OpenConnect

network manager open connect establishes connect but vpn does not work after connection is establlished.

Bug #1502847 reported by Lafa
82
This bug affects 15 people
Affects Status Importance Assigned to Milestone
OpenConnect
New
Unknown
network-manager-openconnect (Ubuntu)
Confirmed
Medium
Unassigned
openconnect (Ubuntu)
New
Medium
Unassigned

Bug Description

I tried using network-manager in Ubuntu Gnome 15.10, it does establish the connection but I can not load any web pages or connect to any company machines.

This work fine in Ubuntu 15.04.

I also tried openconnect command line like this:

sudo openconnect --user=USER server/PATH

It also connects but even on the command line I have to add a default route to the tun0 device

sudo route add default gw IPADDRESS tun0

After that it works on cmd line, using network-manger I was not able to make it work.

DNS seems to be working great, after the NetworkManager established the vpn connection,
But I'm able to route any ip traffic.

This the Routing table using Ubuntu gnome Network Manager openconnect, after the vpn connection is established.

$ sudo route -n
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 0.0.0.0 0.0.0.0 U 50 0 0 vpn0
0.0.0.0 192.168.254.254 0.0.0.0 UG 600 0 0 wlp1s0
10.87.160.0 0.0.0.0 255.255.224.0 U 50 0 0 vpn0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 virbr0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
192.168.254.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp1s0
216.145.48.150 192.168.254.254 255.255.255.255 UGH 600 0 0 wlp1s0

ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: network-manager-openconnect 1.0.2-1build1
ProcVersionSignature: Ubuntu 4.2.0-12.14-generic 4.2.1
Uname: Linux 4.2.0-12-generic x86_64
ApportVersion: 2.19-0ubuntu1
Architecture: amd64
CurrentDesktop: GNOME
Date: Mon Oct 5 03:27:06 2015
InstallationDate: Installed on 2015-09-28 (7 days ago)
InstallationMedia: Ubuntu-GNOME 15.10 "Wily Werewolf" - Alpha amd64 (20150924)
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: network-manager-openconnect
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Lafa (luis-alves) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in network-manager-openconnect (Ubuntu):
status: New → Confirmed
Alberto Salvia Novella (es20490446e)
Changed in network-manager-openconnect (Ubuntu):
importance: Undecided → Medium
Revision history for this message
swatteam229 (swatteam229) wrote :

Please increase the importance if possible.
openconnect VPN in 15.10 is not working for me but does have the wifi driver for MSI GT72 ( Awesome ). 15.04 has the working VPN but not the wifi..

Thanks you all for Ubuntu !
James

Revision history for this message
Noel Burton-Krahn (noel-burton-krahn) wrote :

This fixes the problem for me after vpnc connected:

    sudo ip route add default dev tun0

I wonder if vpnc is failing to do this itself, or if NetworkManager is getting in the way.

Revision history for this message
Lafa (luis-alves) wrote :

O posted a permanent fix to the vpnc script in here, that works for openconnect on the command line.
http://askubuntu.com/questions/681687/openconnect-vpn-setup-is-failing-in-ubuntu-15-10

Revision history for this message
Thomas Uebel (t-uebel) wrote :

The proposed permanent fix mentioned in #5 does not work for me.

Revision history for this message
Ivo Raisr (ivosh-d) wrote :

I am also affected by this bug. The following workaround works for me:
sudo ip route replace default via 0.0.0.0 dev tun0

I can provide lots of debugging information if needed.

Revision history for this message
Steve Hellwege (hellwege) wrote :

A permanent fix that worked:

Create a file: /etc/vpnc/post-connect.d/fix-default-route

Contents:

ip route replace default via 0.0.0.0 dev tun0

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in openconnect (Ubuntu):
status: New → Confirmed
Revision history for this message
Emilio Devspark (ecorengia) wrote :

Similar thing happens in Xubuntu 16.04 LTS "Xenial Xerus" - beta 2.
I'm able to connect eventually, but I'm getting disconnected constantly from OpenVPN client.

Alberto Salvia Novella (es20490446e)
Changed in openconnect (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Blackgr (blackfate86) wrote :

Hello,

A bit late to the party. Have you tried changing the tun0 mss?

sudo iptables -A OUTPUT -o tun0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1362

Thanks,
Alex

Revision history for this message
Mike Miller (mtmiller) wrote :

Reassigning from openconnect to vpnc-scripts, openconnect itself has nothing to do with configuring the routing table after establishing a VPN connection.

Does this bug actually affect openconnect command-line connections, or only connections established using NetworkManager?

affects: openconnect (Ubuntu) → vpnc-scripts (Ubuntu)
Changed in vpnc-scripts (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
Moritz Baumann (mo42) wrote :

Command-line connections are not affected anymore, those have been fixed by some update in the meantime. Only connections via the NetworkManager plugin are still affected.

Mike Miller (mtmiller)
Changed in vpnc-scripts (Ubuntu):
status: Incomplete → Invalid
Revision history for this message
Akdor 1154 (akdor1154) wrote :
Download full text (3.5 KiB)

This is still broken. The post-connect.d workarounds don't work because NetworkManager doesn't get openconnect to use vpnc-scripts any more. So the problem is with nm-openconnect-service-openconnect-helper I guess.

