You are not logged in.

#1 2023-11-22 12:53:17

SaGeekMu08
Member
Registered: 2023-11-22
Posts: 1

[SOLVED] Cisco Secure Client 5.0.05040 fails to connect

I encountered an dependency issue with the upgrade of

-libxml2 from "2.11.5-1" to "2.12.0-1"

using the

- Cisco Secure Client 5.0.05040.


These are some of the errors in journalctl in this case:

Function: getLocalizationPath File: ../../vpn/Common/i18n/MsgCatalog.cpp Line: 871 Invoked Function: CInstanceSmartPtr<StoragePath>  Return Code: -23199734 (0xFE9E000A) Description: CSTORAGEPATH_ERROR_NO_INSTANCE
Function: getEmbeddedLocalizationPath File: ../../vpn/Common/i18n/MsgCatalog.cpp Line: 895 Invoked Function: CInstanceSmartPtr<StoragePath> Return Code: -23199734 (0xFE9E000A) Description: CSTORAGEPATH_ERROR_NO_INSTANCE
[..]
Function: errorCB File: ../../vpn/Common/Xml/CVCSaxParser.cpp Line: 119 xml errorCB: Document is empty
Function: startParser File: ../../vpn/Common/Xml/CVCSaxParser.cpp Line: 206 Invoked Function: xmlParseDocument Return Code: -1 (0xFFFFFFFF) Description: MTUADJUSTMENTCACHE_ERROR_UNKNOWN

If you try uninstall the client and install it again it gives you the following output:

Installing Cisco Secure Client...
Migrating /opt/cisco/anyconnect directory to /opt/cisco/secureclient directory
egrep: warning: egrep is obsolescent; using grep -E
Extracting installation files to /tmp/vpn.TskZHp/vpninst364692758.tgz...
Unarchiving installation files to /tmp/vpn.TskZHp...
Starting Cisco Secure Client Agent...
Function: errorCB File: ../../../../vpn/Common/Xml/CVCSaxParser.cpp Line: 119 xml errorCB: Document is empty
Function: startParser File: ../../../../vpn/Common/Xml/CVCSaxParser.cpp Line: 206 Invoked Function: xmlParseDocument Return Code: -1 (0xFFFFFFFF) Description: unknown
Function: parseManifestFile File: ../../../../vpn/Downloader/ManifestInfo.cpp Line: 492 Invoked Function: XmlParser::parseXml Return Code: -33554423 (0xFE000009) Description: unknown
Function: main File: ../main.cpp Line: 98 Failed to parse input manifest
Done!
Exiting now.

Rolling back to the libxml2 version "2.11.5-1" solved the issue for me.
I hope this helps someone to identify the dependency issue faster than I did smile

Last edited by SaGeekMu08 (2023-11-22 13:47:29)

Offline

#2 2023-11-23 14:16:33

chrisdane
Member
Registered: 2019-07-17
Posts: 5

Re: [SOLVED] Cisco Secure Client 5.0.05040 fails to connect

Thank you so much SaGeekMu08!

Adding a small detail (maybe obvious to some?): after downgrading libxml2 I needed to reboot to get cisco secure client running again.

Cheers,
Chris

Last edited by chrisdane (2023-11-23 14:16:58)

Offline

#3 2023-11-23 14:31:30

loqs
Member
Registered: 2014-03-06
Posts: 18,053

Re: [SOLVED] Cisco Secure Client 5.0.05040 fails to connect

Is the issue still present in  libxml2-2.12.1-1 currently in core-testing?  If not is there an upstream bug report for the issue?

Last edited by loqs (2023-11-23 23:06:21)

Offline

#4 2023-11-27 14:40:06

infinilax
Member
Registered: 2023-11-27
Posts: 1

Re: [SOLVED] Cisco Secure Client 5.0.05040 fails to connect

Can confirm that the issue is still present in Secure Client 5.0.02075 and downgrading libxml fixed the issue.

Thanks!

