Hi,
openconnect client doesn't work.
root@OpenWrt:~# ubus call system board
{
"kernel": "5.10.161",
"hostname": "OpenWrt",
"system": "MediaTek MT7621 ver:1 eco:3",
"model": "HiWiFi HC5962",
"board_name": "hiwifi,hc5962",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "22.03.3",
"revision": "r20028-43d71ad93e",
"target": "ramips/mt7621",
"description": "OpenWrt 22.03.3 r20028-43d71ad93e"
}
root@OpenWrt:~# openconnect --version
OpenConnect version v9.01
Using GnuTLS 3.7.1. Features present: HOTP software token, TOTP software token, System keys, DTLS, ESP
Supported protocols: anyconnect (default), nc, gp, pulse, f5, fortinet, array
Default vpnc-script (override with --script): /lib/netifd/vpnc-script
I follow the guide below:
and install luci-proto-openconnect
I tried to connect to ocserv server, I saw the ssl connection was established successfully, but didn't see any tunnel interface was up.
the log messages are as follows:
Wed Mar 8 10:39:29 2023 daemon.notice netifd: Interface 'oc' is setting up now
Wed Mar 8 10:39:29 2023 user.notice openconnect: initializing...
Wed Mar 8 10:39:29 2023 user.notice openconnect: adding host dependency for https://ocs.example.net/ at oc
Wed Mar 8 10:39:31 2023 daemon.info dnsmasq[1]: read /etc/hosts - 4 addresses
Wed Mar 8 10:39:31 2023 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 1 addresses
Wed Mar 8 10:39:31 2023 daemon.info dnsmasq[1]: read /tmp/hosts/odhcpd - 0 addresses
Wed Mar 8 10:39:31 2023 daemon.info dnsmasq-dhcp[1]: read /etc/ethers - 0 addresses
Wed Mar 8 10:39:34 2023 user.notice openconnect: executing 'openconnect 'https://ocs.example.net/' '-i' 'vpn-oc' '--non-inter' '--syslog' '--script' '/lib/netifd/vpnc-script' '--protocol' 'anyconnect' '--servercert=pin-sha256:nIc9MrS1R9LgWxiiEbZMRoH7VvqDGpqLAwEPVjTfEaI=' '--no-system-trust' '-u' 'test' '--passwd-on-stdin''
Wed Mar 8 10:39:34 2023 daemon.notice netifd: oc (11816): POST https://ocs.example.net/
Wed Mar 8 10:39:35 2023 daemon.notice netifd: oc (11816): Connected to 100.100.100.100:443
Wed Mar 8 10:39:35 2023 daemon.notice netifd: oc (11816): SSL negotiation with ocs.example.net
Wed Mar 8 10:39:35 2023 daemon.notice netifd: oc (11816): Server certificate verify failed: signer not found
Wed Mar 8 10:39:35 2023 daemon.notice netifd: oc (11816): Connected to HTTPS on ocs.example.net with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
Wed Mar 8 10:39:35 2023 daemon.notice netifd: oc (11816): XML POST enabled
Wed Mar 8 10:39:35 2023 daemon.notice netifd: oc (11816): Please enter your username.
Wed Mar 8 10:39:35 2023 daemon.notice netifd: oc (11816): POST https://ocs.example.net/auth
Wed Mar 8 10:39:35 2023 daemon.notice netifd: oc (11816): Please enter your password.
Wed Mar 8 10:39:35 2023 daemon.notice netifd: oc (11816): POST https://ocs.example.net/auth
Wed Mar 8 10:39:35 2023 daemon.notice netifd: oc (11816): Got CONNECT response: HTTP/1.1 200 CONNECTED
Wed Mar 8 10:39:35 2023 daemon.notice netifd: oc (11816): CSTP connected. DPD 90, Keepalive 32400
Wed Mar 8 10:39:35 2023 daemon.notice netifd: oc (11816): Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(PSK)-(AES-256-GCM).
Wed Mar 8 10:39:35 2023 daemon.notice netifd: oc (11816): Configured as 192.168.1.105, with SSL connected and DTLS connected
Wed Mar 8 10:40:38 2023 daemon.notice openconnect[11816]: Script '/lib/netifd/vpnc-script' returned error 127
Wed Mar 8 10:41:11 2023 daemon.notice openconnect[11816]: Script '/lib/netifd/vpnc-script' returned error 127
Wed Mar 8 10:41:11 2023 daemon.notice openconnect[11816]: Failed to write incoming packet: I/O error
Wed Mar 8 10:41:11 2023 daemon.notice openconnect[11816]: Failed to write incoming packet: I/O error
Wed Mar 8 10:41:11 2023 daemon.notice openconnect[11816]: Failed to write incoming packet: I/O error
Wed Mar 8 10:41:11 2023 daemon.notice openconnect[11816]: Failed to write incoming packet: I/O error
Wed Mar 8 10:41:11 2023 daemon.notice openconnect[11816]: Failed to write incoming packet: I/O error
After replaced the openwrt original vpnc-scipt version with https://gitlab.com/openconnect/vpnc-scripts/blob/master/vpnc-script, still got the same error.
I struggled with this issue for a few days. I tried adding log output commands to vpn-script, but nothing was sent to syslog, and it seemed as if the vpnc-script had not been called and run at all.
Anyone who can help?