You are not logged in.

#1 2022-11-13 14:51:05

vessd
Member
Registered: 2016-07-04
Posts: 10

[SOLVED] openconnect no longer connects to the company's VPN server

On November 3, openconnect successfully connected to the company's vpn. On November 7, I was unable to connect.

networkmanager-openconnect plugin log:

POST https://my.company.vpn/
Attempting to connect to server ip.address:443
Connected to ip.address:443
SSL negotiation with my.company.vpn
Connected to HTTPS on my.company.vpn with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-256-GCM)
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-store
Pragma: no-cache
Connection: Keep-Alive
Date: Sun, 13 Nov 2022 14:23:45 GMT
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'
X-Aggregate-Auth: 1
HTTP body chunked (-2)
Server requested SSL client certificate; none was configured
POST https://my.company.vpn/
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-store
Pragma: no-cache
Connection: Keep-Alive
Date: Sun, 13 Nov 2022 14:23:45 GMT
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'
X-Aggregate-Auth: 1
HTTP body chunked (-2)
XML POST enabled
Trying to run CSD Trojan script '/usr/lib/openconnect/csd-post.sh'.
CSD script '/usr/lib/openconnect/csd-post.sh' completed successfully.
GET https://my.company.vpn/+CSCOE+/sdesktop/wait.html
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-store
Pragma: no-cache
Connection: Close
Date: Sun, 13 Nov 2022 14:23:45 GMT
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'
HTTP body chunked (-2)
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://my.company.vpn/+CSCOE+/sdesktop/wait.html
SSL negotiation with my.company.vpn
Connected to HTTPS on my.company.vpn with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-256-GCM)
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-store
Pragma: no-cache
Connection: Close
Date: Sun, 13 Nov 2022 14:23:46 GMT
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'
HTTP body chunked (-2)
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...

Cisco anyconnect successfully connects to the server. My colleagues have no problems connecting via openconnect, but they use other Linux distributions.

