Skip to content
Permalink
Browse files
Merge branch 'origin/explain_server_0x08'
https://gitlab.com/openconnect/openconnect/-/merge_requests/48

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
  • Loading branch information
dlenski committed Mar 30, 2020
2 parents 5388479 + 628a1ab commit c9abd685eb4fc36beca636765249854b5377df28
Showing with 22 additions and 4 deletions.
  1. +6 −0 oncp.c
  2. +14 −2 openconnect.8.in
  3. +2 −2 www/pulse.xml
6 oncp.c
@@ -642,6 +642,12 @@ int oncp_connect(struct openconnect_info *vpninfo)
vpn_progress(vpninfo, PRG_ERR,
_("Server response to hostname packet is error 0x%02x\n"),
bytes[2]);
if (bytes[2] == 0x08)
vpn_progress(vpninfo, PRG_ERR,
_("This seems to indicate that the server has disabled support for\n"
"Juniper's older oNCP protocol, and only allows connections using\n"
"the newer Junos Pulse protocol. This version of OpenConnect has\n"
"EXPERIMENTAL support for Pulse using --prot=pulse\n"));
ret = -EINVAL;
goto out;
}
@@ -81,8 +81,10 @@ protocols for data transport.

It was originally written to support Cisco "AnyConnect" VPN servers,
and has since been extended with experimental support for Juniper
Network Connect and Junos Pulse VPN servers
Network Connect
.RB ( \-\-protocol=nc )
and Junos Pulse VPN servers
.RB ( \-\-protocol=pulse )
and PAN GlobalProtect VPN servers
.RB ( \-\-protocol=gp ).

@@ -464,9 +466,19 @@ to be used for the connection. Supported protocols are
for Cisco AnyConnect (the default),
.I nc
for experimental support for Juniper Network Connect (also supported
by Junos Pulse servers), and
by most Junos Pulse servers),
.I pulse
for experimental support for Junos Pulse, and
.I gp
for experimental support for PAN GlobalProtect.

OpenConnect does not yet support all of the authentication options used
by Pulse, nor does it support Host Checker/TNCC with Pulse. If your
Junos Pulse VPN is not yet supported with
.BR \-\-protocol=pulse ,
then
.B \-\-protocol=nc
may be a useful fallback option.
.TP
.B \-\-token\-mode=MODE
Enable one-time password generation using the
@@ -36,8 +36,8 @@ should be usable with OpenConnect in Pulse mode too.</p>

<h3>Host Checker</h3>

<p>Not yet investigated and implemented for Pulse mode. The Juniper support may
suffice for some users.</p>
<p>Support for Host Checker, also known as TNCC, has not yet been investigated and
implemented for Pulse mode. The Juniper support may suffice for some users.</p>

<h2>Connectivity</h2>

0 comments on commit c9abd68

Please sign in to comment.