You are not logged in.
My school has a VPN that they recommend everyone connect to with Cisco AnyConnect. I use OpenConnect instead. Up until a few weeks ago it worked fine; I'd
sudo openconnect https://vpn.utexas.edu, enter my username at the username prompt, enter my password at the password prompt, and select a 2FA method at the second password prompt. It seems the IT department changed something recently and trying to do the same process never gives me the second password prompt where I choose a 2FA method. So I'm stuck entering my username and password forever without the connection succeeding.
I saw this issue https://gitlab.com/openconnect/openconnect/-/issues/665 that recommends sending a useragent starting with "AnyConnect." That kind of works. If I run openconnect without sudo, a webpage opens in my browser where I can enter my username and password, and if I don't have a 2FA cookie I'm prompted to do 2FA, all of which works fine. But then OpenConnect can't actually make the tunnel, since it wants sudo permissions
mkdir: cannot create directory '/var/run/vpnc': Permission denied
Failed to bind local tun device (TUNSETIFF): Operation not permitted
To configure local networking, openconnect must be running as root
See https://www.infradead.org/openconnect/nonroot.html for more information
Set up tun device failed
Send BYE packet: Set up tun device failed
Unrecoverable I/O error; exiting.If I run openconnect with sudo, the authentication webpage doesn't open
Please complete the authentication process in the browser window.
/usr/bin/xdg-open: line 758: kfmclient: command not found
/usr/bin/xdg-open: line 555: test: : integer expression expected
/usr/bin/xdg-open: line 556: test: : integer expression expected
/usr/bin/xdg-open: line 557: test: : integer expression expectedThis is presumably due to the fact that Firefox doesn't want to run as root. If I do
sudo firefoxI get
Running Firefox as root in a regular user's session is not supported. ($XAUTHORITY is /run/user/1000/xauth_PLEdXq which is owned by $MYUSERNAME.)I think it makes sense to be running openconnect as su, so I think I need to figure out a way to bring up the authentication webpage despite running openconnect as superuser. Any ideas?
TL;DR: openconnect stopped working due to a change my school made recently
1. sudo openconnect https://vpn.utexas.edu: no prompt for 2FA
2. openconnect https://vpn.utexas.edu --useragent=AnyConnect: can authenticate through webpage but openconnect fails
2. sudo openconnect https://vpn.utexas.edu --useragent=AnyConnect: can't open the authentication webpage
What do?
Last edited by ttshaw1 (2024-01-31 01:39:22)
Offline
Seems like the openconnect guys have already thought of this. I was able to connect with
openconnect https://vpn.utexas.edu --useragent=AnyConnect --cookieonlythen copying the cookie string I got out, and pasting it into
openconnect https://vpn.utexas.edu --useragent=AnyConnect --cookie=I'll want to automate this, or come up with a more elegant solution, but it works.
Offline
Got it.
alias utvpn="sudo echo \"Sudo first\" && openconnect https://vpn.utexas.edu --useragent=AnyConnect --cookieonly | sudo openconnect https://vpn.utexas.edu --useragent=AnyConnect --cookie-on-stdin"Offline
Happened to me as well, adding
--useragent=AnyConnectsolved my problem.
Offline