upgraded pacman.log during this period

[2022-11-03T16:45:37+0300] [ALPM] upgraded ghostscript (10.0.0-1 -> 10.0.0-2)
[2022-11-03T16:45:37+0300] [ALPM] upgraded pixman (0.42.0-1 -> 0.42.2-1)
[2022-11-03T16:45:37+0300] [ALPM] upgraded libsoup3 (3.2.1-1 -> 3.2.2-1)
[2022-11-03T16:45:37+0300] [ALPM] upgraded gnome-keyring (1:42.1-1 -> 1:42.1-2)
[2022-11-03T16:45:37+0300] [ALPM] upgraded poppler (22.10.0-1 -> 22.11.0-1)
[2022-11-03T16:45:37+0300] [ALPM] upgraded poppler-glib (22.10.0-1 -> 22.11.0-1)
[2022-11-03T16:45:37+0300] [ALPM] upgraded raptor (2.0.15-20 -> 2.0.15-21)
[2022-11-03T16:45:37+0300] [ALPM] upgraded strace (5.19-1 -> 6.0-1)
[2022-11-03T16:45:37+0300] [ALPM] upgraded sway (1:1.7-9 -> 1:1.7-10)
[2022-11-03T16:45:37+0300] [ALPM] upgraded waybar (0.9.14-1 -> 0.9.15-1)
[2022-11-03T16:45:37+0300] [ALPM] upgraded xorg-xwayland (22.1.4-3 -> 22.1.5-1)
[2022-11-03T16:46:09+0300] [ALPM] upgraded visual-studio-code-bin (1.72.2-1 -> 1.73.0-1)
[2022-11-03T20:21:33+0300] [ALPM] upgraded fd (8.4.0-1 -> 8.5.2-1)
[2022-11-03T20:21:33+0300] [ALPM] upgraded sdl2 (2.24.1-1 -> 2.24.2-1)
[2022-11-04T09:37:41+0300] [ALPM] upgraded libasyncns (1:0.8+r3+g68cd5af-1 -> 1:0.8+r3+g68cd5af-2)
[2022-11-04T09:37:41+0300] [ALPM] upgraded lib32-libasyncns (1:0.8+r3+g68cd5af-1 -> 1:0.8+r3+g68cd5af-2)
[2022-11-04T09:37:41+0300] [ALPM] upgraded libcanberra (1:0.30+r2+gc0620e4-1 -> 1:0.30+r2+gc0620e4-2)
[2022-11-04T09:37:41+0300] [ALPM] upgraded lib32-libcanberra (1:0.30+r2+gc0620e4-1 -> 1:0.30+r2+gc0620e4-2)
[2022-11-04T09:37:41+0300] [ALPM] upgraded libdrm (2.4.113-3 -> 2.4.114-1)
[2022-11-04T09:37:42+0300] [ALPM] upgraded libreoffice-still (7.3.6-4 -> 7.3.7-1)
[2022-11-04T09:37:42+0300] [ALPM] upgraded libreoffice-still-ru (7.3.6-1 -> 7.3.7-1)
[2022-11-04T09:37:43+0300] [ALPM] upgraded octave (7.2.0-5 -> 7.3.0-1)
[2022-11-05T10:04:18+0300] [ALPM] upgraded alsa-card-profiles (1:0.3.59-3 -> 1:0.3.59-5)
[2022-11-05T10:04:18+0300] [ALPM] upgraded openssl (1.1.1.q-1 -> 3.0.7-2)
[2022-11-05T10:04:18+0300] [ALPM] upgraded libsasl (2.1.28-1 -> 2.1.28-3)
[2022-11-05T10:04:18+0300] [ALPM] upgraded libldap (2.6.3-1 -> 2.6.3-2)
[2022-11-05T10:04:18+0300] [ALPM] upgraded libevent (2.1.12-2 -> 2.1.12-4)
[2022-11-05T10:04:18+0300] [ALPM] upgraded krb5 (1.20-1 -> 1.20-3)
[2022-11-05T10:04:18+0300] [ALPM] upgraded libxcrypt (4.4.28-2 -> 4.4.30-1)
[2022-11-05T10:04:18+0300] [ALPM] upgraded python (3.10.8-2 -> 3.10.8-3)
[2022-11-05T10:04:18+0300] [ALPM] upgraded bind (9.18.8-1 -> 9.18.8-2)
[2022-11-05T10:04:18+0300] [ALPM] upgraded coreutils (9.1-1 -> 9.1-3)
[2022-11-05T10:04:18+0300] [ALPM] upgraded systemd-libs (251.7-1 -> 251.7-4)
[2022-11-05T10:04:18+0300] [ALPM] upgraded cryptsetup (2.5.0-1 -> 2.5.0-3)
[2022-11-05T10:04:18+0300] [ALPM] upgraded libssh2 (1.10.0-1 -> 1.10.0-3)