Offline

#5 2023-11-30 10:14:09

ruata
Member
Registered: 2012-09-04
Posts: 4

Re: [SOLVED] Cisco Secure Client 5.0.05040 fails to connect

Hi

I can confirm the problem with 4.10.03104
Downgrading libxml2 to 2.11.5-1 helped me

Offline

#6 2023-11-30 10:30:23

ruata
Member
Registered: 2012-09-04
Posts: 4

Re: [SOLVED] Cisco Secure Client 5.0.05040 fails to connect

As a solution I've copied libxml.so.2 and libxml2.so.2.11.5 into /opt/cisco/anyconnect/libxml/ and added environment variable LD_LIBRARY_PATH="/opt/cisco/anyconnect/libxml:$LD_LIBRARY_PATH"
to vpnagentd.service and /opt/cisco/anyconnect/bin/vpnui

Offline

#7 2023-12-08 03:30:47

marcin123
Member
Registered: 2018-12-20
Posts: 5

Re: [SOLVED] Cisco Secure Client 5.0.05040 fails to connect

I can confirm that downgrading to libxml to libxml2.so.2.11.5 fixes the issue.  If you have `libxml2-2.11.5-1`  in your `/var/cache/pacman/pkg/` than:


sudo pacman -U file:///var/cache/pacman/pkg/libxml2-2.11.5-1-x86_64.pkg.tar.zst

Last edited by marcin123 (2023-12-08 03:31:33)

Offline

#8 2023-12-08 21:19:16

Windsthree
Member
Registered: 2023-12-08
Posts: 3

Re: [SOLVED] Cisco Secure Client 5.0.05040 fails to connect

Which ticket is used to track solution delivery, when/what delivered finally? Some of archlinux derivatives have less freedom in juggling with versions of installed executable/package.

Offline

#9 2023-12-08 21:55:00

loqs
Member
Registered: 2014-03-06
Posts: 18,053

Re: [SOLVED] Cisco Secure Client 5.0.05040 fails to connect

Windsthree wrote:

Which ticket is used to track solution delivery, when/what delivered finally? Some of archlinux derivatives have less freedom in juggling with versions of installed executable/package.

No one has indicated they have reported or there exists already an issue with either Cisco or the libxml2 project.

Offline

#10 2023-12-09 17:50:28

Meromorphic
Member
Registered: 2023-12-09
Posts: 3

Re: [SOLVED] Cisco Secure Client 5.0.05040 fails to connect

ruata wrote:

As a solution I've copied libxml.so.2 and libxml2.so.2.11.5 into /opt/cisco/anyconnect/libxml/ and added environment variable LD_LIBRARY_PATH="/opt/cisco/anyconnect/libxml:$LD_LIBRARY_PATH"
to vpnagentd.service and /opt/cisco/anyconnect/bin/vpnui

I can't manage to copy this setup, maybe because I have no file /opt/cisco/anyconnect/bin/vpnui. My /opt/cisco/anyonnect has no subfolders. I do have a -- binary -- file "vpnui" in /opt/cisco/secureclient/bin. What am I missing?

Offline

#11 2023-12-10 22:48:13

Windsthree
Member
Registered: 2023-12-08
Posts: 3

Re: [SOLVED] Cisco Secure Client 5.0.05040 fails to connect

loqs wrote:

No one has indicated they have reported or there exists already an issue with either Cisco or the libxml2 project.

https://gitlab.archlinux.org/archlinux/ … -/issues/1

Offline

#12 2023-12-10 22:51:45

Scimmia
Fellow
Registered: 2012-09-01
Posts: 12,090

Re: [SOLVED] Cisco Secure Client 5.0.05040 fails to connect

Windsthree wrote:
loqs wrote:

No one has indicated they have reported or there exists already an issue with either Cisco or the libxml2 project.

https://gitlab.archlinux.org/archlinux/ … -/issues/1

That's Arch, not Cisco or libxml2.

Offline

#13 2023-12-11 12:42:07

Windsthree
Member
Registered: 2023-12-08
Posts: 3

Re: [SOLVED] Cisco Secure Client 5.0.05040 fails to connect

Scimmia wrote:
Windsthree wrote:
loqs wrote:

No one has indicated they have reported or there exists already an issue with either Cisco or the libxml2 project.

https://gitlab.archlinux.org/archlinux/ … -/issues/1

That's Arch, not Cisco or libxml2.

The intention is to make pressure Cisco and libxml2 side.

Offline

#14 2023-12-19 10:01:45

Bogart
Member
From: Madrid, Spain
Registered: 2005-06-22
Posts: 273

Re: [SOLVED] Cisco Secure Client 5.0.05040 fails to connect

It seems we no longer can get away with downgrading libxml2 since that now breaks many other things. Is there any workaround for it?

Offline

#15 2023-12-19 14:42:28

Bogart
Member
From: Madrid, Spain
Registered: 2005-06-22
Posts: 273

Re: [SOLVED] Cisco Secure Client 5.0.05040 fails to connect

I solved the problem by compiling libxml2-2.11.5-1 in my updated system (which has icu-74 instead of the older icu-73, which is what caused the original version of libxml2-2.11.5-1 to stop working) and then doing as suggested in #6.

To compile the library, first fully update your system and then you can download the PKGBUILD here: https://gitlab.archlinux.org/archlinux/ … bff63d18eb

Then copy from the pkg/libxml2/usr/lib the files libxml2.so.2 and libxml2.so.2.11.5 to opt/cisco/anyconnect/libxml/ (you'd have to create that directory first) and then add the environment variable to the files that start the daemon and the client (/etc/systemd/system/vpnagentd.service and -in my case- ~/.local/share/plasma_icons/com.cisco.anyconnect.gui.desktop). The commands to add are, respectively:

ExecStart=env 'LD_LIBRARY_PATH=/opt/cisco/anyconnect/libxml:$LD_LIBRARY_PATH' /opt/cisco/anyconnect/bin/vpnagentd -execv_instance

and

Exec=env 'LD_LIBRARY_PATH=/opt/cisco/anyconnect/libxml:$LD_LIBRARY_PATH' /opt/cisco/anyconnect/bin/vpnui

Offline

#16 2023-12-28 18:02:38

Meromorphic
Member
Registered: 2023-12-09
Posts: 3

Re: [SOLVED] Cisco Secure Client 5.0.05040 fails to connect

Thank you, Bogart, this (#15) worked for me, too.

My paths are slightly different (/opt/cisco/secureclient/bin rather than /opt/cisco/anyconnect/bin and /usr/share/applications/com.cisco.secureclient.gui.desktop instead of ~/.local/share/plasma_icons/com.cisco.anyconnect.gui.desktop) but with the adapted paths in the systemd file (ExecStart) and the /usr/share/applications/com.cisco.secureclient.gui.desktop (Exec) the Cisco client is working as before. (I had tried to switch to openconnect but failed to make 2fa work right).

Last edited by Meromorphic (2023-12-28 18:03:28)

Offline

#17 2024-01-02 13:57:48

Jphillips
Member
Registered: 2019-08-23
Posts: 68

Re: [SOLVED] Cisco Secure Client 5.0.05040 fails to connect

This fails for me, vpnagentd.service fails to start after adding the changes:

× vpnagentd.service - Cisco Secure Client - AnyConnect VPN Agent
     Loaded: loaded (/etc/systemd/system/vpnagentd.service; enabled; preset: disabled)
     Active: failed (Result: exit-code) since Tue 2024-01-02 13:54:48 GMT; 1min 0s ago
   Duration: 8ms
    Process: 33965 ExecStartPre=/opt/cisco/secureclient/bin/load_tun.sh (code=exited, status=0/SUCCESS)
    Process: 33968 ExecStart=env LD_LIBRARY_PATH=/opt/cisco/anyconnect/libxml:$LD_LIBRARY_PATH /opt/cisco/secureclient/bin/vpnagentd -execv_instance (code=exited, s>
   Main PID: 33968 (code=exited, status=127)
        CPU: 23ms

Jan 02 13:54:48 lcomp systemd[1]: vpnagentd.service: Scheduled restart job, restart counter is at 5.
Jan 02 13:54:48 lcomp systemd[1]: vpnagentd.service: Start request repeated too quickly.
Jan 02 13:54:48 lcomp systemd[1]: vpnagentd.service: Failed with result 'exit-code'.
Jan 02 13:54:48 lcomp systemd[1]: Failed to start Cisco Secure Client - AnyConnect VPN Agent

I double checked all of the paths (also using /usr/share/applications/com.cisco.secureclient.gui.desktop) but no luck.

