Thank you for sharing; are you seeing this with both Pulse & Network Connect?
I am not sure if we have IPv6 support for Linux yet; but if it is there, I would expect it only in the Pulse client

Sorry, I don't know the distinction between those two products. On Ubuntu, there are two things I've tried using to connect to my company's VPN:

1) a Java jar file that runs under 32-bit Java, and requires a 32-bit version of Firefox on 64-bit Ubuntu, or
2) The Ubuntu PulseSecure client (via https://pulsesecure.flexnetoperations.com/control/plss/download)

The Ubuntu PulseSecure client does not work at my company. I suspect that some of the issue has to do with the host-checking that our setup requires.

The Java jar file only works when IPV6 is disabled.

Does that help answer your question?

Thank you for the further information
The .jar is the legacy connection client (Network Connect) and does not support IPv6
Pulse Secure is the new client and I think it may, as of 8.2R5(?) support IPv6 for Linux clients. Do you know if there has been a case opened for checking why Network Connect works and Pulse does not for Host Checker?

You just need to disable IPv6 on the tun0 interface.

net.ipv6.conf.tun0.disable_ipv6 = 1

The problem is related to this packet
00:21:15.000000 0a:01:01:01:01:01 > 0a:02:02:02:02:02, ethertype IPv6 (0x86dd), length 90: fe80::6638:20f2:f6cb:1ded > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28

This packet was extracted by stracing the ncsvc process

Hello, I have opened a case about that as well - the number is 00250296. I am still at the point of working to reproduce it within PulseSecure with the engineer there. I'm not sure what his difficulty is; as you can see from the below, people with detailed technical information have already analyzed this...

Hello, I have opened a case about that as well - the number is 00250296. I am still at the point of working to reproduce it within PulseSecure with the engineer there. I'm not sure what his difficulty is; as you can see from the below, people with detailed technical information have already analyzed this...

strace -f -s 100 -o strace.txt ./ncui -h -f my.cert.der -c DSID=xxxxxx


tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:111 P-t-P:111.228 Mask:255.255.255.255
inet6 addr: fe80::b761:1e1d:3581:ee73/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 b) TX bytes:76 (76.0 b)




In the strace output

29475 "\x60\x00\x00\x00\x00\x24\x00\x01\xfe\x80\x00\x00\x00\x00\x00\x00\x3c\x27\x46\x9b\xd9\xcb\x99\xa0\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x3a\x00\x05\x02\x00\x00\x01\x00\x8f\x00\x79\xda\x00\x00\x00\x01\x04\x00\x00\x00\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02", 2048) = 76
29475 write(4, "20170406001032.413773 ncsvc[p29475.t29475] adapter.warn Bad ip packet len 76 - should be 0 (adapter."..., 109) = 109


\x60\x00\x00\x00\x00\x24\x00\x01 \xfe\x80\x00\x00\x00\x00\x00\x00
\x3c\x27\x46\x9b\xd9\xcb\x99\xa0 \xff\x02\x00\x00\x00\x00\x00\x00
\x00\x00\x00\x00\x00\x00\x00\x16 \x3a\x00\x05\x02\x00\x00\x01\x00
\x8f\x00\x79\xda\x00\x00\x00\x01 \x04\x00\x00\x00\xff\x02\x00\x00
\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x02


00000000 60 00 00 00 00 24 00 01 fe 80 00 00 00 00 00 00
00000010 3c 27 46 9b d9 cb 99 a0 ff 02 00 00 00 00 00 00
00000020 00 00 00 00 00 00 00 16 3a 00 05 02 00 00 01 00
00000030 8f 00 79 da 00 00 00 01 04 00 00 00 ff 02 00 00
00000040 00 00 00 00 00 00 00 00 00 00 00 02

text2pcap -e 86dd out.pcap


tcpdump -r out.pcap -n -e
reading from file out.pcap, link-type EN10MB (Ethernet)
00:43:21.000000 0a:01:01:01:01:01 > 0a:02:02:02:02:02, ethertype IPv6 (0x86dd), length 90: fe80::3c27:469b:d9cb:99a0 > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28