OpenConnect stops working after reboot on Ubuntu 16.04

Robert . robert.io at outlook.com
Fri Dec 23 04:53:18 PST 2016


Thanks that was a speedy response and it worked a tread.

I used "sudo openconnect -b --user=username --passwd-on-stdin anyconnect.example.com <<< password" and i still get the console output telling me if there is any trouble :)

As for using the Network Manager i'll have a look but my linux experience is a bit short but i can with a bit of google foo work my way around it.  The console method of connecting was the option i found when googling, it worked and wasn't too much trouble.  I had been using it on a Pi without issue but i had a better PC gathering dust and wanted to use that instead, thats when i encountered this problem. 

What i've been doing is connecting to my work VPN and NATing it by setting up ip_forward and running the following commands once i have connected to the VPN:
sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i tun0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth1 -o tun0 -j ACCEPT

And the routing any requests to their network via the PC.  This means i don't have to have a VPN client on each of my VM's and i can split internet traffic through my ISP and work traffic down the VPN :)

Once again thank you very much for you speedy response i wasn't expecting anything so soon, have a lovely xmas and a very happy new year.

From: David Woodhouse <dwmw2 at infradead.org>
Sent: 23 December 2016 09:57
To: Robert .; openconnect-devel at lists.infradead.org
Subject: Re: OpenConnect stops working after reboot on Ubuntu 16.04
    
On Fri, 2016-12-23 at 08:44 +0000, Robert . wrote:
> 
> I have the problem described in the subject and i'm hoping its
> something silly i have / haven't done.
> 
> First i install OpenConnect using the following command:
>  ~$ sudo apt-get install openconnect
> 
> Then i connect using the following command:
>  ~$ echo "password" | sudo openconnect --user=username --passwd-on-
> stdin anyconnect.example.com &
> 
> So far so good and it works as expected.  But when i reboot and try
> the first command again it just prints  "[1] {pid}" e.g "[1] 1234" at
> the terminal and after some time (sorry i have timed it) the
> following is printed to the terminal:
> [1]+ Stopped                       echo "password" | sudo openconnect
> --user=username --passwd-on-stdin anyconnect.example.com
> 
> If i remove and install OpenConnect again it works until i reboot
> again.

Sudo will only ask for a password the first time it's used (in a given
time period, on a given terminal).

So when you remove and install OpenConnect, I assume you use sudo. And
then when you *connect*, I'm guessing you did that from the same
terminal and it worked because you weren't asked for your password.

If you run it from another terminal, or after rebooting, then it
doesn't work because you've put the *whole* series of commands (sudo...
openconnect) into the background with that '&' at the end of your
command line. So sudo wants to prompt for a password, but it can't
because it's running in the background.

You don't want sudo itself to run in the background; you want it to
prompt for your password immediately, and then just run openconnect in
the background. So instead of
  sudo openconnect --passwd-on-stdin vpn.example.com <<< password &

You want the '-b' argument to sudo:
  sudo -b openconnect --passwd-on-stdin vpn.example.com <<< password 

Or better still, let OpenConnect actually *connect* in the foreground
too, then only background itself when you're authenticated correctly.
That way you see if anything goes wrong. That's the '-b' argument too,
but to openconnect instead of sudo:
 sudo openconnect -b --passwd-on-stdin <<< password

(Hm, I think we might have broken 'openconnect -b' in 7.08 with the MTU
detection. I'll have to take a closer look at that in the next few
days.)

But then again, why use the command line at all? NetworkManager has
support for openconnect. It's kind of broken in Ubuntu with 
https://bugs.launchpad.net/bugs/1609700 and (especcally in conjunction
with) https://bugs.launchpad.net/bugs/1575354 but you can work around
and live with those (or just switch to a better-maintained distribution
where stuff is expected to work and bugs do get fixed).
    


More information about the openconnect-devel mailing list