[Announce] OpenConnect (-GUI) VPN client - Page 8 - maemo.org

sirpaul | # 71 | 2011-04-19, 11:05 | Report

hi it is me again.
openconnect was working fine for me (for months!), but then i closed the gui and after a restart my internet was gone; there was no internet (connecting went fine) neither via wlan / vpn nor 3g.
so i reflashed and restored my settings which led to that error again.

now after a new flash without restoring settings openconnect gives the dead peer error you wrote about above (which is really strange cause i havent seen that error before).

so i cannot connect to the internet via the vpn. is there a workaround to get internet? btw thanks for your great work!

here is my log with verbose:

Code:

Nokia-N900:~# openconnect --script=/usr/share/openconnect/vpnc-script --user=user@uni-potsdam.de --no-dtls --authgroup=WLAN --verbose wlanvpn.uni-potsdam.de
Attempting to connect to wlanvpn.uni-potsdam.de
SSL negotiation with wlanvpn.uni-potsdam.de
Connected to HTTPS on wlanvpn.uni-potsdam.de
GET wlanvpn.uni-potsdam.de/
Got HTTP response: HTTP/1.0 302 Object Moved
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Cache-Control: no-cache
Pragma: no-cache
Connection: Keep-Alive
Date: Tue, 19 Apr 2011 07:36:05 GMT
Location: /+webvpn+/index.html
Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
SSL negotiation with wlanvpn.uni-potsdam.de
Connected to HTTPS on wlanvpn.uni-potsdam.de
GET wlanvpn.uni-potsdam.de/+webvpn+/index.html
Got HTTP response: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/xml
Cache-Control: max-age=0
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=1; secure
X-Transcend-Version: 1
Fixed options give
Please enter your username and password.
Password:
POST wlanvpn.uni-potsdam.de/+webvpn+/index.html

Got HTTP response: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/xml
Cache-Control: max-age=0
Set-Cookie: webvpnlogin=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpn=
Got CONNECT response: HTTP/1.1 200 OK
X-CSTP-Version: 1
X-CSTP-Address: 141.89.47.48
X-CSTP-Netmask: 255.255.255.0
X-CSTP-DNS: 141.89.65.1
X-CSTP-NBNS: 141.89.64.56
X-CSTP-Lease-Duration: 86400
X-CSTP-Session-Timeout: 86400
X-CSTP-Idle-Timeout: 1800
X-CSTP-Disconnected-Timeout: 1800
X-CSTP-Default-Domain: wlan.rz.uni-potsdam.de
X-CSTP-Keep: true
X-CSTP-Homepage: http://www.uni-potsdam.de
X-CSTP-DPD: 30
X-CSTP-Keepalive: 20
X-CSTP-Smartcard-Removal-Disconnect: true
X-DTLS-Session-ID: 644B1FD152298979A2D7593714C76
X-DTLS-Port: 443
X-DTLS-Keepalive: 20
X-DTLS-DPD: 30
X-CSTP-MTU: 1406
X-DTLS-CipherSuite: AES128-SHA
X-CSTP-Routing-Filtering-Ignore: false
CSTP connected. DPD 30, Keepalive 20
Connected tun0 as 141.89.47.48, using SSL
Did no work; sleeping for 19000 ms...
Send CSTP Keepalive
Did no work; sleeping for 10000 ms...
Send CSTP DPD
Did no work; sleeping for 15000 ms...
Sending uncompressed data packet of 58 bytes
Did no work; sleeping for 7000 ms...
Sending uncompressed data packet of 58 bytes
Did no work; sleeping for 2000 ms...
Send CSTP DPD
Did no work; sleeping for 15000 ms...
Sending uncompressed data packet of 81 bytes
Did no work; sleeping for 12000 ms...
Sending uncompressed data packet of 81 bytes
Did no work; sleeping for 7000 ms...
Sending uncompressed data packet of 576 bytes
Did no work; sleeping for 4000 ms...
Sending uncompressed data packet of 58 bytes
Did no work; sleeping for 2000 ms...
Send CSTP DPD
Did no work; sleeping for 15000 ms...
CSTP Dead Peer Detection detected dead peer!

Last edited by sirpaul; 2011-05-04 at 17:12.

sirpaul | # 72 | 2011-04-19, 17:44 | Report

Damn!
Internet's broken again!
First my config: newly flashed device, pr1.3 with Titan's Kernel.
Programs installed: rootsh; openconnect and the belonging gui.

First i tried the version the repositories gave me (gui was without free option and openconnect itself 2.12). Gave me the message above (previous post).
The actual versions of the gui (the one missing the --no-cert-check option) and openconnect gave me the same result.

