[GlobalProtect] Keepalive fails: GPST Dead Peer Detection detected dead peer
Somehow, OpenConnect does no longer work with my university's GlobalProtect VPN. I am using OpenConnect v9.12, normally on Windows. Have tried OpenConnect 9.12 in WSL to test if it's an issue of the Windows version, but the same happens there (the attached logs are from the WSL installation).
The VPN seems to connect successfully, but the connection is re-established shortly after connection due to GPST dead peer detection. It seems like the VPN server does not answer the Keep-alive requests, for whatever reason. The official Windows client of GlobalProtect does not have this issue, the VPN connection works properly.
Nonetheless, this was working before on OpenConnect v9.12, so there must have been some change to the VPN server or similar causing the issue.
Logs
Click to expand logs
POST https://vpn.ohmportal.de/global-protect/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Linux
Attempting to connect to server 141.75.7.9:443
Connected to 141.75.7.9:443
SSL negotiation with vpn.ohmportal.de
Connected to HTTPS on vpn.ohmportal.de with ciphersuite (TLS1.2)-(RSA)-(AES-256-GCM)
> POST /global-protect/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Linux HTTP/1.1
> Host: vpn.ohmportal.de
> User-Agent: PAN GlobalProtect
>
Got HTTP response: HTTP/1.1 200 OK
Date: Wed, 31 Jan 2024 12:04:16 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 450
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-FRAME-OPTIONS: DENY
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; path=/; secure; httponly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Strict-Transport-Security: max-age=31536000;
X-XSS-Protection: 1; mode=block;
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';
HTTP body length: (450)
< <?xml version="1.0" encoding="UTF-8" ?>
< <prelogin-response>
< <status>Success</status>
< <ccusername></ccusername>
< <autosubmit>false</autosubmit>
< <msg></msg>
< <newmsg></newmsg>
< <authentication-message>Enter login credentials</authentication-message>
< <username-label>Username</username-label>
< <password-label>Password</password-label>
< <panos-version>1</panos-version>
< <saml-default-browser>yes</saml-default-browser><region>DE</region>
< </prelogin-response>
Prelogin form _login: "Username: " user(TEXT)=(null), "Password: " passwd(PASSWORD)
Enter login credentials
Password:
POST https://vpn.ohmportal.de/global-protect/getconfig.esp
> POST /global-protect/getconfig.esp HTTP/1.1
> Host: vpn.ohmportal.de
> User-Agent: PAN GlobalProtect
> Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c
> X-Pad: 00000000000000000000000
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 233
>
> jnlpReady=jnlpReady&ok=Login&direct=yes&clientVer=4100&prot=https:&internal=no&ipv6-support=yes&clientos=Linux&os-version=linux-64&server=vpn.ohmportal.de&computer=[REDACTED]&user=[REDACTED]4&passwd=[REDACTED]
Got HTTP response: HTTP/1.1 200 OK
Date: Wed, 31 Jan 2024 12:04:27 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 10969
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-FRAME-OPTIONS: DENY
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Strict-Transport-Security: max-age=31536000;
X-XSS-Protection: 1; mode=block;
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';
HTTP body length: (10969)
< <?xml version="1.0" encoding="UTF-8" ?>
< <policy>
< <portal-name>TH Nbg Portal</portal-name>
< <portal-config-version>4100</portal-config-version>
< <version>6.1.3-703 </version>
< <client-role>global-protect-full</client-role>
< <agent-user-override-key>****</agent-user-override-key>
< <connect-method>on-demand</connect-method>
< <on-demand>yes</on-demand>
< <refresh-config>yes</refresh-config>
< <refresh-config-interval>24</refresh-config-interval>
< <authentication-modifier>
< <none/>
< </authentication-modifier>
< <authentication-override>
< <accept-cookie>no</accept-cookie>
< <generate-cookie>yes</generate-cookie>
< <cookie-encrypt-decrypt-cert>vpn.ohmportal.de</cookie-encrypt-decrypt-cert>
< </authentication-override>
< <use-sso>no</use-sso>
< <ip-address></ip-address>
< <host></host>
< <gateways>
< <cutoff-time>5</cutoff-time>
< <external>
< <list>
< <entry name="vpn.ohmportal.de">
< <priority-rule>
< <entry name="Any">
< <priority>1</priority>
< </entry>
< </priority-rule>
< <priority>1</priority>
< <description>vpn.ohmportal.de</description>
< </entry>
< </list>
< </external>
< </gateways>
< <gateways-v6>
< <cutoff-time>5</cutoff-time>
< <external>
< <list>
< <entry name="vpn.ohmportal.de">
