Sorry Daniel for the lack of info. GPopen is just my fork of an old version of GlobalProtect-openconnect before it became payware.
When I'm in the office again tomorrow I'll collect more info and scrub it to share here. Thanks! Ben On Tue, Jul 30, 2024 at 4:35 PM Daniel Lenski <dlen...@gmail.com> wrote: > > On Tue, Jul 30, 2024 at 11:47 AM Benjamin Cardon <bj.car...@gmail.com> wrote: > > > > Hi, my company has a GlobalProtect VPN and I've been successfully > > using it using GPopen and openconnect for years. > > > What is GPopen? > > > A few months ago, they changed something in our network or VPN that is > > causing the VPN to fail to connect via ESP when I'm in our office, though > > it works perfectly fine outside the office network. I have tried to figure > > out what exactly is preventing ESP from starting up and the only thing I > > can really see in the logs that is different between in the office versus > > out of the office is this log > > > > Jul 30 11:06:33 xps15 plasmashell[3116179]: 2024-07-30 11:06:33.467 > > INFO [3116179] [GPClient::onVPNLogAvailable@518] ESP receive error: > > Connection refused > > > > My question is, what does this log line imply and where is the connection > > being refused from? > > Find and provide additional context, and then we'll both have a better > idea of what's going on. > > As Karl Pinc wrote, run the OpenConnect command-line client with `-vvv > --dump-http-traffic` and share the logs from that, particularly log > messages about ESP configuration. > > > Is it just UDP packets to the gateway address? Prior to this, it does do a > > handshake using Okta to sign in which works just fine so it's transferring > > the ESP packets explicitly that seems to be the problem. To me, this > > suggests a network configuration/firewall issue but I need more info to > > tell our networking team what to investigate. > > It is *likely* that some kind of middlebox is preventing UDP packets > from getting through in the non-working network environment, but there > are other possibilities as well. _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