[2022-11-05T10:04:18+0300] [ALPM] upgraded curl (7.86.0-1 -> 7.86.0-3)
[2022-11-05T10:04:18+0300] [ALPM] upgraded dotnet-host (6.0.10.sdk110-1 -> 6.0.10.sdk110-2)
[2022-11-05T10:04:18+0300] [ALPM] upgraded lib32-openssl (1:1.1.1.q-1 -> 1:3.0.7-1)
[2022-11-05T10:04:18+0300] [ALPM] upgraded lib32-libxcrypt (4.4.28-2 -> 4.4.30-1)
[2022-11-05T10:04:18+0300] [ALPM] upgraded lib32-libldap (2.6.3-1 -> 2.6.3-3)
[2022-11-05T10:04:18+0300] [ALPM] upgraded lib32-krb5 (1.20-1 -> 1.20-3)
[2022-11-05T10:04:19+0300] [ALPM] upgraded dotnet-runtime (6.0.10.sdk110-1 -> 6.0.10.sdk110-2)
[2022-11-05T10:04:19+0300] [ALPM] upgraded netstandard-targeting-pack (6.0.10.sdk110-1 -> 6.0.10.sdk110-2)
[2022-11-05T10:04:19+0300] [ALPM] upgraded dotnet-targeting-pack (6.0.10.sdk110-1 -> 6.0.10.sdk110-2)
[2022-11-05T10:04:19+0300] [ALPM] upgraded dotnet-sdk (6.0.10.sdk110-1 -> 6.0.10.sdk110-2)
[2022-11-05T10:04:19+0300] [ALPM] upgraded fakeroot (1.29-1 -> 1.30.1-1)
[2022-11-05T10:04:19+0300] [ALPM] upgraded git (2.38.1-1 -> 2.38.1-2)
[2022-11-05T10:04:19+0300] [ALPM] upgraded gstreamer (1.20.4-1 -> 1.20.4-3)
[2022-11-05T10:04:19+0300] [ALPM] upgraded kmod (30-1 -> 30-3)
[2022-11-05T10:04:20+0300] [ALPM] upgraded systemd (251.7-1 -> 251.7-4)
[2022-11-05T10:04:20+0300] [ALPM] upgraded gst-plugins-base-libs (1.20.4-1 -> 1.20.4-3)
[2022-11-05T10:04:20+0300] [ALPM] upgraded lcms2 (2.13.1-1 -> 2.14-1)
[2022-11-05T10:04:20+0300] [ALPM] upgraded gst-plugin-gtk (1.20.4-1 -> 1.20.4-3)
[2022-11-05T10:04:20+0300] [ALPM] upgraded gst-plugins-bad-libs (1.20.4-1 -> 1.20.4-3)
[2022-11-05T10:04:20+0300] [ALPM] upgraded gst-plugins-base (1.20.4-1 -> 1.20.4-3)
[2022-11-05T10:04:20+0300] [ALPM] upgraded ldns (1.8.3-1 -> 1.8.3-2)
[2022-11-05T10:04:20+0300] [ALPM] upgraded lib32-amdvlk (2022.Q4.1-1 -> 2022.Q4.1-2)
[2022-11-05T10:04:20+0300] [ALPM] upgraded lib32-libssh2 (1.10.0-1 -> 1.10.0-2)
[2022-11-05T10:04:20+0300] [ALPM] upgraded lib32-curl (7.86.0-1 -> 7.86.0-2)
[2022-11-05T10:04:20+0300] [ALPM] upgraded lib32-libcups (2.4.2-1 -> 2.4.2-2)
[2022-11-05T10:04:20+0300] [ALPM] upgraded lib32-libcurl-compat (7.86.0-1 -> 7.86.0-2)
[2022-11-05T10:04:20+0300] [ALPM] upgraded lib32-libcurl-gnutls (7.86.0-1 -> 7.86.0-2)
[2022-11-05T10:04:20+0300] [ALPM] upgraded libarchive (3.6.1-2 -> 3.6.1-5)
[2022-11-05T10:04:20+0300] [ALPM] upgraded libcurl-compat (7.86.0-1 -> 7.86.0-3)
[2022-11-05T10:04:20+0300] [ALPM] upgraded libcurl-gnutls (7.86.0-1 -> 7.86.0-3)
[2022-11-05T10:04:20+0300] [ALPM] upgraded libgit2 (1:1.5.0-1 -> 1:1.5.0-2)
[2022-11-05T10:04:20+0300] [ALPM] upgraded libpulse (16.1-1 -> 16.1-3)
[2022-11-05T10:04:20+0300] [ALPM] upgraded poppler-data (0.4.11-1 -> 0.4.11-2)
[2022-11-05T10:04:20+0300] [ALPM] upgraded libspectre (0.2.10-2 -> 0.2.11-1)
[2022-11-05T10:04:20+0300] [ALPM] upgraded libssh (0.10.4-1 -> 0.10.4-3)