And now my internet is completely messed up. So i cannot enter any websites, even xterm fails to ping anything. And openconnect as well.

The only thing i did was trying to get internet access via vpn and from time to time shut the vpn-connection down by closing xterm and connecting to 3g.

and now i cannot even use wifi nor 2g / 3g to get internet access. (although it connects pretty fine, but i am not getting any data)

any help appreciated!

Netweaver | # 73 | 2011-04-26, 14:16 | Report

funny this happens to you after a reflash to PR1.3. I also had to flash last week Mon, as I was on a Frankenstein PR1.2 - PR1.3 - CSSU - custom mix and I had a problem with the Qt libs and PySafe. Funny enough only that one

Anyway, after a clean reflash and restore (reinstall all applications, incl. OpenConnect), I again can use PySafe and I can still use the VPN via OpenConnect.

I took the repository versions, as I wanted to stay as close to the repositories as possible, for now, to ease the pain when having to re-flash.

But all works fine. Apart from some HTTPS authentication issues in a java application AFTER the vpn connects but that must be an IBM/SSL/JVM thing as it started happening way before my reflash.

I did notice before that the OpenConnect process was quite unhappy and sometimes killing network access when not properly closed. Requiriing a reboot. After a few times up/down it also became more unstable. I was a light user myself, as it was merely an emergency access, when there was no laptop around.

In terms of routing, I also always wanted to connect to the Internet OUTSIDE the vpn, as it was a lot faster. But I can see the need to go through the VPN when being in an restrictive country (Eg. China or other political restricted countries).

I'm on the bench since today, so I can devote some time to it, before I find a new project somewhere. I'll have to fix my SB development environment though as I messed it up big time trying to get an environment capable of compiling Chromium ...

To be Continued.

hawaii | # 74 | 2011-04-26, 14:23 | Report

Originally Posted by sirpaul View Post

Damn!
Internet's broken again!
First my config: newly flashed device, pr1.3 with Titan's Kernel.
Programs installed: rootsh; openconnect and the belonging gui.

First i tried the version the repositories gave me (gui was without free option and openconnect itself 2.12). Gave me the message above (previous post).
The actual versions of the gui (the one missing the --no-cert-check option) and openconnect gave me the same result.

And now my internet is completely messed up. So i cannot enter any websites, even xterm fails to ping anything. And openconnect as well.

The only thing i did was trying to get internet access via vpn and from time to time shut the vpn-connection down by closing xterm and connecting to 3g.

and now i cannot even use wifi nor 2g / 3g to get internet access. (although it connects pretty fine, but i am not getting any data)

any help appreciated!

Check /etc/resolv.conf for proper entries. Often times, this file isn't updated when connecting or disconnecting to/from the tunnel node and is left with internal hosts.

The Following 2 Users Say Thank You to hawaii For This Useful Post:
Netweaver, sirpaul

sirpaul | # 75 | 2011-04-26, 18:35 | Report

@ hawaii
thanks for the idea; i got (of course, now i have got no problems in connecting):

Code:

nameserver 127.0.0.1

(opened via vi)

@ Netweaver
wonderful, it would be good if you could investigate that error.

and i checked today: got the same error with openconnect (2.25 from squeeze repo i think) and easy debian running on my phone; so it may be a problem related to my uni's vpn and not openconnect?

flocke000 | # 76 | 2011-05-04, 07:45 | Report

I get exactly the same error with my uni's (Uni Magdeburg) vpn.
I will try the same version of openconnect on my laptop today to see if it is a problem of the vpn.

The Following User Says Thank You to flocke000 For This Useful Post:
sirpaul

flocke000 | # 77 | 2011-05-04, 12:01 | Report

Ok, I get the same error on my notebook with all versions of openconnect i tested, it must be a problem of the vpn.

The Following User Says Thank You to flocke000 For This Useful Post:
sirpaul

sirpaul | # 78 | 2011-05-04, 16:21 | Report

thx for trying it; did you try openconnect 3.x as well?
how long are you havin that error? cause my openconnect stopped working after a few weeks past semesterstart.

i'll write my "zeik" today

Netweaver | # 79 | 2011-05-04, 16:31 | Report

good luck with talking to your uni VPN admins ... My IBM access VPN using OpenConnect still works fine. Touch wood...

And I'm back on a project, not a lot of bench time was granted this time. I guess I should be grateful for my utilization...

The Following User Says Thank You to Netweaver For This Useful Post:
sirpaul

flocke000 | # 80 | 2011-05-09, 12:59 | Report

I tested the newest version (3.02) and the one from the extras repo (2.26) on my laptop. The error was the same for the two versions.