Reply To: Pulse Secure

  • Total Post: 20
  • Regular Joe
  • ★★

Yes I have been able to connect other Linux OS with OpenConnect but not ThinOS devices

Pulse Connect Secure
Support for Pulse Connect Secure was added to OpenConnect in June 2019, for the 8.04 release. In most cases it supersedes the older Juniper Network Connect support. It is a much saner protocol.

Pulse mode is requested by adding –protocol=pulse to the command line:

openconnect –protocol=pulse


The TCP transport for Pulse Connect Secure works over IF-T/TLS, first using EAP (and EAP-TTLS if certificates are being used) for authentication and then passing traffic over IF-T messages over the same transport. Just as with the older Juniper protocol, the UDP transport is ESP.

The authentication cookies are compatible with the Juniper mode, which means that external tools like juniper-vpn-py should be usable with OpenConnect in Pulse mode too.

Host Checker
Not yet investigated and implemented for Pulse mode. The Juniper support may suffice for some users.

Once authentication is complete, the VPN connection can be established. Both Legacy IP and IPv6 should be working, although test reports from someone with an IPv6-capable server would be greatly appreciated as the freely available demo Virtual Appliance does not support IPv6.