[2022-11-05T10:04:20+0300] [ALPM] upgraded libtg_owt (0.git16.442d5bb593c0ae314960308d78f2016ad1f80c3e-1 -> 0.git17.442d5bb-1)
[2022-11-05T10:04:20+0300] [ALPM] upgraded libtorrent-rasterbar (1:2.0.8-1 -> 1:2.0.8-2)
[2022-11-05T10:04:20+0300] [ALPM] upgraded libtpms (0.9.5-1 -> 0.9.5-2)
[2022-11-05T10:04:21+0300] [ALPM] upgraded linux (6.0.6.arch1-1 -> 6.0.7.arch1-1)
[2022-11-05T10:04:22+0300] [ALPM] upgraded linux-headers (6.0.6.arch1-1 -> 6.0.7.arch1-1)
[2022-11-05T10:04:22+0300] [ALPM] upgraded neon (0.32.4-1 -> 0.32.4-2)
[2022-11-05T10:04:22+0300] [ALPM] upgraded nodejs (19.0.0-2 -> 19.0.1-1)
[2022-11-05T10:04:22+0300] [ALPM] upgraded ntp (4.2.8.p15-1 -> 4.2.8.p15-2)
[2022-11-05T10:04:22+0300] [ALPM] upgraded openssh (9.1p1-1 -> 9.1p1-3)
[2022-11-05T10:04:22+0300] [ALPM] upgraded opusfile (0.12-2 -> 0.12-3)
[2022-11-05T10:04:22+0300] [ALPM] upgraded tpm2-tss (3.2.0-1 -> 3.2.0-3)
[2022-11-05T10:04:22+0300] [ALPM] upgraded pacman (6.0.1-8 -> 6.0.2-5)
[2022-11-05T10:04:22+0300] [ALPM] upgraded perl-html-parser (3.79-1 -> 3.80-1)
[2022-11-05T10:04:22+0300] [ALPM] upgraded pipewire (1:0.3.59-3 -> 1:0.3.59-5)
[2022-11-05T10:04:22+0300] [ALPM] upgraded pipewire-audio (1:0.3.59-3 -> 1:0.3.59-5)
[2022-11-05T10:04:22+0300] [ALPM] upgraded pipewire-alsa (1:0.3.59-3 -> 1:0.3.59-5)
[2022-11-05T10:04:22+0300] [ALPM] upgraded pipewire-pulse (1:0.3.59-3 -> 1:0.3.59-5)
[2022-11-05T10:04:23+0300] [ALPM] upgraded python-cryptography (38.0.2-1 -> 38.0.2-2)
[2022-11-05T10:04:23+0300] [ALPM] upgraded qt6-base (6.4.0-2 -> 6.4.0-3)
[2022-11-05T10:04:23+0300] [ALPM] upgraded qbittorrent (4.4.5-1 -> 4.4.5-2)
[2022-11-05T10:04:23+0300] [ALPM] upgraded qt5-base (5.15.7+kde+r167-1 -> 5.15.7+kde+r168-1)
[2022-11-05T10:04:23+0300] [ALPM] upgraded qca-qt5 (2.3.5-1 -> 2.3.5-2)
[2022-11-05T10:04:23+0300] [ALPM] upgraded qpdf (11.1.1-1 -> 11.1.1-2)
[2022-11-05T10:04:23+0300] [ALPM] upgraded rsync (3.2.7-1 -> 3.2.7-2)
[2022-11-05T10:04:23+0300] [ALPM] upgraded ruby-stdlib (3.0.4-18 -> 3.0.4-20)
[2022-11-05T10:04:23+0300] [ALPM] upgraded ruby-bundledgems (3.0.4-18 -> 3.0.4-20)
[2022-11-05T10:04:23+0300] [ALPM] upgraded ruby (3.0.4-18 -> 3.0.4-20)
[2022-11-05T10:04:23+0300] [ALPM] upgraded ruby2.7 (2.7.6-1 -> 2.7.6-2)
[2022-11-05T10:04:24+0300] [ALPM] upgraded rust (1:1.64.0-1 -> 1:1.65.0-1)
[2022-11-05T10:04:24+0300] [ALPM] upgraded rust-src (1:1.64.0-1 -> 1:1.65.0-1)
[2022-11-05T10:04:24+0300] [ALPM] upgraded srt (1.5.1-1 -> 1.5.1-3)
[2022-11-05T10:04:24+0300] [ALPM] upgraded sudo (1.9.12-1 -> 1.9.12-5)
[2022-11-05T10:04:24+0300] [ALPM] upgraded systemd-sysvcompat (251.7-1 -> 251.7-4)
[2022-11-05T10:04:24+0300] [ALPM] upgraded telegram-desktop (4.2.4-1 -> 4.2.4-2)
[2022-11-05T10:04:24+0300] [ALPM] upgraded vpnc (1:0.5.3.r506.r204-1 -> 1:0.5.3.r506.r204-2)
