openconnect connects to Cisco https VPN The tunnel is created, but IPs on the other side is unreachable. openconnect-6.00-3.mga5 vpnc-0.5.3-11.mga5 openconnect-6.00 works in debian without any problems. How can I locate where it goes wrong? It also works in Fedora23, but with openconnect-7.0 Bjarne
(In reply to Bjarne Thomsen from comment #0) > openconnect connects to Cisco https VPN > The tunnel is created, but IPs on the other side is unreachable. > openconnect-6.00-3.mga5 > vpnc-0.5.3-11.mga5 > > openconnect-6.00 works in debian without any problems. > How can I locate where it goes wrong? I don't know, maybe a packager knows. > It also works in Fedora23, but with openconnect-7.0 > > Bjarne Assigning to all packagers collectively, since this package has no maintainer
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
I have compiled and build openconnect downloaded from http://www.infradead.org/openconnect I had to use liblz4 from current cauldron. The nameserver was correctly entered into /etc/resolv.conf, but there were no connection through the tun0. I then had the idea that I needed som help from shorewall. In the control center I selected "Set up your personal firewall" Please select the interfaces that will be protected by the firewall: v Ethernet: tun0 OK and now it works! There must be a way to call shorewall from within the script /etc/vpnc/vpnc-script This script was also downloaded from www.infradead.org. Bjarne
The openconnect package in mga5 works with the same procedure, so the solution is a proper integration of openconnect and shorewall in the control center.
I have now tried openconnect in mga6. It works fine, except (as above) I have to set the firewall by using "Set up your personal firewall" in the MCC.
Version: 5 => CauldronHardware: i586 => All
This still applies for openconnect-6.0.0-4. I have to manually enable the firewall protection of tun0. This is not very elegant. There must be a way to do it from openconnect.
It turns out that the "way" evidently is the gnutls package itself! openconnect only requires lib64gnutls30 to install, but to function properly it requires gnutls. The user is not nesessarily aware of this.
Sorry. I was wrong. openconnect did not work on a fresh install, even if gnutls had been installed. Instead the private firewall did remember tun0 between boots. You just have to run the private firewall once, and that is OK.
This bug is still present in cauldron (I had to re-install mga6). The tunnel was created, but nslookup could not get through. I then remembered the trick with "Set your private firewall". Only this time it was hanging, and I had to exit the MCC. Maybe this problem is unrelated. Now openconnect is working after a re-boot. What is going on?
Now it alway works if I set the firewall for the tunnel device.
I think the problem was, that the tunnel needed a firewall. But this bug is outdated.
You can remove this bug.
In fact you can do it by yourself...
CC: (none) => lists.jjorgeStatus: NEW => RESOLVEDResolution: (none) => INVALID