Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ubuntu 18.04: Issues with OpenConnect #11

Closed
HenrikBengtsson opened this issue Aug 1, 2018 · 6 comments
Closed

Ubuntu 18.04: Issues with OpenConnect #11

HenrikBengtsson opened this issue Aug 1, 2018 · 6 comments
Labels
OpenConnect

Comments

@HenrikBengtsson
Copy link
Owner

Moving what @graft wrote in #4 (comment) to a new issue:

An issue I have been having lately with openconnect on some of my machines is a strange name service bug - the connection looks fine, an IP is assigned, but there is no ping available (or any other IP traffic apparently). This only happens on systems that use systemd-resolved - other systems I have that still use dnsmasq seem to work okay. I haven't really been able to understand what's going on here, but there is some discussion of the issue and a workaround here: dlenski/openconnect#104

The workaround, in case you encounter this issue on a new install (I'm running 18.04 ubuntu) is, after your connection is active, look for the following process:

run-parts --arg=-a --arg=tun0 /etc/resolvconf/update.d

Killing this will give you a working VPN connection.
@HenrikBengtsson
Copy link
Owner Author

HenrikBengtsson commented Aug 1, 2018
edited

From dlenski/openconnect#104:

I'll close this one as "not OpenConnect's fault" and point anyone else to this if it comes up again.

I hope Ubuntu will fix this soon.

which refers to Ubuntu Bug #1752411: "bind9-host, avahi-daemon-check-dns.sh hang forever causes network connections to get stuck", which is still open and provides a few workarounds, e.g. tweak /usr/lib/avahi/avahi-daemon-check-dns.sh to use timeout 5 ....

@patrickhwood
Copy link

I found that changing the /sbin/resolvconf line in modify_resolvconf_manager() in vpnc-script to

echo "$NEW_RESOLVCONF" | /sbin/resolvconf -a $TUNDEV &

fixes it.

@HenrikBengtsson
Copy link
Owner Author

@patrickhwood, thxs. Exactly where is the vpnc-script script/file located? ...and do you remember what it was prior to changing it, i.e. what is the change?

@patrickhwood
Copy link

patrickhwood commented Aug 20, 2018
edited

I downloaded an up-to-date version as suggested on the openconnect site: http://www.infradead.org/openconnect/vpnc-script.html and use it with the -s option. There's also a vpnc-script in /usr/share/vpnc-scripts, but I haven't tried that one, nor am I 100% certain it's the one used by openconnect by default.

The change was to simply add the "&" on the end of the line so it would run in the background and not stall the execution of the script (which seems to be the cause of the problem). I'm pretty sure this is the line that kicks off the run-parts process.

@chruck
Copy link

chruck commented Aug 30, 2018
edited

Reading the vpnc-script code, I discovered that if I append resolve to the hosts line in /etc/nsswitch.conf, it also works:

hosts:          files mdns4_minimal [NOTFOUND=return] dns resolve

I think this is a better plan, letting nsswitch know to use systemd-resolve, rather than kill processes or have the run unending in the background. I plan to contact Ubuntu to update /etc/nsswitch.conf.

@HenrikBengtsson
Copy link
Owner Author

Moot; the "General Support" for Ubuntu 18.04 LTS ended 2023-06 (https://en.wikipedia.org/wiki/Ubuntu#Releases).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
OpenConnect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@chruck @HenrikBengtsson @patrickhwood