Offline

#18 2024-01-02 14:05:26

WorMzy
Administrator
From: Scotland
Registered: 2010-06-16
Posts: 12,410
Website

Re: [SOLVED] Cisco Secure Client 5.0.05040 fails to connect

Mod note: moving to AUR Issues


Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

Offline

#19 2024-01-02 14:26:55

Bogart
Member
From: Madrid, Spain
Registered: 2005-06-22
Posts: 273

Re: [SOLVED] Cisco Secure Client 5.0.05040 fails to connect

Jphillips wrote:

This fails for me, vpnagentd.service fails to start after adding the changes:

    Process: 33965 ExecStartPre=/opt/cisco/secureclient/bin/load_tun.sh (code=exited, status=0/SUCCESS)
    Process: 33968 ExecStart=env LD_LIBRARY_PATH=/opt/cisco/anyconnect/libxml:$LD_LIBRARY_PATH /opt/cisco/secureclient/bin/vpnagentd -execv_instance (code=exited, s>

My application is installed in /opt/cisco/anyconnect/ while yours seems to be in /opt/cisco/secureclient/. Did you copy the libxml2 libs to /opt/cisco/anyconnect/libxml/ or to /opt/cisco/secureclient/libxml/? The latter would make more sense for you, and change the path accordingly in the commands. Also, do you have the "LD_LIBRARY_PATH=/opt/cisco/anyconnect/libxml:$LD_LIBRARY_PATH" parameter written with quotes (simple or double, I guess it doesn't matter, but your error message doesn't show them)?

Offline

#20 2024-01-02 15:27:40

Meromorphic
Member
Registered: 2023-12-09
Posts: 3

Re: [SOLVED] Cisco Secure Client 5.0.05040 fails to connect

Bogart wrote:
Jphillips wrote:

This fails for me, vpnagentd.service fails to start after adding the changes:

    Process: 33965 ExecStartPre=/opt/cisco/secureclient/bin/load_tun.sh (code=exited, status=0/SUCCESS)
    Process: 33968 ExecStart=env LD_LIBRARY_PATH=/opt/cisco/anyconnect/libxml:$LD_LIBRARY_PATH /opt/cisco/secureclient/bin/vpnagentd -execv_instance (code=exited, s>

My application is installed in /opt/cisco/anyconnect/ while yours seems to be in /opt/cisco/secureclient/. Did you copy the libxml2 libs to /opt/cisco/anyconnect/libxml/ or to /opt/cisco/secureclient/libxml/? The latter would make more sense for you, and change the path accordingly in the commands. Also, do you have the "LD_LIBRARY_PATH=/opt/cisco/anyconnect/libxml:$LD_LIBRARY_PATH" parameter written with quotes (simple or double, I guess it doesn't matter, but your error message doesn't show them)?

Did you restart the services, Jphillips? systemctl daemon-reload && systemctl restart vpnagentd?

I put the new-old libxlm under /opt/cisco/anyconnect/libxlm (even though the /bin/ folder is under /opt/cisco/anyconnect). I used the exact same quotation marks as in #15, and it works on my desktop plus work laptop.

Last edited by Meromorphic (2024-01-02 15:28:41)

Offline

#21 2024-01-02 15:37:43

loqs
Member
Registered: 2014-03-06
Posts: 18,053

Re: [SOLVED] Cisco Secure Client 5.0.05040 fails to connect

Upstream bug report with libxml2 https://gitlab.gnome.org/GNOME/libxml2/-/issues/644 is stuck awaiting information.

Offline

#22 2024-01-02 17:35:48

Jphillips
Member
Registered: 2019-08-23
Posts: 68

Re: [SOLVED] Cisco Secure Client 5.0.05040 fails to connect

Bogart wrote:

My application is installed in /opt/cisco/anyconnect/ while yours seems to be in /opt/cisco/secureclient/. Did you copy the libxml2 libs to /opt/cisco/anyconnect/libxml/ or to /opt/cisco/secureclient/libxml/? The latter would make more sense for you, and change the path accordingly in the commands. Also, do you have the "LD_LIBRARY_PATH=/opt/cisco/anyconnect/libxml:$LD_LIBRARY_PATH" parameter written with quotes (simple or double, I guess it doesn't matter, but your error message doesn't show them)?

