Unable to build openconnect-3.16 in Solaris 10 (x86)
chua wei yang
noobishyang at gmail.com
Fri Apr 20 02:41:18 EDT 2012
On Fri, Apr 20, 2012 at 10:18 AM, chua wei yang <noobishyang at gmail.com> wrote:
> Hi David,
>
> Ok, off to download and try now and will post result, thanks so much.
>
> On Fri, Apr 20, 2012 at 8:17 AM, David Woodhouse <dwmw2 at infradead.org> wrote:
>> http://david.woodhou.se/openconnect-3.16-21-g05c92b4.tar.gz should fix
>> all the issues with Solaris 10. I'll probably make it a 3.17 release
>> shortly.
>>
>> You'll also want the latest vpnc-script from the git repository; there
>> were some fixes required for that too.
Hi David,
What I have done,
1. installed openconnect-3.16-21-g05c92b4.tar.gz.
2. replaced my vpnc-script with the latest from git (updated by you).
3. added proxy server (so sorry I forgot we are using a proxy).
4. ran following command,
openconnect --script /etc/vpnc/vpnc-script https://sam.ncs.com.sg
--proxy ourProxyServer
*Output START*
Attempting to connect to ourProxyServer:80
Requesting HTTP proxy connection to sam.ncs.com.sg:443
Unexpected continuation line after CONNECT response: 'Proxy-agent:
BlueCoat-Security-Appliance'
SSL negotiation with sam.ncs.com.sg
Server certificate verify failed: unable to get local issuer certificate
Certificate from VPN server "sam.ncs.com.sg" failed verification.
Reason: unable to get local issuer certificate
Enter 'yes' to accept, 'no' to abort; anything else to view: yes
Connected to HTTPS on sam.ncs.com.sg
GET https://sam.ncs.com.sg/
Got HTTP response: HTTP/1.0 302 Object Moved
Requesting HTTP proxy connection to sam.ncs.com.sg:443
Unexpected continuation line after CONNECT response: 'Proxy-agent:
BlueCoat-Security-Appliance'
SSL negotiation with sam.ncs.com.sg
Server certificate verify failed: unable to get local issuer certificate
Connected to HTTPS on sam.ncs.com.sg
GET https://sam.ncs.com.sg/+webvpn+/index.html
GET https://sam.ncs.com.sg/CACHE/sdesktop/install/binaries/sfinst
Error: Server asked us to download and run a 'Cisco Secure Desktop' trojan.
This facility is disabled by default for security reasons, so you may
wish to enable it.Failed to obtain WebVPN cookie
*Output END*
5. Then I referenced this url on CSD,
http://www.infradead.org/openconnect/csd.html and tried following
command with --csd-user option; take note of this part, have a
question at point 6, "This support currently only works when the
server has a Linux binary installed, and only when that Linux binary
runs on the client machine.",
openconnect --script /etc/vpnc/vpnc-script https://sam.ncs.com.sg
--proxy ourProxyServer --csd-user root
*Output START*
Attempting to connect to ourProxyServer:80
Requesting HTTP proxy connection to sam.ncs.com.sg:443
Unexpected continuation line after CONNECT response: 'Proxy-agent:
BlueCoat-Security-Appliance'
SSL negotiation with sam.ncs.com.sg
Server certificate verify failed: unable to get local issuer certificate
Certificate from VPN server "sam.ncs.com.sg" failed verification.
Reason: unable to get local issuer certificate
Enter 'yes' to accept, 'no' to abort; anything else to view: yes
Connected to HTTPS on sam.ncs.com.sg
GET https://sam.ncs.com.sg/
Got HTTP response: HTTP/1.0 302 Object Moved
Requesting HTTP proxy connection to sam.ncs.com.sg:443
Unexpected continuation line after CONNECT response: 'Proxy-agent:
BlueCoat-Security-Appliance'
SSL negotiation with sam.ncs.com.sg
Server certificate verify failed: unable to get local issuer certificate
Connected to HTTPS on sam.ncs.com.sg
GET https://sam.ncs.com.sg/+webvpn+/index.html
GET https://sam.ncs.com.sg/CACHE/sdesktop/install/binaries/sfinst
Warning: you are running insecure CSD code with root privileges
Use command line option "--csd-user"
/tmp/csdFoaalx: syntax error at line 3: `MARKER=$' unexpected
Trying to run Linux CSD trojan script.GET
https://sam.ncs.com.sg/+CSCOE+/sdesktop/wait.html
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://sam.ncs.com.sg/+CSCOE+/sdesktop/wait.html
... (refreshing and get repeated several times)
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://sam.ncs.com.sg/+CSCOE+/sdesktop/wait.html
Error fetching HTTPS response
*Output END*
6. I also found this old discussion with similar error message,
http://mail.opensolaris.org/pipermail/desktop-discuss/2009-November/014576.html,
and you mentioned, "You can download the script yourself (or copy it
from /tmp/csd* before it gets deleted) and work out what's going
wrong. You'll need to be able to run Linux binaries, but SunOS can
manage that, right?".
I do have the script at /tmp/csdFoaalx but I have no idea what it's
trying to do; at the binary part. And regarding "be able to run Linux
binaries", also referencing my point 5, "This support currently only
works when the server has a Linux binary installed, and only when that
Linux binary runs on the client machine.", so does that mean the CSD
part will "work" if my Solaris 10 is capable of running Linux
binaries?
I am looking at this Brandz thing at
http://hub.opensolaris.org/bin/view/Community+Group+brandz/brandz_lae_faq,
will it work or is it relevant for my situation?
More information about the openconnect-devel
mailing list