< <fqdn>vpn.ohmportal.de</fqdn>
< <priority-rule>
< <entry name="Any">
< <priority>1</priority>
< </entry>
< </priority-rule>
< <priority>1</priority>
< </entry>
< </list>
< </external>
< </gateways-v6>
< <agent-ui>
< <can-save-password>yes</can-save-password>
< <passcode-hash></passcode-hash>
< <uninstall-passwd-hash></uninstall-passwd-hash>
< <agent-user-override-timeout>0</agent-user-override-timeout>
< <max-agent-user-overrides>0</max-agent-user-overrides>
< <help-page>PEhUTUw+CjxIRUFEPgo8VElUTEU+T0hNIFZQTi1Qb3J0YWw8L1RJVExFPgo8bWV0YSBodHRwLWVx
< dWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1pc28tODg1OS0x
< Ij4KPG1ldGEgaHR0cC1lcXVpdj0iUmVmcmVzaCIgY29udGVudD0iMDsgdXJsPWh0dHBzOi8vd3d3
< LnRoLW51ZXJuYmVyZy5kZS9laW5yaWNodHVuZ2VuLWdlc2FtdC96ZW50cmFsZS1laW5yaWNodHVu
< Z2VuL3JlY2hlbnplbnRydW0vaG9jaHNjaHVsYW5nZWhvZXJpZ2UvdnBuLyIgLz4KPG1ldGEgbmFt
< ZT0idmlld3BvcnQiIGNvbnRlbnQ9ImluaXRpYWwtc2NhbGU9MS4wIj4KPHN0eWxlPgogIGJvZHkg
< ewogICAgZm9udC1mYW1pbHk6VGFob21hLEhlbHZldGljYSxBcmlhbCxzYW5zLXNlcmlmOwogIH0K
< ICBwIHsKICAgIGZvbnQtc2l6ZTogMS4wZW07CiAgfQogIGgxLCBoMiwgaDMgewogICAgZm9udC13
< ZWlnaHQ6Ym9sZDsKICAgIGNvbG9yOiNDNzI0MjY7CiAgfQogIGgxIHsKICAgIGZvbnQtc2l6ZTox
< LjRlbTsKICB9CiAgaDIgewogICAgZm9udC1zaXplOjEuMmVtOwogIH0KICBoMyB7CiAgICBmb250
< LXNpemU6IDEuMGVtOwogIH0KICBhOmxpbmsgewogICAgY29sb3I6ICMxNjI4M0Q7CiAgfQo8L3N0
< eWxlPgo8L0hFQUQ+CjxCT0RZPgoKPGgxPldpbGxrb21tZW4gYW0gVlBOLVBvcnRhbDwvaDE+Cjxw
< PkYmdXVtbDtyIGRpZSBIaWxmZXNlaXRlbiBmb2xnZW4gU2llIGJpdHRlIDxhIGhyZWY9Imh0dHBz
< Oi8vd3d3LnRoLW51ZXJuYmVyZy5kZS9laW5yaWNodHVuZ2VuLWdlc2FtdC96ZW50cmFsZS1laW5y
< aWNodHVuZ2VuL3JlY2hlbnplbnRydW0vaG9jaHNjaHVsYW5nZWhvZXJpZ2UvdnBuLyI+ZGllc2Vt
< IExpbms8L2E+LjwvcD4KCjwvQk9EWT4KPC9IVE1MPgo=
< </help-page>
< <help-page-2>PEhUTUw+CjxIRUFEPgo8VElUTEU+T0hNIFZQTi1Qb3J0YWw8L1RJVExFPgo8bWV0YSBodHRwLWVx
< dWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1pc28tODg1OS0x
< Ij4KPG1ldGEgaHR0cC1lcXVpdj0iUmVmcmVzaCIgY29udGVudD0iMDsgdXJsPWh0dHBzOi8vd3d3
< LnRoLW51ZXJuYmVyZy5kZS9laW5yaWNodHVuZ2VuLWdlc2FtdC96ZW50cmFsZS1laW5yaWNodHVu
< Z2VuL3JlY2hlbnplbnRydW0vaG9jaHNjaHVsYW5nZWhvZXJpZ2UvdnBuLyIgLz4KPG1ldGEgbmFt
< ZT0idmlld3BvcnQiIGNvbnRlbnQ9ImluaXRpYWwtc2NhbGU9MS4wIj4KPHN0eWxlPgogIGJvZHkg
< ewogICAgZm9udC1mYW1pbHk6VGFob21hLEhlbHZldGljYSxBcmlhbCxzYW5zLXNlcmlmOwogIH0K
< ICBwIHsKICAgIGZvbnQtc2l6ZTogMS4wZW07CiAgfQogIGgxLCBoMiwgaDMgewogICAgZm9udC13
< ZWlnaHQ6Ym9sZDsKICAgIGNvbG9yOiNDNzI0MjY7CiAgfQogIGgxIHsKICAgIGZvbnQtc2l6ZTox
< LjRlbTsKICB9CiAgaDIgewogICAgZm9udC1zaXplOjEuMmVtOwogIH0KICBoMyB7CiAgICBmb250
< LXNpemU6IDEuMGVtOwogIH0KICBhOmxpbmsgewogICAgY29sb3I6ICMxNjI4M0Q7CiAgfQo8L3N0
< eWxlPgo8L0hFQUQ+CjxCT0RZPgoKPGgxPldpbGxrb21tZW4gYW0gVlBOLVBvcnRhbDwvaDE+Cjxw
< PkYmdXVtbDtyIGRpZSBIaWxmZXNlaXRlbiBmb2xnZW4gU2llIGJpdHRlIDxhIGhyZWY9Imh0dHBz
< Oi8vd3d3LnRoLW51ZXJuYmVyZy5kZS9laW5yaWNodHVuZ2VuLWdlc2FtdC96ZW50cmFsZS1laW5y
< aWNodHVuZ2VuL3JlY2hlbnplbnRydW0vaG9jaHNjaHVsYW5nZWhvZXJpZ2UvdnBuLyI+ZGllc2Vt
< IExpbms8L2E+LjwvcD4KCjwvQk9EWT4KPC9IVE1MPgo=
< </help-page-2>
< <welcome-page>
< <display>no</display>
< <page></page>
< </welcome-page>
< <agent-user-override>allowed</agent-user-override>
< <enable-advanced-view>yes</enable-advanced-view>
< <enable-do-not-display-this-welcome-page-again>yes</enable-do-not-display-this-welcome-page-again>
< <can-change-portal>yes</can-change-portal>
< <show-agent-icon>yes</show-agent-icon>
< <password-expiry-message></password-expiry-message>
< <init-panel>no</init-panel>
< <user-input-on-top>no</user-input-on-top>
<
< </agent-ui>
< <hip-collection>
< <hip-report-interval>3600</hip-report-interval>
< <max-wait-time>20</max-wait-time>
< <collect-hip-data>yes</collect-hip-data>
< <default>
< <category>
< <member>antivirus</member>
< <member>anti-spyware</member>
< <member>host-info</member>
< <member>data-loss-prevention</member>
< <member>patch-management</member>
< <member>firewall</member>
< <member>anti-malware</member>
< <member>disk-backup</member>
< <member>disk-encryption</member>
< </category>
< </default>
< </hip-collection>
< <agent-config>
< <save-user-credentials>1</save-user-credentials>
< <portal-2fa>no</portal-2fa>
< <internal-gateway-2fa>no</internal-gateway-2fa>
< <auto-discovery-external-gateway-2fa>no</auto-discovery-external-gateway-2fa>
< <manual-only-gateway-2fa>no</manual-only-gateway-2fa>
< <disconnect-reasons></disconnect-reasons>
< <uninstall>allowed</uninstall>
< <client-upgrade>prompt</client-upgrade>
< <enable-signout>yes</enable-signout>
< <allow-extend-session>no</allow-extend-session>
< <use-sso-pin>no</use-sso-pin>
< <use-sso-macos>no</use-sso-macos>
