Globalprotect with
double-SAML authentication, I noticed that my connection
always fails to establish a UDP ESP tunnel. No matter
the -vvv, I get no real information as to why.
I see no UDP traffic passing through my firewall related
to the VPN. Ever. (Unless I made some sort of stupid mistake.)
Should I be looking for/passing through the firewall _actual_ ESP
traffic?
Although I did notice some ICMP IPv6 packets. Which would have to
go through the VPN or else won't be passed by my firewall.
It's unclear if these have to do with ESP or not. Further,
FYI, they seem to be sent even when using --disable-ipv6.
I can use the VPN without ESP, and maybe the issue is
server-side anyway, but I thought I'd ask to see if there
was anything easy to try. If it's not easy I don't expect
I'll spend the time on it. I'd rather spend time getting
the double-SAML patch approved.
Thanks for the help.
Regards,
Karl <k...@karlpinc.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
_______________________________________________
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel
