Arch Linux

markand

Member

Registered: 2015-04-09

Posts: 28

openconnect does not initialize correctly

Hello,

My company is using Pulse business VPN server and I would like to connect to it using openconnect. The command connects correctly to our VPN and asks the credentials but then it throws the whole ip command usage as it was called without inappropriate arguments.

The command stills creates tun0 interface but I can't resolve any domain in our company.

I have no idea what's missing or if something has changed in ip that openconnect does not already know. FWIW, a colleague is using Ubuntu 19.10 and does not have this error when calling openconnect the same way.

# openconnect --protocol=pulse mycompany.com
Connected to ***.***.***.***:443
SSL negotiation with mycompany.com
Connected to HTTPS on mycompany.com
Got HTTP response: HTTP/1.1 101 Switching Protocols
Enter user credentials:
Username: ***
Password:
Connected as ***.***.***.***, using SSL, with ESP in progress
Error: ipv4: Invalid values in header for route get request.
Usage: ip route { list | flush } SELECTOR
       ip route save SELECTOR
       ip route restore
       ip route showdump
       ip route get [ ROUTE_GET_FLAGS ] ADDRESS
                            [ from ADDRESS iif STRING ]
                            [ oif STRING ] [ tos TOS ]
                            [ mark NUMBER ] [ vrf NAME ]

                            [ uid NUMBER ] [ ipproto PROTOCOL ]
                            [ sport NUMBER ] [ dport NUMBER ]
       ip route { add | del | change | append | replace } ROUTE
SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ]
            [ table TABLE_ID ] [ vrf NAME ] [ proto RTPROTO ]
            [ type TYPE ] [ scope SCOPE ]
ROUTE := NODE_SPEC [ INFO_SPEC ]
NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ]
             [ table TABLE_ID ] [ proto RTPROTO ]
             [ scope SCOPE ] [ metric METRIC ]
             [ ttl-propagate { enabled | disabled } ]
INFO_SPEC := { NH | nhid ID } OPTIONS FLAGS [ nexthop NH ]...
NH := [ encap ENCAPTYPE ENCAPHDR ] [ via [ FAMILY ] ADDRESS ]
            [ dev STRING ] [ weight NUMBER ] NHFLAGS
FAMILY := [ inet | inet6 | mpls | bridge | link ]
OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] [ as [ to ] ADDRESS ]
           [ rtt TIME ] [ rttvar TIME ] [ reordering NUMBER ]
           [ window NUMBER ] [ cwnd NUMBER ] [ initcwnd NUMBER ]
           [ ssthresh NUMBER ] [ realms REALM ] [ src ADDRESS ]
           [ rto_min TIME ] [ hoplimit NUMBER ] [ initrwnd NUMBER ]
           [ features FEATURES ] [ quickack BOOL ] [ congctl NAME ]
           [ pref PREF ] [ expires TIME ] [ fastopen_no_cookie BOOL ]
TYPE := { unicast | local | broadcast | multicast | throw |
          unreachable | prohibit | blackhole | nat }
TABLE_ID := [ local | main | default | all | NUMBER ]
SCOPE := [ host | link | global | NUMBER ]
NHFLAGS := [ onlink | pervasive ]
RTPROTO := [ kernel | boot | static | NUMBER ]
PREF := [ low | medium | high ]
TIME := NUMBER[s|ms]
BOOL := [1|0]
FEATURES := ecn
ENCAPTYPE := [ mpls | ip | ip6 | seg6 | seg6local ]
ENCAPHDR := [ MPLSLABEL | SEG6HDR ]
SEG6HDR := [ mode SEGMODE ] segs ADDR1,ADDRi,ADDRn [hmac HMACKEYID] [cleanup]
SEGMODE := [ encap | inline ]
ROUTE_GET_FLAGS := [ fibmatch ]
ESP session established with server
RTNETLINK answers: No such process
RTNETLINK answers: No such process
RTNETLINK answers: No such process
User cancelled (SIGINT/SIGTERM); exiting.

Any help is appreciated.

odom11

Member

Registered: 2020-03-25

Posts: 1

Re: openconnect does not initialize correctly

same problem here.

progandy

Member

Registered: 2012-05-17

Posts: 5,279

Re: openconnect does not initialize correctly

You could try to run it with strace to detect what it is trying to run:

strace -f --trace /exec openconnect --protocol=pulse mycompany.com

---

| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

msladece

Member

Registered: 2020-04-11

Posts: 1

Re: openconnect does not initialize correctly

Same problem here. Here's my trace:

 deleted 

Sorry, my problem is probably not related to this thread in the end. Turns out that in my case the ip call succeeds in the end, at least when using CLI "openconnect", I have troubles only when going through the NM.

Last edited by msladece (2020-04-11 05:05:14)

D4RK0V3RL0RD676

Member

Registered: 2017-07-27

Posts: 3

Re: openconnect does not initialize correctly

I figured this out from this guy: https://unix.stackexchange.com/question … et-request

I just used downgrade (https://aur.archlinux.org/packages/downgrade/) to go from iproute2 (5.6.0) -> iproute2 (4.20.0) and then everything worked fine.

According to the guy it has to do with warnings about netmasks that are now considered errors so hopefully someone fixes the openconnect or /etc/vpnc/vpnc-script setup so we dont have to use an old version of ip.

loqs

Member

Registered: 2014-03-06

Posts: 18,268

Re: openconnect does not initialize correctly

https://gitlab.com/openconnect/vpnc-scr … requests/5
Try rebuilding vpnc with vpnc-scripts commit updated to http://git.infradead.org/users/dwmw2/vp … 2199d5cb9e
Edit:

diff --git a/trunk/PKGBUILD b/trunk/PKGBUILD
index 84efff8..22552ae 100644
--- a/trunk/PKGBUILD
+++ b/trunk/PKGBUILD
@@ -4,8 +4,8 @@
 
 pkgname=vpnc
 _vpnc_commit=101208be5b74039ea70b9e007ce0d6c9fbe44d82
-_vpncscripts_commit=c84fb8e5a523a647a01a1229a9104db934e19f00
-pkgver=0.5.3.r462.r78
+_vpncscripts_commit=c0122e891f7e033f35f047dad963702199d5cb9e
+pkgver=0.5.3.r462.r81
 pkgrel=1
 epoch=1
 pkgdesc='VPN client for cisco3000 VPN Concentrators'

Edit2:
@markand @odom11 @D4RK0V3RL0RD676 please build and test the proposed fix and report the bug and the arch bug tracker.
Edit3:
https://git.archlinux.org/svntogit/pack … 0d7c5675df

Last edited by loqs (2020-06-03 17:32:01)