|
Re: [Announce] OpenConnect (-GUI) VPN client
strange...
of course, my admin was convinced that the error should be on my side. but what are we doing wrong? i was doing the same things as everytime. so why should an error always repeat on different machines AND different networks and still be related to that machine? and if it is a problem connected to openconnect (even the newest version) why aren't there more threads about dead peer detection? @flocke000 do you get internetaccess before the dead peer is detected? |
Re: [Announce] OpenConnect (-GUI) VPN client
My IBM VPN access via OpenConnect still works fine, even after reflashing, installing power47 and CSSU. I whished I could replicate your behaviour but I can't ... all is still fine with connecting and tunneling :(
Maybe register here and ask the question, after all they are the real developers behind OpenConnect : http://lists.infradead.org/mailman/l...nconnect-devel |
Re: [Announce] OpenConnect (-GUI) VPN client
Quote:
The 'dead peer' message above means that the server did not respond to our 'ping'. The HTTPS connection to the server seems to have stopped working. When this happens, openconnect should *reconnect* to the server. Does it not? Can you run tcpdump (filtered for port 443 on the vpn server) and show the traffic while this happens? And show the output of '/sbin/route -n' while you ought to be connected. Please don't post them here; send mail to the openconnect-devel@lists.infradead.org list. |
Re: [Announce] OpenConnect (-GUI) VPN client
DTLS seems to be working here...
Code:
Nokia-N900:~# echo $COOKIE | /usr/bin/openconnect --cookie-on-stdin --script /usr/share/openconnect/vpnc-script --servercert 2C1104B703504606AB12813AFC315438B94F85BB $SERVER -vAlso, you shouldn't need to patch OpenConnect to accept a password on the command line. You can already just 'echo $PASSWORD | openconnect --passwd-on-stdin', and then the password doesn't sit around visible in ps(1) for the entire lifetime of the VPN session. In fact, though, you shouldn't be giving the username/group/password/etc to OpenConnect at all. If you look at the command line above, that's basically what we should be doing. The *GUI* can handle the authentication, then all it needs to give openconnect is the server's address and cert, and the cookie. |
Re: [Announce] OpenConnect (-GUI) VPN client
The problem is solved!
First of all give dwmw2 a big thanks! for the solution. The problem was that the rouing wasn't configured properly because iproute was missing: Regarding to dmwm2, iproute should be in extras-testing, so steps 1-3 will not be needed! 1. Enable the Kluenter-Repo on your device (via Standard AppMan): Catalog name: kluenter Web Address: http://maemo.kluenter.de/packages Distribution: fremantle Components: main 2. Wait till the updating is done and close AppMan. 3. You may need to restart (or wait?) your device if 4. does not work (e.g. something is "locked") 4. via xterm enter: Code:
rootCode:
apt-get install iproute |
Re: [Announce] OpenConnect (-GUI) VPN client
I think iproute is in extras-testing too?
The issue is a bug in vpnc-script. It assumes that after the VPN is set up, the route to the VPN server should be via the same gateway as your old default route. But in your case, the VPN server is actually *on* your local subnet, not the other side of the gateway. When it's using iproute, it gets it right, but the old version using /sbin/route has this bug. If someone wants to fix it *properly*, that would be appreciated... |
Re: [Announce] OpenConnect (-GUI) VPN client
Hmm, does anyone have any idea what to do next? I tried openconnect from extras-testing and from extras-devel. Both give me same kind of output (below, IP-address changed). I think the reason is "Server certificate verify failed: unable to get local issuer certificate", but I don't really know what to do now. I tried to google, but didn't find anything useful for my problem. Something to do with certs, but how to fix it?
So this is when I try with openconnect 2.26 from my N900, when I use openconnect 3.13 from home, it works ok. Anyone know if there is openconnect 3.13 compiled for N900? Code:
openconnect --authgroup=anyconnect --user=testuser vpntest.testaddr.com:443 --verbose --disable-ipv6 --script=/etc/vpnc/vpnc-script |
Re: [Announce] OpenConnect (-GUI) VPN client
Okay...this is a pretty dirty hack, but working.
This is somewhat off topic, sorry for that, but just in case someone needs the information...I managed to got openconnect working by finding a binary of openconnect 3.12 compiled to some embedded ARM device and then I just made following links: Code:
ln -s /usr/lib/libssl.so.0.9.8 /usr/lib/libssl.so.1.0.0 |
Re: [Announce] OpenConnect (-GUI) VPN client
How difficult would it be to get openconnect
running on Harmattan ? I would love to see it running on the N9, but I am new to Maemo/Meego development, and I cannot really estimate how much knowledge and work it would need. Thanks, mweiss38 |
| All times are GMT. The time now is 12:56. |
vBulletin® Version 3.8.8