Problems with client in Ubuntu Linux.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Aug 30, 2018 at 2:13 PM, Christopher Mattern <syscjm at gwu.edu> wrote:
> Recently started having a problem with openconnect connecting to a Cisco
> AnyConnect VPN server.  I suspect the problem is vpnc-client not correctly
> opening up a tunnel, but I'm not sure and I have no idea how to fix it.
> I've tried three different vpn-client scripts.

Just for clarity of nomenclature, this script is simply called
`vpnc-script` (no "client" :-D).

> With any of them, I have no
> network connectivity, and I get different error messages when I ctrl-C.  I
> used to get a message about it setting up a tun0 device after a short delay,
> but I'm not seeing that any more.
>
> This is what I was originally getting from the install from the Ubuntu
> repository:

Which Ubuntu release?

The errors you are getting?

>> Error: argument "via" is wrong: use nexthop syntax to specify multiple via
>> ...
>> Error: any valid prefix is expected rather than "dev".
>> ..
>> Error: any valid prefix is expected rather than "dev".

? indicate some kind of syntax error in the invocation of routing
configuration utilities (iproute2 or route) by the vpnc-script,
seemingly a missing netmask. The VPN gateway is somehow providing an
unexpected routing configuration which the script isn't parsing
correctly.

> Any help on how I can fix this?

1) Run with `openconnect --dump-http-traffic`. Capture all the CONNECT
headers that start with X-CSTP and relate to routing and post 'em.
None of this should be confidential, given that you've already
publicized the gateway address, but obfuscate anything that looks
password-y?

    Got CONNECT response: HTTP/1.1 200 OK
    X-CSTP-Version: 1
    X-CSTP-Address: 10.5.5.5
    X-CSTP-Netmask: 255.255.0.0.0
    ...
    X-CSTP-MSIE-Proxy-Lockdown: false
    X-CSTP-Smartcard-Removal-Disconnect: true
    ...
    CSTP connected. DPD 30, Keepalive 20

2) Go back to the distro-provided vpnc-script (under Ubuntu, this
should be /usr/share/vpnc-scripts/vpnc-script).

Then invoke openconnect with:

    openconnect -u syscjm https://go.vpn.gwu.edu/ses \
        --script 'bash -x /usr/share/vpnc-script/vpnc-script'

This will produce a torrent of tracing output from the vpnc-script,
which should help you to identify exactly which of the routing
configuration commands is leading to the syntax error, and we can take
it from there.

Dan
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux