openconnect on the Nokia N9

Markus Weiss Markus.Weiss at unibas.ch
Thu Nov 3 07:25:14 EDT 2011


Hello,

i am trying get openconnect running the Nokia N9.
I was able to compile version 3.13 on scratchbox,
and it seems to be running OK on the device, but I cannot get a connection:

openconnect --csd-user=user --script /etc/vpnc/vnc-script https://myserver/

with the vnc-script from infradead.org gives the following:


Attempting to connect to x.x.x.x:443
SSL negotiation with myserver
Connected to HTTPS on myserver
GET https://myserver/
Got HTTP response: HTTP/1.0 302 Temporary moved
Attempting to connect to x.x.x.y:443
SSL negotiation with myserver1
Connected to HTTPS on myserver1
GET https://myserver1/
Got HTTP response: HTTP/1.0 302 Object Moved
SSL negotiation with myserver1
Connected to HTTPS on myserver1
GET https://myserver1/+webvpn+/index.html
GET https://myserver1/CACHE/sdesktop/install/binaries/sfinst
Attempting to connect to x.x.x.y:443
SSL negotiation with myserver1
Connected to HTTPS on myserver1
GET https://myserver1/
Got HTTP response: HTTP/1.0 302 Temporary moved
Attempting to connect to x.x.x.y:443
SSL negotiation with myserver1
Connected to HTTPS on myserver1
GET https://myserver1/
Got HTTP response: HTTP/1.0 302 Object Moved
SSL negotiation with myserver1
Connected to HTTPS on myserver1
GET https://myserver1/+webvpn+/index.html
GET https://myserver1/CACHE/sdesktop/install/binaries/sfinst
GET https://myserver/+CSCOE+/sdesktop/wait.html
Failed to set uid 29999
Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://myserver1/+CSCOE+/sdesktop/wait.html

--last 2 lines repeats ~20 times--

Refreshing +CSCOE+/sdesktop/wait.html after 1 second...
GET https://myserver1/+CSCOE+/sdesktop/wait.html
Error fetching HTTPS response


So it looks like openconnect cannot change the user.
If i run instead

openconnect --csd-user=root --script /etc/vpnc/vnc-script https://myserver/

i get something similar, just in addition:


Warning, you are running insecure CSD code with root priviledges
Use command line option "--csd-user"

and one line later:

csd.linux.i386
/root/.cisco/hostscan/bin/csd: line1: syntax error: unexpected "("


after half a minute it quits with


Error fetching HTTPS response

Can someone give me a hint, what to do here ?
It looks like openconnect cannot change the user the usual way on 
Meego/Harmattan. If i set the csd-user to root, the vpn server sends a 
csd troian horse for i386 architecture, that the N9 cannot run.
How can I deal with this ? Do I need a wrapper script ?
Can anyone advise me, how such a wrapper would have to look like ?

Thanks in advance,

Markus




More information about the openconnect-devel mailing list