OpenConnect stops working after reboot on Ubuntu 16.04

Fri Dec 23 01:57:31 PST 2016

On Fri, 2016-12-23 at 08:44 +0000, Robert . wrote:
> 
> I have the problem described in the subject and i'm hoping its
> something silly i have / haven't done.
> 
> First i install OpenConnect using the following command:
>  ~$ sudo apt-get install openconnect
> 
> Then i connect using the following command:
>  ~$ echo "password" | sudo openconnect --user=username --passwd-on-
> stdin anyconnect.example.com &
> 
> So far so good and it works as expected.  But when i reboot and try
> the first command again it just prints  "[1] {pid}" e.g "[1] 1234" at
> the terminal and after some time (sorry i have timed it) the
> following is printed to the terminal:
> [1]+ Stopped                       echo "password" | sudo openconnect
> --user=username --passwd-on-stdin anyconnect.example.com
> 
> If i remove and install OpenConnect again it works until i reboot
> again.

Sudo will only ask for a password the first time it's used (in a given
time period, on a given terminal).

So when you remove and install OpenConnect, I assume you use sudo. And
then when you *connect*, I'm guessing you did that from the same
terminal and it worked because you weren't asked for your password.

If you run it from another terminal, or after rebooting, then it
doesn't work because you've put the *whole* series of commands (sudo...
openconnect) into the background with that '&' at the end of your
command line. So sudo wants to prompt for a password, but it can't
because it's running in the background.

You don't want sudo itself to run in the background; you want it to
prompt for your password immediately, and then just run openconnect in
the background. So instead of
  sudo openconnect --passwd-on-stdin vpn.example.com <<< password &

You want the '-b' argument to sudo:
  sudo -b openconnect --passwd-on-stdin vpn.example.com <<< password 

Or better still, let OpenConnect actually *connect* in the foreground
too, then only background itself when you're authenticated correctly.
That way you see if anything goes wrong. That's the '-b' argument too,
but to openconnect instead of sudo:
 sudo openconnect -b --passwd-on-stdin <<< password

(Hm, I think we might have broken 'openconnect -b' in 7.08 with the MTU
detection. I'll have to take a closer look at that in the next few
days.)

But then again, why use the command line at all? NetworkManager has
support for openconnect. It's kind of broken in Ubuntu with 
https://bugs.launchpad.net/bugs/1609700 and (especcally in conjunction
with) https://bugs.launchpad.net/bugs/1575354 but you can work around
and live with those (or just switch to a better-maintained distribution
where stuff is expected to work and bugs do get fixed).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4938 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20161223/54c6324e/attachment.bin>