Trying to build openconnect 8.20 on ubuntu 20
Daniel Lenski
dlenski at gmail.com
Mon Mar 7 15:44:34 PST 2022
On Fri, Mar 4, 2022 at 6:25 AM Eveno, Manuel <meveno at timwi.com> wrote:
> Trying to build openconnect 8.20 on ubuntu 20
What is "ubuntu 20"? I assume you mean 20.04 / focal? Running
`lsb_release -a` should clarify.
> I need to test the fortinet protocol.
> I'm trying to build openconnect for the downloaded package.
>
> But when running the "make" command it fails on tests.
>
> <snip>
>
> $ cat openconnect-8.20/tests/test-suite.log
> ------------- Output : --------------------
> FAIL: bad_dtls_test
1. If you just want to *use* OpenConnect with a Fortinet VPN, then
this failing test result does not matter.
This particular test exists only to verify that the "ekstra speshul"
weird/broken/non-standard/pre-1.0 version of DTLS used by old **Cisco
AnyConnect** VPNs is working correctly. Linux distributions and crypto
libraries keep forgetting that this version of DTLS is sadly still
needed, so they frequently break it. And we have to figure out who to
ask to get the libraries fixed. 😔
This is not used at all when connecting to Fortinet VPNs, so you can
Just Ignore It.
2. If you want a fully-working build of OpenConnect that *can* work
with old Cisco VPNs, in addition to Fortinet VPNs, then you should
build again GnuTLS rather than OpenSSL (`sudo apt install
libgnutls28-dev`).
While OpenConnect can use either OpenSSL or GnuTLS, we collaborate
more closely with the GnuTLS developers than the OpenSSL ones, so we
run into fewer problems like this with GnuTLS ☺
Dan
More information about the openconnect-devel
mailing list