[2022-11-05T10:04:24+0300] [ALPM] upgraded webkit2gtk (2.38.1-1 -> 2.38.2-1)
[2022-11-05T10:04:25+0300] [ALPM] upgraded webkit2gtk-4.1 (2.38.1-1 -> 2.38.2-1)
[2022-11-05T10:04:25+0300] [ALPM] upgraded webkit2gtk-5.0 (2.38.1-1 -> 2.38.2-1)
[2022-11-05T10:04:25+0300] [ALPM] upgraded wpa_supplicant (2:2.10-5 -> 2:2.10-6)
[2022-11-05T10:04:25+0300] [ALPM] upgraded xmlsec (1.2.36-1 -> 1.2.36-2)
[2022-11-05T11:00:30+0300] [ALPM] upgraded virtualbox-host-dkms (6.1.40-1 -> 7.0.2-2)
[2022-11-05T11:00:30+0300] [ALPM] upgraded virtualbox (6.1.40-1 -> 7.0.2-2)
[2022-11-05T11:00:41+0300] [ALPM] upgraded virtualbox-ext-oracle (6.1.40-1 -> 7.0.2-1)
[2022-11-05T11:16:50+0300] [ALPM] upgraded virtualbox-host-dkms (6.1.40-1 -> 7.0.2-2)
[2022-11-05T11:16:50+0300] [ALPM] upgraded virtualbox (6.1.40-1 -> 7.0.2-2)
[2022-11-05T11:17:46+0300] [ALPM] upgraded virtualbox-ext-oracle (6.1.40-1 -> 7.0.2-1)
[2022-11-06T10:16:53+0300] [ALPM] upgraded ghex (42.3-1 -> 43.0-1)
[2022-11-06T10:16:53+0300] [ALPM] upgraded lib32-libdrm (2.4.113-1 -> 2.4.114-1)
[2022-11-06T10:16:53+0300] [ALPM] upgraded lib32-pixman (0.42.0-1 -> 0.42.2-1)
[2022-11-06T10:16:54+0300] [ALPM] upgraded python-setuptools (1:64.0.0-1 -> 1:64.0.1-1)
[2022-11-06T10:16:54+0300] [ALPM] upgraded python-distro (1.7.0-1 -> 1.8.0-1)
[2022-11-06T10:16:54+0300] [ALPM] upgraded telegram-desktop (4.2.4-2 -> 4.3.0-1)
[2022-11-06T18:24:22+0300] [ALPM] upgraded dkms (3.0.7-1 -> 3.0.8-1)
[2022-11-06T18:24:22+0300] [ALPM] upgraded fmt (9.1.0-1 -> 9.1.0-2)
[2022-11-06T18:24:22+0300] [ALPM] upgraded steam-native-runtime (1.0.0.70-3 -> 1.0.0.75-1)
[2022-11-06T18:24:22+0300] [ALPM] upgraded sudo (1.9.12-5 -> 1.9.12.p1-1)
[2022-11-06T18:24:23+0300] [ALPM] upgraded vagrant (2.3.2-1 -> 2.3.2-2)
[2022-11-06T22:29:52+0300] [ALPM] upgraded python-pip (22.3-1 -> 22.3.1-1)
[2022-11-06T22:29:52+0300] [ALPM] upgraded python-setuptools (1:64.0.1-1 -> 1:64.0.2-1)
[2022-11-06T22:29:52+0300] [ALPM] upgraded qt5-declarative (5.15.7+kde+r18-1 -> 5.15.7+kde+r20-1)
[2022-11-07T09:11:43+0300] [ALPM] upgraded iso-codes (4.11.0-2 -> 4.12.0-1)
[2022-11-07T09:11:43+0300] [ALPM] upgraded python-cryptography (38.0.2-2 -> 38.0.3-1)
[2022-11-07T09:11:43+0300] [ALPM] upgraded qt5-base (5.15.7+kde+r168-1 -> 5.15.7+kde+r169-1)
[2022-11-07T20:40:06+0300] [ALPM] upgraded mesa (22.2.1-1 -> 22.2.2-1)
[2022-11-07T20:40:06+0300] [ALPM] upgraded lib32-mesa (22.2.1-1 -> 22.2.2-1)
[2022-11-07T20:40:06+0300] [ALPM] upgraded libva-mesa-driver (22.2.1-1 -> 22.2.2-1)
[2022-11-07T20:40:06+0300] [ALPM] upgraded perl-uri (5.16-1 -> 5.17-1)
[2022-11-07T20:40:06+0300] [ALPM] upgraded python-setuptools (1:64.0.2-1 -> 1:64.0.3-1)
[2022-11-07T20:40:06+0300] [ALPM] upgraded python-wheel (0.37.1-1 -> 0.38.0-1)
[2022-11-07T20:40:06+0300] [ALPM] upgraded vulkan-radeon (22.2.1-1 -> 22.2.2-1)