When debugging passed env vars I get (extract)
Jul 07 08:48:45 Herbie NetworkManager[634766]: CISCO_SPLIT_INC_2_MASKLEN=0
Jul 07 08:48:45 Herbie NetworkManager[634766]: LANGUAGE=en_AU:en
Jul 07 08:48:45 Herbie NetworkManager[634766]: NM_DBUS_SERVICE_OPENCONNECT=org.freedesktop.NetworkManager.openconnect.Connection_29
Jul 07 08:48:45 Herbie NetworkManager[634766]: NM_VPN_LOG_SYSLOG=1
Jul 07 08:48:45 Herbie NetworkManager[634766]: CISCO_SPLIT_INC_0_MASKLEN=32
Jul 07 08:48:45 Herbie NetworkManager[634766]: PWD=/
Jul 07 08:48:45 Herbie NetworkManager[634766]: CISCO_SPLIT_INC_1_MASKLEN=32
Jul 07 08:48:45 Herbie NetworkManager[634766]: LANG=en_AU.UTF-8
Jul 07 08:48:45 Herbie NetworkManager[634766]: CISCO_SPLIT_INC_2_ADDR=0.0.0.0
Jul 07 08:48:45 Herbie NetworkManager[634766]: INTERNAL_IP4_NETADDR=192.168.220.116
Jul 07 08:48:45 Herbie NetworkManager[634766]: CISCO_SPLIT_INC_0_ADDR=10.241.17.31
Jul 07 08:48:45 Herbie NetworkManager[634766]: CISCO_CSTP_OPTIONS=split-include=10.241.17.31/32
Jul 07 08:48:45 Herbie NetworkManager[634766]: split-include=10.241.17.30/32
Jul 07 08:48:45 Herbie NetworkManager[634766]: split-include=0.0.0.0/0
Jul 07 08:48:45 Herbie NetworkManager[634766]: search=officeworks.internal
Jul 07 08:48:45 Herbie NetworkManager[634766]: DNS=10.241.17.31
Jul 07 08:48:45 Herbie NetworkManager[634766]: DNS=10.241.17.30
Jul 07 08:48:45 Herbie NetworkManager[634766]: netmask=255.255.255.255
Jul 07 08:48:45 Herbie NetworkManager[634766]: ipaddr=192.168.220.116
Jul 07 08:48:45 Herbie NetworkManager[634766]: INVOCATION_ID=e13e358d737b41ef83b74684c4fdcef3
Jul 07 08:48:45 Herbie NetworkManager[634766]: CISCO_SPLIT_INC_1_MASK=255.255.255.255
Jul 07 08:48:45 Herbie NetworkManager[634766]: INTERNAL_IP4_DNS=10.241.17.30 10.241.17.31
Jul 07 08:48:45 Herbie NetworkManager[634766]: INTERNAL_IP4_NETMASK=255.255.255.255
Jul 07 08:48:45 Herbie NetworkManager[634766]: CISCO_SPLIT_INC=3
Jul 07 08:48:45 Herbie NetworkManager[634766]: INTERNAL_IP4_NETMASKLEN=32
Jul 07 08:48:45 Herbie NetworkManager[634766]: INTERNAL_IP4_MTU=1422
Jul 07 08:48:45 Herbie NetworkManager[634766]: CISCO_SPLIT_INC_1_ADDR=10.241.17.30
Jul 07 08:48:45 Herbie NetworkManager[634766]: SHLVL=1
Jul 07 08:48:45 Herbie NetworkManager[634766]: VPNGATEWAY=MYCOMPANYVPNIP
Jul 07 08:48:45 Herbie NetworkManager[634766]: CISCO_DEF_DOMAIN=MYCOMPANY.internal
Jul 07 08:48:45 Herbie NetworkManager[634766]: INTERNAL_IP4_ADDRESS=192.168.220.116
Jul 07 08:48:45 Herbie NetworkManager[634766]: CISCO_SPLIT_INC_0_MASK=255.255.255.255
Jul 07 08:48:45 Herbie NetworkManager[634766]: TUNDEV=vpn0
Jul 07 08:48:45 Herbie NetworkManager[634766]: CISCO_SPLIT_INC_2_MASK=0.0.0.0
Jul 07 08:48:45 Herbie NetworkManager[634766]: GIO_USE_VFS=local
Jul 07 08:48:45 Herbie NetworkManager[634766]: JOURNAL_STREAM=9:24405
Jul 07 08:48:45 Herbie NetworkManager[634766]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
Jul 07 08:48:45 Herbie NetworkManager[634766]: reason=connect
Jul 07 08:48:...

Read more...

Revision history for this message
Akdor 1154 (akdor1154) wrote :

Opened upstream: https://gitlab.com/openconnect/openconnect/-/issues/162

Luís Infante da Câmara (luis220413)
affects: vpnc-scripts (Ubuntu) → openconnect (Ubuntu)
Changed in openconnect (Ubuntu):
status: Invalid → New
Bug Watch Updater (bug-watch-updater)
Changed in openconnect:
status: Unknown → New
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.