< <logout-remove-sso>yes</logout-remove-sso>
< <krb-auth-fail-fallback>yes</krb-auth-fail-fallback>
< <default-browser>no</default-browser>
< <retry-tunnel>30</retry-tunnel>
< <retry-timeout>5</retry-timeout>
< <traffic-enforcement>no</traffic-enforcement>
< <enforce-globalprotect>no</enforce-globalprotect>
< <enforcer-exception-list/>
< <enforcer-exception-list-domain/>
< <captive-portal-exception-timeout>0</captive-portal-exception-timeout>
< <captive-portal-login-url></captive-portal-login-url>
< <traffic-blocking-notification-delay>15</traffic-blocking-notification-delay>
< <display-traffic-blocking-notification-msg>yes</display-traffic-blocking-notification-msg>
< <traffic-blocking-notification-msg><div style="font-family:'Helvetica Neue';"><h1 style="color:red;text-align:center; margin: 0; font-size: 30px;">Notice</h1><p style="margin: 0;font-size: 15px; line-height: 1.2em;">To access the network, you must first connect to GlobalProtect.</p></div></traffic-blocking-notification-msg>
< <allow-traffic-blocking-notification-dismissal>yes</allow-traffic-blocking-notification-dismissal>
< <display-captive-portal-detection-msg>no</display-captive-portal-detection-msg>
< <captive-portal-detection-msg><div style="font-family:'Helvetica Neue';"><h1 style="color:red;text-align:center; margin: 0; font-size: 30px;">Captive Portal Detected</h1><p style="margin: 0; font-size: 15px; line-height: 1.2em;">GlobalProtect has temporarily permitted network access for you to connect to the Internet. Follow instructions from your internet provider.</p><p style="margin: 0; font-size: 15px; line-height: 1.2em;">If you let the connection time out, open GlobalProtect and click Connect to try again.</p></div></captive-portal-detection-msg>
< <captive-portal-notification-delay>5</captive-portal-notification-delay>
< <certificate-store-lookup>user-and-machine</certificate-store-lookup>
< <scep-certificate-renewal-period>7</scep-certificate-renewal-period>
< <ext-key-usage-oid-for-client-cert></ext-key-usage-oid-for-client-cert>
< <retain-connection-smartcard-removal>yes</retain-connection-smartcard-removal>
< <user-accept-terms-before-creating-tunnel>no</user-accept-terms-before-creating-tunnel>
< <rediscover-network>yes</rediscover-network>
< <resubmit-host-info>yes</resubmit-host-info>
< <can-continue-if-portal-cert-invalid>yes</can-continue-if-portal-cert-invalid>
< <user-switch-tunnel-rename-timeout>0</user-switch-tunnel-rename-timeout>
< <pre-logon-tunnel-rename-timeout>-1</pre-logon-tunnel-rename-timeout>
< <preserve-tunnel-upon-user-logoff-timeout>0</preserve-tunnel-upon-user-logoff-timeout>
< <ipsec-failover-ssl>0</ipsec-failover-ssl>
< <display-tunnel-fallback-notification>yes</display-tunnel-fallback-notification>
< <ssl-only-selection>0</ssl-only-selection>
< <tunnel-mtu>1400</tunnel-mtu>
< <max-internal-gateway-connection-attempts>0</max-internal-gateway-connection-attempts>
< <adv-internal-host-detection>no</adv-internal-host-detection>
< <portal-timeout>5</portal-timeout>
< <connect-timeout>5</connect-timeout>
< <receive-timeout>30</receive-timeout>
< <split-tunnel-option>network-traffic</split-tunnel-option>
< <advanced-st-public-key>Empty</advanced-st-public-key>
< <enforce-dns>yes</enforce-dns>
< <append-local-search-domain>no</append-local-search-domain>
< <flush-dns>no</flush-dns>
< <agent-proxy-port>9999</agent-proxy-port>
< <agent-proxy-mode>1</agent-proxy-mode>
< <auto-proxy-pac></auto-proxy-pac>
< <proxy-multiple-autodetect>no</proxy-multiple-autodetect>
< <use-proxy>yes</use-proxy>
< <enable-hip-remediation>0</enable-hip-remediation>
< <wsc-autodetect>yes</wsc-autodetect>
< <mfa-enabled>no</mfa-enabled>
< <mfa-listening-port>4501</mfa-listening-port>
< <mfa-trusted-host-list/>
< <mfa-notification-msg>You have attempted to access a protected resource that requires additional authentication. Proceed to authenticate at</mfa-notification-msg>
< <mfa-prompt-suppress-time>0</mfa-prompt-suppress-time>
< <ipv6-preferred>yes</ipv6-preferred>
< <change-password-message></change-password-message>
< <cdl-log>no</cdl-log>
< <dem-notification>yes</dem-notification>
< <diagnostic-servers/>
< <dem-agent>not-install</dem-agent>
<
< </agent-config>
< <user-email>[REDACTED]</user-email>
< <portal-userauthcookie>[REDACTED]</portal-userauthcookie>
< <portal-prelogonuserauthcookie>empty</portal-prelogonuserauthcookie>
< <config-digest>d83bdff32fc44f50b884d8f0c5f694d9</config-digest>
< </policy>
Portal reports GlobalProtect version 6.1.3-703; we will report the same client version.
