Home / ubuntu / Questions

Questions[openconnect](ubuntu)

Martin Hope
ali129
Asked: 2020-05-01 08:14:51 +0800 CST
  • 11

I recently have upgraded to Ubuntu 20.04. Everything works fine except that every time I want to connect to a VPN network with openconnect I have to enter My username and It asks me to validate the certificate. I connect to VPN network using a gnome plugin for openconnect: "network-manager-openconnect-gnome". This can be very frustrating since I have to switch between VPN connection and normal Internet connection frequently.

vpn network-manager openconnect 20.04
Martin Hope
Jay
Asked: 2020-04-23 05:29:48 +0800 CST
  • 10

Raised bug -> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1874257

SSH timeout issue, once connect to VPN.

Connecting via putty fine. No changes made before.

VPN established by open-connect. This is previously working. Reinstalled VPN packages and reboot still no luck

Environment

Dell XPS 9570
Ubuntu 16.04.6 Xenial Xerus)
kernel - 4.15.0-55-generic

$dpkg -l | grep -i openssh
ii openssh-client 1:7.2p2-4ubuntu2.8 -->
ii openssh-server 1:7.2p2-4ubuntu2.8
ii openssh-sftp-server 1:7.2p2-4ubuntu2.8

VPN tunnel info
====
vpn0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:IP P-t-P:xx Mask:255.255.252.0
          inet6 addr: fe80::b8e2:bea4:2e62:fe08/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1406 Metric:1
          RX packets:962 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1029 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:87839 (87.8 KB) TX bytes:238740 (238.7 KB)

Issue

Unable to connect to any host via ssh or sftp after VPN connection

Tried

Reinstalled the openssh-client package and still no luck. May I know why the default cipher is not taking/hanging? Please let me know . There were no recent changes.

Workaround

Able to connect to ssh / sftp $ssh -c aes128-ctr user@IP

Below is the debug ssh client logs ===

$ssh -vvv user@ip
OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "IP" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to IP [IP] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa-cert type -1



debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

<< Hangs here >>

Please shed some views

Thanks

networking vpn 16.04 openconnect
Martin Hope
Hashem Simab
Asked: 2018-08-26 06:14:31 +0800 CST
  • 13

After upgrading to 18.04 I can't use openconnect anymore. Here is the issue:

Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(PSK)-(AES-256-GCM).  
DTLS connection compression using LZ4.  
Failed to read from SSL socket: The transmitted packet is too large (EMSGSIZE).  
Failed to recv DPD request (1434)

I have no idea what it means. Any suggestion?

networking upgrade 18.04 openconnect
Martin Hope
Benyamin Jafari
Asked: 2018-06-03 11:43:54 +0800 CST
  • 26

I use openconnect in Ubuntu 16.04 terminally, when I want to run it, I need to enter three phases:

  • "yes/no"
  • "username"
  • "password"

How can I bypass above phases using openconnect in a line (e.g. using openconnect options)?
Are there any options for that such as the following line?

sudo openconnect <server-name> --user=<'username'> --pass=<'password'>

I used openconnect --help and found out a way to filling username, but I haven't any idea to filling password and SSL verification.

command-line konsole 16.04 18.04 openconnect
Martin Hope
Neal Gamradt
Asked: 2018-05-07 07:17:39 +0800 CST
  • 9

I have been using openconnect for a long time now with our corporate VPN. I upgraded my personal laptop to Ubuntu 18.04 and I can no longer receive network traffic once connect.

I use the following command to connect:

/usr/bin/sudo /usr/sbin/openconnect --juniper --servercert $CERT --user=$USERNAME $HOST

I have to use the --servercert flag because of how the certs were installed on the VPN servers.

Anyway, this has been working flawlessly for the last few versions of Ubuntu.

With 18.04, the /etc/resolve.conf file is getting modified as expected, openconnect itself reports no issues, but once I am connected, I receive no traffic.

I have been doing some reading that the kernel with 18.04 may require some changes to the /etc/sysctl.conf file.

Is there anyone who can help figure out why I no longer receive traffic once connected the VPN via openconnect?

I assume since it doesn't appear to be DNS, that this is a problem with the tunnel.

I am going to compare to my 17.10 machine to see if there is something obvious which is different.

Any help would be greatly appreciated!

networking server vpn network-manager openconnect