Issues running OpenConnect on an Asuswrt-Merlin router

Aube, Jeremy aube at mykolab.com
Mon Aug 21 19:31:09 PDT 2017


I'm having issues running OpenConnect on a router I flashed with 
Asuswrt-Merlin. I have a USB drive connected with Entware-ng installed, 
and was able to install OpenConnect and related packages.

The first time I run OpenConnect, I get some error about 
/etc/resolv.conf. Overwriting this file with a non-read-only duplicate 
seems to solve that.

Next, it seems to run okay, but I can tell I'm not actually connected to 
the VPN because I still have the IP my ISP provided. I've tried adding 
in some "missing" routes based off of what I see when I run OpenConnect 
successfully on OSX, but then I can't connect to any sites at all.

I've tried a lot of different things, but I don't know how helpful it is 
to list all of those out, and I'm not sure I can remember them all at 
this point. The VPN does seem to work correctly while SSH'd into the 
router itself if I run OpenConnect and add a route via the following:

route add -net 0.0.0.0 netmask 0.0.0.0 gw x.x.x.x dev tun0

Where x.x.x.x is the same ip in this output:

Connected as x.x.x.x, using SSL + lzs

I then confirm that I'm getting the IP from the VPN via:

wget http://checkip.dyndns.org/ | sed 's/[a-zA-Z<>/ :]//g'

The other thing I had thought of is that when I use L2TP or OpenVPN from 
the router interface, the /etc/resolv/conf file doesn't change, whereas 
OpenConnect removes the default nameserver adds a couple other 
nameservers when it runs. I tried changing this back to the default 
nameserver, but that didn't seem to help.

Any idea what's going wrong or thoughts on how I could troubleshoot this 
further?



More information about the openconnect-devel mailing list