Portal set HIP report interval to 60 minutes).
1 gateway servers available:
vpn.ohmportal.de (vpn.ohmportal.de)
Please select GlobalProtect gateway.
GATEWAY: [vpn.ohmportal.de]:vpn.ohmportal.de
POST https://vpn.ohmportal.de/ssl-vpn/login.esp
> POST /ssl-vpn/login.esp HTTP/1.1
> Host: vpn.ohmportal.de
> User-Agent: PAN GlobalProtect
> Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c
> X-Pad: 00000000000000000000000000000000
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 992
>
> jnlpReady=jnlpReady&ok=Login&direct=yes&clientVer=4100&prot=https:&internal=no&ipv6-support=yes&clientos=Linux&os-version=linux-64&server=vpn.ohmportal.de&computer=[REDACTED]&portal-userauthcookie=[REDACTED]&user=[REDACTED]&passwd=[REDACTED]
Got HTTP response: HTTP/1.1 200 OK
Date: Wed, 31 Jan 2024 12:04:27 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 1396
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-FRAME-OPTIONS: DENY
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Set-Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c; secure; HttpOnly
Strict-Transport-Security: max-age=31536000;
X-XSS-Protection: 1; mode=block;
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';
HTTP body length: (1396)
< <?xml version="1.0" encoding="utf-8"?><jnlp><application-desc><argument>(null)</argument><argument>e2dfc2cd90fe3b8a758e0dd2fdf806f4</argument><argument>ea85f67873a58c86d22164fdb8f21873308d5400</argument><argument>TH Nbg Gateway-N</argument><argument>[REDACTED]</argument><argument>THN-AS</argument><argument>vsys1</argument><argument>ohm-hochschule.de</argument><argument>(null)</argument><argument></argument><argument></argument><argument></argument><argument>tunnel</argument><argument>-1</argument><argument>4100</argument><argument></argument><argument>[REDACTED]</argument><argument></argument><argument></argument><argument>4</argument><argument>unknown</argument><argument></argument></application-desc></jnlp>
GlobalProtect login returned authentication-source=THN-AS
GlobalProtect login returned portal-userauthcookie=[REDACTED]
GlobalProtect login returned usually-equals-4=4
GlobalProtect login returned usually-equals-unknown=unknown
POST https://vpn.ohmportal.de/ssl-vpn/getconfig.esp
> POST /ssl-vpn/getconfig.esp HTTP/1.1
> Host: vpn.ohmportal.de
> User-Agent: PAN GlobalProtect
> Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c
> X-Pad: 0000000000000000000000000000000000000000000000000000000
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 329
>
> client-type=1&protocol-version=p1&internal=no&app-version=6.1.3-703&ipv6-support=yes&clientos=Linux&os-version=linux-64&hmac-algo=sha1%2cmd5%2csha256&enc-algo=aes-128-cbc%2caes-256-cbc&authcookie=[REDACTED]&portal=TH%20Nbg%20Gateway-N&user=[REDACTED]&domain=ohm-hochschule.de&computer=[REDACTED]
Got HTTP response: HTTP/1.1 200 OK
Date: Wed, 31 Jan 2024 12:04:27 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 11300
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-FRAME-OPTIONS: DENY
Strict-Transport-Security: max-age=31536000;
X-XSS-Protection: 1; mode=block;
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';
HTTP body length: (11300)
<
< <response status="success">
< <need-tunnel>yes</need-tunnel>
< <ssl-tunnel-url>/ssl-tunnel-connect.sslvpn</ssl-tunnel-url>
< <portal>TH Nbg Gateway-N</portal>
< <user>[REDACTED]</user>
< <lifetime>604800</lifetime>
< <timeout>14400</timeout>
< <disconnect-on-idle>7200</disconnect-on-idle>
< <bw-c2s>1000</bw-c2s>
< <bw-s2c>1000</bw-s2c>
< <gw-address>141.75.7.9</gw-address>
< <gw-address-v6>2001:638:a04:ff07::9</gw-address-v6>
< <ipv6-connection>no</ipv6-connection>
< <ip-address>141.75.169.251</ip-address>
< <netmask>255.255.255.255</netmask>
< <ip-address-preferred>yes</ip-address-preferred>
< <ip-address-v6>2001:638:a04:d105::1c</ip-address-v6>
< <ip-address-v6-preferred>yes</ip-address-v6-preferred>
< <dns-v6>
< <member>141.75.40.251</member>
< <member>141.75.40.250</member>
< </dns-v6>
< <dns>
< <member>141.75.40.251</member>
< <member>141.75.40.250</member>
< </dns>
< <wins>
< </wins>
< <dns-suffix>
< <member>ads1.fh-nuernberg.de</member>
< </dns-suffix>
< <default-gateway>141.75.169.251</default-gateway>
< <default-gateway-v6>2001:638:a04:d105::1c</default-gateway-v6>
< <mtu>0</mtu>
< <no-direct-access-to-local-network>no</no-direct-access-to-local-network>
< <access-routes>
< <member>141.75.0.0/16</member>
< <member>184.25.239.138/32</member>
< <member>184.25.239.195/32</member>
< <member>184.30.18.89/32</member>
< <member>184.30.222.166/32</member>
< <member>184.86.103.197/32</member>
< <member>184.86.103.221/32</member>
< <member>185.5.82.183/32</member>
< <member>185.15.195.38/32</member>
< <member>185.105.252.114/32</member>
