AW: Default long output (similar to "--verbose") under OpenConnect v8.20

Mon Apr 25 23:46:48 PDT 2022

Hi,

exactly, I want to use the DEB packages from OpenConnect that come with Ubuntu 20.04 and 22.04 (8.05 and 8.20). Since those work without problems with smartcard and TPM2.

I use the latest "vpnc" from GitHub, since I have problems with the "vpnc-scripts" package on Ubuntu 20.04 (https://packages.ubuntu.com/focal/vpnc-scripts). Under Ubuntu 22.04 (https://packages.ubuntu.com/jammy/vpnc-scripts) this problem does not occur, but the "vpnc" which comes from Ubuntu is not always up to date (under Ubuntu 22.04 - as of 02.04.2021).

It makes no difference in the output whether I use the "vpnc" from GitHub or the one from Ubuntu in the "vpnc-scripts" package.

I have now compiled OpenConnect with the fix (https://gitlab.com/openconnect/openconnect/-/issues/401) and now the output looks good (for "--protocol=pulse" and "--protocol=nc"):

dominik at host2:~$ sudo openconnect --script=/root/vpnc-script --protocol=pulse https://vpn-gateway/linux
Connected to xxx.xxx.xxx.xxx:443
SSL negotiation with vpn-gateway
Connected to HTTPS on vpn-gateway with ciphersuite TLSv1.2-AES128-GCM-SHA256
Got HTTP response: HTTP/1.1 101 Switching Protocols
Enter user credentials:
Username:dominik at domain
Password:
Unexpected IF-T/TLS packet when expecting configuration.
Configured as xxx.xxx.xxx.xxx, with SSL connected and ESP in progress
Session authentication will expire at Tue Apr 26 09:58:00 2022

ESP session established with server
< 0000:  00 00 0a 4c 00 00 00 01  00 00 00 80 00 00 01 ff  |...L............|
< 0010:  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
< 0020:  21 20 24 00 00 00 00 00  00 00 00 70 00 00 00 54  |! $........p...T|
< 0030:  01 00 00 00 e3 e1 a0 f3  00 40 8b 4d a5 9f 1f e2  |......... at .M....|
< 0040:  16 cc 06 23 f9 7f d9 10  9f 12 40 ad ad 0f 75 b0  |...#...... at ...u.|
< 0050:  a2 cd f5 c7 0e f2 b8 ca  6a ee 33 99 b5 b9 72 2a  |........j.3...r*|
< 0060:  b2 00 53 2c 6e 13 8d 39  95 4c 1d ce 28 09 10 52  |..S,n..9.L..(..R|
< 0070:  fa 2f f1 e7 eb a1 e7 1a  76 c3 00 00 00 00 00 00  |./......v.......|

Without the fix, I have the long output again by default.

One thing I noticed is that over time after the "ESP session established with server" an output appears, is this intentional?

Greetings
Dominik

-----Ursprüngliche Nachricht-----
Von: Dimitri Papadopoulos Orfanos <dimitri.papadopoulos at cea.fr> 
Gesendet: Dienstag, 19. April 2022 16:43
An: Schütz Dominik <Dominik.Schuetz at esolutions.de>; openconnect-devel at lists.infradead.org
Betreff: Re: Default long output (similar to "--verbose") under OpenConnect v8.20

Hi,

Generally speaking, -v/--verbose and -q/--quiet behave as expected on my Ubuntu 20.04 computer.

* I understand you're attempting to use the DEB packages of OpenConnect that ship with Ubuntu 20.04 and 22.04 (8.05 and 8.20 respectively). At the same time, you download the "vpnc" script directly from GitHub, both on Ubuntu 20.04 and 22.04. I don't expect this to be relevant, but just to be on the safe side, what happens if you use the "vpnc" script provided by Ubuntu in the "vpnc-scripts" package?
   https://packages.ubuntu.com/focal/vpnc-scripts
   https://packages.ubuntu.com/jammy/vpnc-scripts

* I understand you see a difference on Ubuntu 22.04 between the 8.10 package from Ubuntu 21.10 (it works fine with normal output) and the
8.20 package from Ubuntu 22.04 (misbehaves with verbose output). Perhaps one of the packages ships with a default configuration file? What are the files installed by the 8.10 and 8.20 openconnect packages?
	dpkg -L openconnect

* The only relevant issue I can find is this one, but I don't expect it to cause the large quantity of verbose output you see:
	https://gitlab.com/openconnect/openconnect/-/issues/401
Here is the relevant fix:
	https://gitlab.com/openconnect/openconnect/-/merge_requests/351
Could you try to compile OpenConnect from sources with/without this fix? 
Does it make any difference?

Best Regards,
Dimitri

Le 19/04/2022 à 14:19, Schütz Dominik a écrit :
> Hello,
> 
> when will the long output (similar to "--verbose" under Openconnect v8.10) under OpenConnect v8.20 be fixed?
> If I include a "--quiet" this unfortunately does not change the output.
> 
> Thanks,
> 
> Mit freundlichen Grüßen / Kind regards
> 
> Dominik Schütz
> Junior IT-Administrator
> eso-IT-Infra
> 
> 
> e.solutions GmbH
> 
> Despag-Straße 4a, 85055 Ingolstadt,
> 
> Phone +49845833321287
>   
> Dominik.Schuetz at esolutions.de
> Please, find my mail encryption keys at: https://secmail.esolutions.de
> 
> Registered Office:
> e.solutions GmbH
> Despag-Straße 4a, 85055 Ingolstadt, Germany Managing Directors Uwe 
> Reder, Rainer Lange Register Court Ingolstadt HRB 5221
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6003 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20220426/74b89632/attachment.p7s>