maemo.org - Talk - [Announce] OpenConnect (-GUI) VPN client

maemo.org - Talk (https://talk.maemo.org/index.php)

- Applications (https://talk.maemo.org/forumdisplay.php?f=41)

- - [Announce] OpenConnect (-GUI) VPN client (https://talk.maemo.org/showthread.php?t=39800)

Re: [Announce] OpenConnect (-GUI) VPN client

some more feedback

- on the OpenConnect GUI. When entering both userID and password and trying to connect to the created profile, it continuously say "no server specified".
Can you include (in the log window) also the complete Openconnect command invocation string to see what might be wrong? Easier in troubleshooting.

As a double check, when using the command line I can make a proper connection so I know my parameters are correct.

As requested before, can you also provide a custom input field for extra switches (as the --no-dtls)?

Which post-connection script is being used by default by the GUI ? I'm using the /etc/vpnc/vpnc-script in my command line string but I only have that file (I guess) because I also installed the vpnc package. Maybe the previous post also has to do with the proper setup (or absence) of the post-connect script?

On the command itself, is it possible to upgrade the version to 2.26, the currently supplied version 2.12 works but is already a year old, if you update the gui, make you can as well put the most recent version of the main code in as well.

Lots of thanks for the work so far, it opened up my access to the office network without laptop. I don't know if that's always such a great idea though :D

At least it give me choices now where to do what. And the possibility to do my labour claim straight on my N900, wherever I am, at a Friday noon ... yeah ! That will save me a few mails from my manager !!

Re: [Announce] OpenConnect (-GUI) VPN client

just noticed something, the upgrade of the OpenConnect command itself can potentially also solve the request people have needing to use the UserGroup feature :

Quote:

OpenConnect v2.20 — 2010-01-04
* Allow server to be specified with https:// URL, including port and pathname (which Cisco calls 'UserGroup')

From http://www.infradead.org/openconnect.html

Just a thought for an quick-fix... :)

Re: [Announce] OpenConnect (-GUI) VPN client

well, good ideas, but lorelei isn't working here anymore (it is a pitty, when you got someone making good software, he stops).
here is the howto on linux machines (but, as i am from germany, it is german)

but back to topic:
we ve got a vpn at our uni, which is using the anyconnect client on win7 and vista, so i thought openconnect should do the job.
but it isn't; so, what am i doing wrong?
also taking out the no-dtls command and/or the no-ipv6 didn't work.

Code:

Nokia-N900:~# openconnect --authgroup=WLAN --user=myuser@uni-potsdam.de --passwd=mypass --disable-ipv6 --verbose --no-dtls wlanvpn.uni-potsdam.de                         

Attempting to connect to wlanvpn.uni-potsdam.de

SSL negotiation with wlanvpn.uni-potsdam.de

Connected to HTTPS on wlanvpn.uni-potsdam.de

GET wlanvpn.uni-potsdam.de/

Got HTTP response: HTTP/1.0 302 Object Moved

Content-Type: text/html; charset=UTF-8

Content-Length: 0

Cache-Control: no-cache

Pragma: no-cache

Connection: Keep-Alive

Date: Fri, 05 Nov 2010 06:56:33 GMT

Location: /+webvpn+/index.html

Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure

SSL negotiation with wlanvpn.uni-potsdam.de

Connected to HTTPS on wlanvpn.uni-potsdam.de

GET wlanvpn.uni-potsdam.de/+webvpn+/index.html

Got HTTP response: HTTP/1.1 200 OK

Transfer-Encoding: chunked

Content-Type: text/xml

Cache-Control: max-age=0

Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure

Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure

Set-Cookie: webvpnlogin=1; secure

X-Transcend-Version: 1

Fixed options give

POST wlanvpn.uni-potsdam.de/+webvpn+/index.html

Got HTTP response: HTTP/1.1 200 OK

Transfer-Encoding: chunked

Content-Type: text/xml

Cache-Control: max-age=0

Set-Cookie: webvpnlogin=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure

Set-Cookie: webvpn=; path=/; secure

Set-Cookie: webvpnc=bu:/CACHE/stc/&p:t&iu:1/&sh:B551FD33CB3F3223E18C427CB8C5B9DE82B374BA&lu:/+CSCOT+/translation-table?textdomain%3DAnyConnect%26type%3Dmanifest; path=/; secure