< <member>188.93.8.53/32</member>
< <member>188.111.32.128/25</member>
< <member>188.210.44.180/32</member>
< <member>188.210.44.206/32</member>
< <member>192.102.162.236/32</member>
< <member>192.124.249.7/32</member>
< <member>192.166.193.164/32</member>
< <member>193.16.174.81/32</member>
< <member>193.27.50.202/32</member>
< <member>193.110.179.44/32</member>
< <member>194.94.155.226/32</member>
< <member>194.94.155.233/32</member>
< <member>194.158.132.120/32</member>
< <member>195.30.107.54/32</member>
< <member>195.50.179.12/32</member>
< <member>195.74.94.206/32</member>
< <member>195.128.8.101/32</member>
< <member>195.135.184.155/32</member>
< <member>195.201.47.117/32</member>
< <member>195.244.114.182/32</member>
< <member>198.151.217.149/32</member>
< <member>204.74.99.103/32</member>
< <member>208.185.238.84/31</member>
< <member>212.227.143.42/32</member>
< <member>213.52.181.239/32</member>
< <member>213.95.130.134/32</member>
< <member>213.133.105.6/32</member>
< <member>213.239.242.238/32</member>
< <member>213.244.192.102/32</member>
< <member>216.27.103.186/32</member>
< <member>217.31.83.106/32</member>
< <member>217.160.0.211/32</member>
< <member>2.16.192.201/32</member>
< <member>2.17.179.178/32</member>
< <member>2.17.188.151/32</member>
< <member>3.121.204.180/32</member>
< <member>3.121.221.175/32</member>
< <member>3.122.62.247/32</member>
< <member>3.122.69.45/32</member>
< <member>3.122.72.59/32</member>
< <member>3.124.151.183/32</member>
< <member>3.124.154.221/32</member>
< <member>3.125.241.72/32</member>
< <member>3.125.245.146/32</member>
< <member>3.248.63.61/32</member>
< <member>13.57.22.218/32</member>
< <member>13.224.0.0/14</member>
< <member>13.226.159.0/24</member>
< <member>13.227.156.109/32</member>
< <member>18.185.19.7/32</member>
< <member>18.185.153.220/32</member>
< <member>18.185.170.199/32</member>
< <member>18.192.15.126/32</member>
< <member>18.193.50.222/32</member>
< <member>18.194.129.80/32</member>
< <member>18.195.92.117/32</member>
< <member>18.195.110.199/32</member>
< <member>18.195.223.162/32</member>
< <member>18.196.5.101/32</member>
< <member>18.197.0.176/32</member>
< <member>23.8.3.213/32</member>
< <member>23.20.5.232/32</member>
< <member>23.100.61.193/32</member>
< <member>23.102.4.255/32</member>
< <member>34.192.153.165/32</member>
< <member>34.202.128.153/32</member>
< <member>34.224.61.191/32</member>
< <member>34.255.150.68/32</member>
< <member>35.155.145.37/32</member>
< <member>35.156.74.32/32</member>
< <member>35.157.201.117/32</member>
< <member>35.158.199.118/32</member>
< <member>37.16.66.3/32</member>
< <member>37.187.255.29/32</member>
< <member>37.202.1.239/32</member>
< <member>38.69.47.86/31</member>
< <member>44.198.254.69/32</member>
< <member>44.238.129.43/32</member>
< <member>44.241.254.101/32</member>
< <member>45.60.47.242/32</member>
< <member>49.12.113.111/32</member>
< <member>51.4.139.195/32</member>
< <member>51.4.142.73/32</member>
< <member>52.0.239.66/32</member>
< <member>52.17.168.29/32</member>
< <member>52.21.51.59/32</member>
< <member>52.28.17.62/32</member>
< <member>52.28.74.195/32</member>
< <member>52.28.87.97/32</member>
< <member>52.29.55.94/32</member>
< <member>52.29.98.89/32</member>
< <member>52.48.202.92/32</member>
< <member>52.57.229.242/32</member>
< <member>52.59.11.187/32</member>
< <member>52.59.22.238/32</member>
< <member>52.59.28.185/32</member>
< <member>52.59.57.127/32</member>
< <member>52.149.66.183/32</member>
< <member>52.209.77.190/32</member>
< <member>52.214.182.57/32</member>
< <member>52.222.150.0/24</member>
< <member>54.84.136.56/32</member>
< <member>54.93.137.247/32</member>
< <member>54.173.211.228/32</member>
< <member>54.201.108.98/32</member>
< <member>54.204.178.123/32</member>
< <member>59.125.197.27/32</member>
< <member>61.56.222.185/32</member>
< <member>62.80.5.32/29</member>
< <member>62.146.186.42/32</member>
< <member>62.216.162.9/32</member>
< <member>63.32.155.216/32</member>
< <member>63.34.181.142/32</member>
< <member>65.156.1.116/32</member>
< <member>75.2.15.177/32</member>
< <member>78.25.196.229/32</member>
< <member>81.173.210.90/32</member>
< <member>82.98.141.158/32</member>
< <member>82.141.33.149/32</member>
< <member>84.200.47.114/32</member>
< <member>85.13.137.189/32</member>
< <member>85.25.81.217/32</member>
< <member>87.98.230.84/32</member>
< <member>88.99.147.216/32</member>
< <member>88.221.221.0/24</member>
< <member>91.203.202.198/32</member>
< <member>91.208.107.240/32</member>
< <member>91.216.243.10/32</member>
< <member>92.43.218.122/32</member>
< <member>93.94.82.136/32</member>
< <member>94.16.15.0/24</member>
< <member>94.130.8.72/32</member>
< <member>94.186.207.244/32</member>
< <member>99.83.132.105/32</member>
< <member>99.84.90.0/24</member>
< <member>99.86.2.0/24</member>
< <member>104.16.48.0/20</member>
< <member>104.16.96.0/20</member>
< <member>104.16.103.29/32</member>
< <member>104.16.104.29/32</member>
< <member>104.16.112.0/20</member>
< <member>104.16.130.0/23</member>
< <member>104.17.0.0/16</member>
< <member>104.17.137.18/32</member>
< <member>104.17.138.18/32</member>
< <member>104.18.0.0/16</member>
< <member>104.20.156.0/23</member>
< <member>104.26.4.67/32</member>
< <member>104.26.5.67/32</member>
< <member>104.26.10.0/23</member>
< <member>104.85.253.155/32</member>
< <member>104.85.254.179/32</member>
< <member>104.92.163.189/32</member>
< <member>104.96.45.204/32</member>
< <member>104.96.47.84/32</member>
< <member>104.238.176.204/32</member>
< <member>109.235.143.226/32</member>
< <member>129.187.193.62/32</member>
< <member>129.187.201.203/32</member>
< <member>129.187.255.40/32</member>
< <member>129.187.255.180/32</member>
< <member>129.187.255.184/32</member>
< <member>129.187.255.192/32</member>
< <member>130.73.102.36/32</member>
< <member>131.159.8.236/32</member>
< <member>131.188.0.0/16</member>
< <member>132.187.1.70/32</member>
< <member>132.199.144.28/32</member>
< <member>132.199.150.17/32</member>
< <member>134.95.19.39/32</member>
< <member>134.95.80.14/32</member>
< <member>134.243.5.42/32</member>
< <member>136.243.123.164/32</member>
< <member>140.234.252.0/22</member>
< <member>141.66.194.2/32</member>
< <member>143.204.202.0/24</member>
< <member>144.76.166.189/32</member>
< <member>144.76.184.91/32</member>
< <member>151.101.0.0/16</member>
< <member>153.97.4.253/32</member>
< <member>156.67.239.130/32</member>
< <member>157.238.141.135/32</member>
< <member>159.69.22.11/32</member>
< <member>162.159.128.0/17</member>
< <member>172.67.69.200/32</member>
< <member>173.254.190.160/32</member>
< <member>174.129.32.184/32</member>
< <member>176.221.45.3/32</member>
< <member>131.159.8.236/32</member>
< <member>141.75.40.251/32</member>
< <member>141.75.40.250/32</member>
< </access-routes>
< <access-routes-v6>
< <member>2001:4ca0:0:103::81bb:ff28/128</member>
< <member>2001:638:a000::/48</member>
< <member>2001:638:A04::0/48</member>
< <member>2600:9000:20c3::/48</member>
< <member>2600:9000:20eb::/48</member>
< <member>2600:9000:21a1::/48</member>
< <member>2600:9000:21f3::/48</member>
< <member>2600:9000:2047::/48</member>
< <member>2600:9000:2182::/48</member>
< <member>2606:4700:7::a29f:0/112</member>
< <member>2606:4700::6812:c49/128</member>
< <member>2606:4700::6812:d49/128</member>
< <member>2a00:11c0:66:a:94:16:15:119/128</member>
< <member>2a00:11c0:66:a:94:16:15:120/128</member>
< <member>2a00:1158:1000:408::64/128</member>
< <member>2a00:1798:3:b01:62:80:5:32/128</member>
< <member>2a01:4f8:0:a101::a:1/128</member>
< <member>2a01:4f8:0:a101::a:1/128</member>
< <member>2a02:26f0:12d::58dd:dd22/128</member>
< <member>2a02:26f0:12d::58dd:dd31/128</member>
< <member>2a02:26f0:12d:3ac::603/128</member>
< <member>2a02:26f0:12d:3b3::603/128</member>
< <member>2a02:26f0:12d:39c::603/128</member>
< <member>2a02:26f0:1700:1a1::603/128</member>
< <member>2a02:26f0:1700:199::603/128</member>
< <member>2a03:2a00:1400:0:1::4375/128</member>
< <member>2001:638:a000:1001::0/64</member>
< </access-routes-v6>
< <exclude-access-routes>
< <member>131.188.10.0/24</member>
< <member>141.75.201.31/32</member>
< <member>141.75.201.33/32</member>
< </exclude-access-routes>
< <exclude-access-routes-v6>
< </exclude-access-routes-v6>
< <include-split-tunneling-domain>
< <member>www.stiftung-swk.de</member>
< <member>ieeexplore.ieee.org</member>
< <member>et.training</member>
< <member>de.statista.com</member>
< <member>dosv.hochschulstart.de</member>
< <member>hsst13.hochschulstart.de</member>
< <member>hsst15.hochschulstart.de</member>
< <member>hsst19.hochschulstart.de</member>
< <member>fh-nuernberg.de</member>
< <member>th-nuernberg.de</member>
< <member>ohmportal.de</member>
< <member>ohmhs.de</member>
< </include-split-tunneling-domain>
< <ipsec>
< <udp-port>4501</udp-port>
< <ipsec-mode>esp-tunnel</ipsec-mode>
< <enc-algo>aes-128-cbc</enc-algo>
< <hmac-algo>sha1</hmac-algo>
< <c2s-spi>0x3EC7F9EA</c2s-spi>
< <s2c-spi>0x0617871E</s2c-spi>
< <akey-s2c>
< <bits>160</bits>
< <val>d0c318efc49a0eaf569ec88a44d286855956ade7</val>
< </akey-s2c>
< <ekey-s2c>
< <bits>128</bits>
< <val>8cb68721672eccbc4d2c2c7971b13e40</val>
< </ekey-s2c>
< <akey-c2s>
< <bits>160</bits>
< <val>3dec7ed257ceea9c3fb2055482a5c8be3079aa4f</val>
< </akey-c2s>
< <ekey-c2s>
< <bits>128</bits>
< <val>a2d2b451a1ba8fbd0d26acb288499a37</val>
< </ekey-c2s>
< </ipsec>
< </response>
Tunnel timeout (rekey interval) is 240 minutes.
