I am having some really strange issues with Pulse Secure on Ubuntu 16.04 and I hope someone here can help me to figure out the problem.
I have two laptops, A runs ubuntu 16.04 and B runs Windows 7. Both of them have pulse secure client installed, and both of them can successfuly make connection to my employer's VPN network. I also have unison (a file synchronization software that uses port 22) installed on two laptops so that I can synchronize some files between my laptops and my office machine. Laptop B (running windows 7) will work just fine, but Laptop A running Ubuntu won't. On Laptop A, I can ssh to my office machine without any problem and the connection speed seems to be quite good. But when I start unison from the laptop, I can see my office machine responds to the incoming request, but it seems the return traffic is blocked somewhere. So the request eventually timed out. Since it works on the window laptop, I figure the problem has to do with my Ubuntu laptop. There is no firewall on the laptop and IPv6 is disabled (if it matters). The strange thing is that when I take my Ubuntu laptop to office and use the office wireless network, after establishing the VPN connection, file synchronization works perfectly fine. The file transfer is over the VPN interface, not the wireless interface when monitored using tcptrack. So I am really lost at where the problem might be. Can anyone provide some help?
i found the same issue on ubuntu 16 04 and pulse 5.3r3.0-b1021.
After deeper diags, i saw packets going from the internal lan to the MAG with a bigger packet size (1500B), and once encapsulated and trasmitted to the external MAG interface they are trunked in a 100Byte packet.
So, SYN, SYN-ACK, ACK phase is ok, after HTTP GET a content, the connection get hangs.
I do suspect, the tunnel is created with bad properties, and contents are truncated.
in a dual-stack protocol ubuntu 16 04 client, once the pulse software is connected to the MAG, and split tunnel isn't enabled, the ipv4 traffic is encapsulated in the tunnel, the ipv6 traffic instead is normally routed! :-)
Great security issue!
Request you to please try increasing the MTU of both ethernet interface and tunnel interface and check if unison works. Please use the following command for increasing the MTU values for example:
sudo ifconfig ens160 mtu 1500
sudo ifconfig tun0 mtu 1400
Note: MTU of tunnel interface should be 100 less than MTU of physical interface