Meromorphic wrote:

Did you restart the services, Jphillips? systemctl daemon-reload && systemctl restart vpnagentd?

I put the new-old libxlm under /opt/cisco/anyconnect/libxlm (even though the /bin/ folder is under /opt/cisco/anyconnect). I used the exact same quotation marks as in #15, and it works on my desktop plus work laptop.


I've tried putting them in both /opt/cisco/anyconnect/libxlm and /opt/cisco/secureclient/libxlm, but vpnagentd fails both times (after reloading the daemon). I've used both single and double quotes, but it doesn't make a difference, and regardless, it shows up without quotes in the systemd status.

In case it's helpful, were's my current /etc/systemd/system/vpnagentd.service

[Unit]
Description=Cisco Secure Client - AnyConnect VPN Agent

[Service]
Type=simple
Restart=on-failure
ExecStartPre=/opt/cisco/secureclient/bin/load_tun.sh
ExecStart=env "LD_LIBRARY_PATH=/opt/cisco/secureclient/libxml:$LD_LIBRARY_PATH" /opt/cisco/secureclient/bin/vpnagentd -execv_instance
ExecReload=/bin/kill -HUP $MAINPID
PIDFile=/var/run/vpnagentd.pid
KillMode=process
EnvironmentFile=/etc/environment

[Install]
WantedBy=multi-user.target

And my current /etc/systemd/system/vpnagentd.service

[Desktop Entry]
Type=Application
Name=Cisco Secure Client
Comment=Connect to a private network using the Cisco Secure Client
Exec=env 'LD_LIBRARY_PATH=/opt/cisco/secureclient/libxml:$LD_LIBRARY_PATH' /opt/cisco/secureclient/bin/vpnui
Icon=cisco-secure-client
Terminal=false
Encoding=UTF-8
StartupNotify=true

Offline

#23 2024-01-04 08:06:36

gasperz
Member
Registered: 2024-01-04
Posts: 2

Re: [SOLVED] Cisco Secure Client 5.0.05040 fails to connect

it seems that this fix does not work for secureclient?
I have the same issues as Jphillips. I've managed to download libxml 2.11.5 PKGBUILD from the link, unzipped and run makepkg in that folder. I've copied the file to libxml folder, made symlink and fixed the env in systemd. Vpnagent wont start. If i run vpnui manualy

#: env 'LD_LIBRARY_PATH=/opt/cisco/secureclient/libxml:$LD_LIBRARY_PATH' bin/vpnui
bin/vpnui: error while loading shared libraries: libicuuc.so.73: cannot open shared object file: No such file or directory

There must be something im doing wrong, beacuse there is no libicuuc.so.73 anymore in my /usr/lib. I've also tried to hack a symlink for it to latest libicuuc.so.74 but it just introduces more problems. Anymore insights for me?

Offline

#24 2024-01-04 08:56:27

gasperz
Member
Registered: 2024-01-04
Posts: 2

Re: [SOLVED] Cisco Secure Client 5.0.05040 fails to connect

If someone needs a fix/workaround cisco client,  openconnect from command works for me.

Offline

#25 2024-01-04 10:48:16

Jphillips
Member
Registered: 2019-08-23
Posts: 68

Re: [SOLVED] Cisco Secure Client 5.0.05040 fails to connect

gasperz wrote:

If someone needs a fix/workaround cisco client,  openconnect from command works for me.

I tried that too, but my company uses SSO so I couldn't get to work. I did finally get it up and running using NetworkManager's vpn interface. It was a bit of a hassle -- I used openconnect's csd-post.sh script for the csd trojan (https://github.com/sailfishos-mirror/op … sd-post.sh), but also had an issue with legacy authentication. So I had to modify my openssl config file to allow UnsafeLegacyRenegotiation:

$ cat /etc/ssl/openssl.cnf
openssl_conf = openssl_init

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
Options = UnsafeLegacyRenegotiation

So it's up and running. I don't love using UnsafeLegacyRenegotiation (though I can't figure out exactly what's unsafe about it), nor do I love going through NetworkManager, but it is preferable over anyconnect.

Offline

Board footer

Powered by FluxBB