I think the problem is caused by the openssl upgrade, but I don't know how to check it.

[2022-11-05T10:04:18+0300] [ALPM] upgraded openssl (1.1.1.q-1 -> 3.0.7-2)

Last edited by vessd (2022-11-16 17:41:27)

Offline

#2 2022-11-13 15:27:14

Slithery
Administrator
From: Norfolk, UK
Registered: 2013-12-01
Posts: 5,776

Re: [SOLVED] openconnect no longer connects to the company's VPN server


No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

Offline

#3 2022-11-14 04:17:54

vessd
Member
Registered: 2016-07-04
Posts: 10

Re: [SOLVED] openconnect no longer connects to the company's VPN server

Slithery wrote:

Does installing openssl-1.1 help?

It looks like the package has already been installed

I added the parameters to openssl.cnf, nothing has changed.

Offline

#4 2022-11-15 12:02:32

fedor
Member
Registered: 2022-11-15
Posts: 1

Re: [SOLVED] openconnect no longer connects to the company's VPN server

I had the same issue.
My employer uses Cisco AnyConnect so I'm simulating the csd-trojan (--csd-wrapper  csd-post.sh).

It turned out it was a new version of curl that screwed up the csd-post.sh script which obviously uses curl. I downgraded to  curl 7.86.0 it worked again. With a newer version it does not. (I didn't investigate this further)

Offline

#5 2022-11-16 06:41:53

vessd
Member
Registered: 2016-07-04
Posts: 10

Re: [SOLVED] openconnect no longer connects to the company's VPN server

fedor wrote:

I downgraded to  curl 7.86.0 it worked again.

Thank you, downgrading curl from 7.86.0-3 to 7.86.0-1 fixes the problem.

Judging by the log in git, the version change is related to the assembly of the package with the new version of OpenSSL.

Offline

#6 2022-11-16 17:41:00

vessd
Member
Registered: 2016-07-04
Posts: 10

Re: [SOLVED] openconnect no longer connects to the company's VPN server

I came to the following solution
Created the file /usr/local/etc/legacy_openssl.cnf

openssl_conf = openssl_init

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
Options = UnsafeLegacyRenegotiation

And export it as OPENSSL_CONF at the beginning of the /usr/lib/openconnect/csd-post.sh

export OPENSSL_CONF=/usr/local/etc/legacy_openssl.cnf

Last edited by vessd (2022-11-18 14:14:41)

Offline

Board footer

Powered by FluxBB