Ask Your Question
2

openconnect "either to is duplicate or uid is garbage"

asked 2017-06-04 16:05:05 -0600

vkg gravatar image

$ uname -a Linux asterix 4.10.15-200.fc25.x8664 #1 SMP Mon May 8 18:46:06 UTC 2017 x8664 x8664 x8664 GNU/Linux

$ openconnect --version OpenConnect version v7.08 Using GnuTLS. Features present: TPM, PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS

When establishing a VPN, I get the following error:

POST https://vpn.example.com/

SSL negotiation with vpn.example-1.example.com

Connected to HTTPS on vpn.example-1.example.com

Got CONNECT response: HTTP/1.1 200 OK

CSTP connected. DPD 30, Keepalive 20

Connected as 13x.xxx.xxx.xxx, using SSL

Established DTLS connection (using GnuTLS). Ciphersuite (DTLS0.9)-(RSA)-(AES-128-CBC)-(SHA1).

Error: either "to" is duplicate, or "uid" is a garbage.

Any ideas why? Thanks a lot in advance!

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
1

answered 2017-06-07 07:41:01 -0600

vkg gravatar image

I traced this to a problem in the /etc/vpnc/vpnc-script. This script is different from the default vpnc-script at [1]. It was probably obtained from a Cisco Anyconnect installation (which is what is used in my company). In any case, the problem was extra parameters being passed to the route(1) command. A diff of the changes is below, in case anyone is interested. (The patch will probably not be formatted appropriately, but all the same ...)

[1] http://www.infradead.org/openconnect/...

Cheers.

* vpnc-script 2017-06-06 12:50:21.724905288 -0500 --- vpnc-script.orig 2017-06-06 12:20:04.759953527 -0500

* 1,4 * ! #!/bin/sh # reason -- why this script was called, one of: pre-init connect disconnect #* VPNGATEWAY -- vpn gateway address (always present) #* TUNDEV -- tunnel device (always present) --- 1,4 ---- ! #!/bin/sh -x #* reason -- why this script was called, one of: pre-init connect disconnect #* VPNGATEWAY -- vpn gateway address (always present) #* TUNDEV -- tunnel device (always present)

* 115,123 ** # =========== route handling ====================================

if [ -n "$IPROUTE" ]; then

fix_ip_get_output () {

! sed 's/cache//;s/metric \?[0-9]+ [0-9]+//g;s/hoplimit [0-9]+//g;s/uid 0//g' }

set_vpngateway_route() {

--- 115,122 ---- # =========== route handling ====================================

if [ -n "$IPROUTE" ]; then fixipget_output () { ! sed 's/cache//;s/metric \?[0-9]+ [0-9]+//g;s/hoplimit [0-9]+//g' }

set_vpngateway_route() {
edit flag offensive delete link more

Comments

The inline diff gets pretty mangled. Can you wrap it in triple-backticks to mark a code block? Thanks! For other readers, here is an attempt to demangle it: http://dpaste.com/3NA6C30

cm gravatar imagecm ( 2018-08-27 11:03:19 -0600 )edit
add a comment

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2017-06-04 16:05:05 -0600

Seen: 1,170 times

Last updated: Jun 07 '17

Related questions

Nautilus not opening after upgrade

Why won't Boxes work?

How can I install libGLEW 1.10?

Android emulator SIGSEGV

fedora25 xfce vids motion error

Scilab problem in Fedora 26

XFCE login stuck

No sound in gnome-boxes

There are no enabled repos

Public key is not installed

Ask Fedora is community maintained and Red Hat or Fedora Project is not responsible for content. Content on this site is licensed under a CC-BY-SA 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2