Idle timeout is 120 minutes.
Unknown GlobalProtect config tag <include-split-tunneling-domain>:
www.stiftung-swk.de
ieeexplore.ieee.org
et.training
de.statista.com
dosv.hochschulstart.de
hsst13.hochschulstart.de
hsst15.hochschulstart.de
hsst19.hochschulstart.de
fh-nuernberg.de
th-nuernberg.de
ohmportal.de
ohmhs.de
GlobalProtect IPv6 support is experimental. Please report results to <openconnect-devel@lists.infradead.org>.
TCP_INFO rcv mss 1452, snd mss 1452, adv mss 1452, pmtu 1492
Using base_mtu of 1492
After removing UDP/IPv4 headers, MTU of 1464
After removing protocol specific overhead (36 unpadded, 2 padded, 16 blocksize), MTU of 1422
No MTU received. Calculated 1422 for ESP tunnel
POST https://vpn.ohmportal.de/ssl-vpn/hipreportcheck.esp
> POST /ssl-vpn/hipreportcheck.esp HTTP/1.1
> Host: vpn.ohmportal.de
> User-Agent: PAN GlobalProtect
> Cookie: PHPSESSID=ebe9c8a14d45497acb644f30b993fa2c
> X-Pad: 00000000000000000000000000000000000000
> Content-Type: application/x-www-form-urlencoded
> Content-Length: 282
>
> client-role=global-protect-full&authcookie=[REDACTED]&portal=TH%20Nbg%20Gateway-N&user=[REDACTED]&domain=ohm-hochschule.de&computer=[REDACTED]&client-ip=[REDACTED]&client-ipv6=[REDACTED]&md5=e5d35bd85c6a67a97ea9e4065689f93c
Got HTTP response: HTTP/1.1 200 OK
Date: Wed, 31 Jan 2024 12:04:27 GMT
Content-Type: application/xml; charset=UTF-8
Content-Length: 107
Connection: keep-alive
X-Content-Type-Options: nosniff
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Security-Policy: default-src 'self'
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-FRAME-OPTIONS: DENY
Strict-Transport-Security: max-age=31536000;
X-XSS-Protection: 1; mode=block;
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline';
HTTP body length: (107)
<
< <response status="success">
< <hip-report-needed>yes</hip-report-needed>
< <delay>0</delay>
< </response>
Gateway says HIP report submission is needed.
WARNING: Server asked us to submit HIP report with md5sum e5d35bd85c6a67a97ea9e4065689f93c.
VPN connectivity may be disabled or limited without HIP report submission.
You need to provide a --csd-wrapper argument with the HIP report submission script.
Parameters for incoming ESP: SPI 0x0617871e
ESP encryption type AES-128-CBC (RFC3602) key 0x8cb68721672eccbc4d2c2c7971b13e40
ESP authentication type HMAC-SHA-1-96 (RFC2404) key 0xd0c318efc49a0eaf569ec88a44d286855956ade7
Parameters for outgoing ESP: SPI 0x3ec7f9ea
ESP encryption type AES-128-CBC (RFC3602) key 0xa2d2b451a1ba8fbd0d26acb288499a37
ESP authentication type HMAC-SHA-1-96 (RFC2404) key 0x3dec7ed257ceea9c3fb2055482a5c8be3079aa4f
Send ESP probes
UDP SO_SNDBUF: 91008
ICMPv6 probe packet (seq 0) for GlobalProtect ESP:
> 0000: 60 00 00 00 00 18 3a 80 20 01 06 38 0a 04 d1 05 |`.....:. ..8....|
> 0010: 00 00 00 00 00 00 00 1c 20 01 06 38 0a 04 ff 07 |........ ..8....|
> 0020: 00 00 00 00 00 00 00 09 80 00 99 b6 0f 9a 00 00 |................|
> 0030: 6d 6f 6e 69 74 6f 72 00 00 70 61 6e 20 68 61 20 |monitor..pan ha |
Delaying tunnel with reason: awaiting GPST ESP connection
Send ESP probes
ICMPv6 probe packet (seq 1) for GlobalProtect ESP:
> 0000: 60 00 00 00 00 18 3a 80 20 01 06 38 0a 04 d1 05 |`.....:. ..8....|
> 0010: 00 00 00 00 00 00 00 1c 20 01 06 38 0a 04 ff 07 |........ ..8....|
> 0020: 00 00 00 00 00 00 00 09 80 00 26 71 82 de 00 01 |..........&q....|
> 0030: 6d 6f 6e 69 74 6f 72 00 00 70 61 6e 20 68 61 20 |monitor..pan ha |
No work to do; sleeping for 1000 ms...
