Merge branch 'origin/explain_server_0x08'

https://gitlab.com/openconnect/openconnect/-/merge_requests/48 Signed-off-by: Daniel Lenski <dlenski@gmail.com>
sailfishos-mirror · Mar 30, 2020 · c9abd68 · c9abd68
2 parents 5388479 + 628a1ab
commit c9abd68
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 4 deletions.
diff --git a/oncp.c b/oncp.c
@@ -642,6 +642,12 @@ int oncp_connect(struct openconnect_info *vpninfo)
 		vpn_progress(vpninfo, PRG_ERR,
 			     _("Server response to hostname packet is error 0x%02x\n"),
 			     bytes[2]);
+		if (bytes[2] == 0x08)
+			vpn_progress(vpninfo, PRG_ERR,
+			             _("This seems to indicate that the server has disabled support for\n"
+			               "Juniper's older oNCP protocol, and only allows connections using\n"
+			               "the newer Junos Pulse protocol. This version of OpenConnect has\n"
+			               "EXPERIMENTAL support for Pulse using --prot=pulse\n"));
 		ret = -EINVAL;
 		goto out;
 	}

diff --git a/openconnect.8.in b/openconnect.8.in
@@ -81,8 +81,10 @@ protocols for data transport.
 
 It was originally written to support Cisco "AnyConnect" VPN servers,
 and has since been extended with experimental support for Juniper
-Network Connect and Junos Pulse VPN servers
+Network Connect
 .RB ( \-\-protocol=nc )
+and Junos Pulse VPN servers
+.RB ( \-\-protocol=pulse )
 and PAN GlobalProtect VPN servers
 .RB ( \-\-protocol=gp ).
 
@@ -464,9 +466,19 @@ to be used for the connection. Supported protocols are
 for Cisco AnyConnect (the default),
 .I nc
 for experimental support for Juniper Network Connect (also supported
-by Junos Pulse servers), and
+by most Junos Pulse servers),
+.I pulse
+for experimental support for Junos Pulse, and
 .I gp
 for experimental support for PAN GlobalProtect.
+
+OpenConnect does not yet support all of the authentication options used
+by Pulse, nor does it support Host Checker/TNCC with Pulse. If your
+Junos Pulse VPN is not yet supported with
+.BR \-\-protocol=pulse ,
+then
+.B \-\-protocol=nc
+may be a useful fallback option.
 .TP
 .B \-\-token\-mode=MODE
 Enable one-time password generation using the

diff --git a/www/pulse.xml b/www/pulse.xml
@@ -36,8 +36,8 @@ should be usable with OpenConnect in Pulse mode too.</p>
 
 <h3>Host Checker</h3>
 
-<p>Not yet investigated and implemented for Pulse mode. The Juniper support may
-suffice for some users.</p>
+<p>Support for Host Checker, also known as TNCC, has not yet been investigated and
+implemented for Pulse mode. The Juniper support may suffice for some users.</p>
 
 <h2>Connectivity</h2>