X-Transcend-Version: 1

Got CONNECT response: HTTP/1.1 200 OK

X-CSTP-Version: 1

X-CSTP-Address: 141.89.47.249

X-CSTP-Netmask: 255.255.255.0

X-CSTP-DNS: 141.89.65.1

X-CSTP-NBNS: 141.89.64.56

X-CSTP-Lease-Duration: 86400

X-CSTP-Session-Timeout: 86400

X-CSTP-Idle-Timeout: 1800

X-CSTP-Disconnected-Timeout: 1800

X-CSTP-Default-Domain: wlan.rz.uni-potsdam.de

X-CSTP-Keep: true

X-CSTP-Homepage: http://www.uni-potsdam.de

X-CSTP-DPD: 30

X-CSTP-Keepalive: 20

X-CSTP-Smartcard-Removal-Disconnect: true

X-DTLS-Session-ID: E5E1DA7A8AAD06099E9C4C45572E182BAB8FCB92A7FA38155EFA506917418A07

X-DTLS-Port: 443

X-DTLS-Keepalive: 20

X-DTLS-DPD: 30

X-CSTP-MTU: 1406

X-DTLS-CipherSuite: AES128-SHA

X-CSTP-Routing-Filtering-Ignore: false

CSTP connected. DPD 30, Keepalive 20

Connected tun0 as 141.89.47.249, using SSL

Did no work; sleeping for 20000 ms...

Send CSTP Keepalive

Did no work; sleeping for 10000 ms...

Send CSTP DPD

Did no work; sleeping for 15000 ms...

Got CSTP DPD response

Did no work; sleeping for 20000 ms...

Send CSTP Keepalive

Did no work; sleeping for 10000 ms...

Send CSTP DPD

Did no work; sleeping for 15000 ms...

Got CSTP DPD response

Did no work; sleeping for 20000 ms...

^CSend BYE packet: Client received SIGINT

Nokia-N900:~#

thanks for every help!

Re: [Announce] OpenConnect (-GUI) VPN client

Quote:

Originally Posted by sirpaul (Post 897534)

well, good ideas, but lorelei isn't working here anymore (it is a pitty, when you got someone making good software, he stops).

Well, I'm not completely away...last few months I was more in lurking mode with no time to interact...

Honestly I don't know as of now if I will ever have the time to continue working on openconnect+gui, since I have concentrate myself more on Erminig (Google calendar sync). There are also other issues that I can't disclose for the moment, which will prevent me working efficiently on OpenConnect.

-lorelei

Re: [Announce] OpenConnect (-GUI) VPN client

Quote:

Originally Posted by lorelei (Post 897561)

Well, I'm not completely away...last few months I was more in lurking mode with no time to interact...

ah, damn that wasn't the answer i was hoping for ;)
(but it is good, that the maemo community hasn't lost someone with skills)

it would probably take too much time updating the maemoversion? :o
(yes of course it would, but there is still a little hope)

Re: [Announce] OpenConnect (-GUI) VPN client

Quote:

Originally Posted by purevpn (Post 907491)

i am using <spam URL removed> by pure USA vpn ip service this is secure and reliable i recommend this much better.........

Possible, but I don't see the point, since:

1) I don't see any Maemo client
2) How does it solve the problem for those logging on corporate/academic network that have to use their VPN concentrators?

Is this some kind of advertisement for purevpn?

Re: [Announce] OpenConnect (-GUI) VPN client

lol it has to be, just look at the name... what a damn bad try of advertising...

doesn't look very

Quote:

secure and reliable

if advertising in
a) wrong forum (its maemo, *****)
b) forums in general

Re: [Announce] OpenConnect (-GUI) VPN client

can the source for openconnect-gui be shared ? I would like to modify it to include the extra fields/options and the full commandline as executed inb the debugwindow. i really would like to make this gui useful for me :)
tnx

Re: [Announce] OpenConnect (-GUI) VPN client

thanks. My first attempt is attached (version 0.5-7) :)

Quote:

Changelog :
openconnect-gui (0.5-7) unstable; urgency=low
* [ENHANCEMENT] added extra field ("free_option") in the profile for the openconnect command invocation, to allow adding new option such as --authgroup=GROUP
* [ENHANCEMENT] add by default the "--no-dtls" option due to bug in Nokia supplied openssl libs
* [BUGFIX] properly escaped the password field to allow all kind of characters

Note that due to the way the arguments are parsed, only one extra option is possible.

this is my first coding effort in Maemo/scratchbox, it's no more then an intelligent cut-paste-change exercise for now. But the end-result sure helps me and might help other people as well.

I might try to port the latest version of openconnect (2.2x), apply the same kind of mods/logic as the maemo-fied 2.12 version. But that's something for later :)
Also, for the future, the GUI might need a rewrite in Qt Quick ... but that's still a (few) bridge(s) to far, one step at a time is good enough for me :)

I don't have a garage account yet and I've never submitted anything to the autobuilder so that's another hurdle to take.
Also, there's no need for me to fork this piece of work, I rather work together with Lorelei to get my patches into the original garage code.

Please test and see if it does what you want. Open to all suggestions/bug reports/requests.