Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
oNCP: explain likely meaning of long-puzzling 'error 0x08'
It appears that the 'error 0x08' returned by some Juniper servers in
response to attempted initiation of the oNCP tunnel means that the server
doesn't support, or has disabled, the older oNCP protocol and only supports
the newer Junos Pulse protocol

This conclusion was based on the investigations of
https://gitlab.com/openconnect/openconnect/issues/42.
See also http://lists.infradead.org/pipermail/openconnect-devel/2018-August/005041.html
for a list of past reports of this error.

OpenConnect previously did not support the Pulse protocol at all (see
http://lists.infradead.org/pipermail/openconnect-devel/2019-April/005334.html),
but now has experimental support as of v8.04 (see
https://lists.infradead.org/pipermail/openconnect-devel/2019-August/005396.html).

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
  • Loading branch information
dlenski committed Mar 30, 2020
1 parent 5b0ea32 commit 2823a47
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions oncp.c
Expand Up @@ -642,6 +642,12 @@ int oncp_connect(struct openconnect_info *vpninfo)
vpn_progress(vpninfo, PRG_ERR,
_("Server response to hostname packet is error 0x%02x\n"),
bytes[2]);
if (bytes[2] == 0x08)
vpn_progress(vpninfo, PRG_ERR,
_("This seems to indicate that the server has disabled support for\n"
"Juniper's older oNCP protocol, and only allows connections using\n"
"the newer Junos Pulse protocol. This version of OpenConnect has\n"
"EXPERIMENTAL support for Pulse using --prot=pulse\n"));
ret = -EINVAL;
goto out;
}
Expand Down

0 comments on commit 2823a47

Please sign in to comment.