Delaying tunnel with reason: awaiting GPST ESP connection
Send ESP probes
ICMPv6 probe packet (seq 2) for GlobalProtect ESP:
> 0000: 60 00 00 00 00 18 3a 80 20 01 06 38 0a 04 d1 05 |`.....:. ..8....|
> 0010: 00 00 00 00 00 00 00 1c 20 01 06 38 0a 04 ff 07 |........ ..8....|
> 0020: 00 00 00 00 00 00 00 09 80 00 bd dd eb 70 00 02 |.............p..|
> 0030: 6d 6f 6e 69 74 6f 72 00 00 70 61 6e 20 68 61 20 |monitor..pan ha |
No work to do; sleeping for 1000 ms...
Delaying tunnel with reason: awaiting GPST ESP connection
Send ESP probes
ICMPv6 probe packet (seq 3) for GlobalProtect ESP:
> 0000: 60 00 00 00 00 18 3a 80 20 01 06 38 0a 04 d1 05 |`.....:. ..8....|
> 0010: 00 00 00 00 00 00 00 1c 20 01 06 38 0a 04 ff 07 |........ ..8....|
> 0020: 00 00 00 00 00 00 00 09 80 00 71 a8 37 a5 00 03 |..........q.7...|
> 0030: 6d 6f 6e 69 74 6f 72 00 00 70 61 6e 20 68 61 20 |monitor..pan ha |
No work to do; sleeping for 1000 ms...
Delaying tunnel with reason: awaiting GPST ESP connection
Send ESP probes
ICMPv6 probe packet (seq 4) for GlobalProtect ESP:
> 0000: 60 00 00 00 00 18 3a 80 20 01 06 38 0a 04 d1 05 |`.....:. ..8....|
> 0010: 00 00 00 00 00 00 00 1c 20 01 06 38 0a 04 ff 07 |........ ..8....|
> 0020: 00 00 00 00 00 00 00 09 80 00 62 50 46 fc 00 04 |..........bPF...|
> 0030: 6d 6f 6e 69 74 6f 72 00 00 70 61 6e 20 68 61 20 |monitor..pan ha |
No work to do; sleeping for 1000 ms...
Delaying tunnel with reason: awaiting GPST ESP connection
Send ESP probes
ICMPv6 probe packet (seq 5) for GlobalProtect ESP:
> 0000: 60 00 00 00 00 18 3a 80 20 01 06 38 0a 04 d1 05 |`.....:. ..8....|
> 0010: 00 00 00 00 00 00 00 1c 20 01 06 38 0a 04 ff 07 |........ ..8....|
> 0020: 00 00 00 00 00 00 00 09 80 00 29 cf 7f 7c 00 05 |..........)..|..|
> 0030: 6d 6f 6e 69 74 6f 72 00 00 70 61 6e 20 68 61 20 |monitor..pan ha |
No work to do; sleeping for 1000 ms...
Delaying tunnel with reason: awaiting GPST ESP connection
Send ESP probes
ICMPv6 probe packet (seq 6) for GlobalProtect ESP:
> 0000: 60 00 00 00 00 18 3a 80 20 01 06 38 0a 04 d1 05 |`.....:. ..8....|
> 0010: 00 00 00 00 00 00 00 1c 20 01 06 38 0a 04 ff 07 |........ ..8....|
> 0020: 00 00 00 00 00 00 00 09 80 00 3b 12 6e 38 00 06 |..........;.n8..|
> 0030: 6d 6f 6e 69 74 6f 72 00 00 70 61 6e 20 68 61 20 |monitor..pan ha |
Failed to connect ESP tunnel; using HTTPS instead.
Connecting to HTTPS tunnel endpoint ...
> GET /ssl-tunnel-connect.sslvpn?authcookie=[REDACTED]&user=[REDACTED] HTTP/1.1
>
No work to do; sleeping for 1000 ms...
Configured as 141.75.169.251 + 2001:638:a04:d105::1c, with SSL connected and ESP unsuccessful
Session authentication will expire at Wed Feb 7 13:04:27 2024
Detected virtual address range 0x1000-0x7ffffffff000
Using vhost-net for tun acceleration, ring size 32
Kick vhost ring
RX packet 0x55c57f4678d0(48) [0] [used 1]
Sending IPv6 data packet of 48 bytes
No work to do; sleeping for 8000 ms...
No work to do; sleeping for 8000 ms...
RX packet 0x55c57f4680e0(48) [1] [used 2]
Sending IPv6 data packet of 48 bytes
No work to do; sleeping for 5000 ms...
Send GPST DPD/keepalive request
No work to do; sleeping for 5000 ms...
Send GPST DPD/keepalive request
RX packet 0x55c57f46ac50(48) [2] [used 3]
Sending IPv6 data packet of 48 bytes
No work to do; sleeping for 5000 ms...
Send GPST DPD/keepalive request
No work to do; sleeping for 5000 ms...
GPST Dead Peer Detection detected dead peer!