unable to use RSA SecureID on Unbuntu 14.04 LTS 64 bit

Kevin Cernekee cernekee at gmail.com
Sun Aug 3 01:18:23 PDT 2014 

On Fri, Jul 18, 2014 at 1:12 PM, Mark Kolmar <mark at burningrome.com> wrote:
> aOn 7/17/2014 6:43 PM, Kevin Cernekee wrote:
>>>
>>> I gave up on NetworkManager-OpenConnect 0.9.10 because the GUI under
>>> Network Connections -> VPN was unavailable.
>>
>>
>> Hmm, that's not so good either.  When you linked nm-openconnect
>> 0.9.10, was the latest libopenconnect.so.3 from the 6.00 release
>> already installed on your system?  Or is there a possibility that it
>> got built against the old libopenconnect.so.2?
>>
>
> Removed Ubuntu packages related to openconnect, did make clean on
> nm-openconnect, confirmed no libopenconnect.so.2 was present, rebuilt, did
> make install. I guess some service/daemon should be running. Also rebooted.
> Connection type is not present for openconnect. This was fine with the
> Ubuntu package for v5.02. Fails with could not find VPN plugin service for
> org.freedesktop.NetworkManager.openconnect. When I try to open a previously
> existing VPN connection, it reports the service fails to start. There is a
> /usr/local/libexec/nm-openconnect-service but not at the location reported
> in the error (/usr/lib/Network-Manager). Nice if this worked after install,
> but not necessarily an OpenConnect issue.

I have updated my PPA with new builds for Ubuntu 14.04:

openconnect 6.00 (built from the released tarball)
network-manager-openconnect 0.9.9.0~20140802 (git commit eaee7e917694eed)
stoken 0.8~20140802 (git commit ba44603cd5816)

These all seem to be working OK for me so far.  Of course, since I
used the official 6.00 sources, there isn't support for the
experimental "PIN prompt on PINless tokens" patch I posted earlier.
You would need to replace your local libopenconnect.so.3 with the
patched version to try that out.

AFAICT, there is no "0.9.10" release of network-manager-openconnect
yet.  Only NetworkManager.

As for the auth handshake problem - I would suggest setting up a MITM
proxy to see where AnyConnect and OpenConnect diverge.  That is how I
debugged the initial XML POST growing pains.

More information about the openconnect-devel mailing list