FS#29825 - [openconnect] vpnc-script from vpnc package is not suitable

Attached to Project: Arch Linux
Opened by Ray (ataraxia) - Thursday, 10 May 2012, 02:09 GMT
Last edited by Dave Reisner (falconindy) - Thursday, 10 May 2012, 19:16 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Dave Reisner (falconindy)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

Description:
As of 3.18, openconnect depends on vpnc, presumably because it provides /etc/vpnc/vpnc-script. Unfortunately, that copy of the script is not quite what openconnect is expecting to use (and this in spite of the openconnect developer's comment that "it's exactly the same script that vpnc uses" - it clearly isn't).

The script from the vpnc package produces errors every time openconnect renews a connection.

In openconnect's output:
Failed to spawn script '/etc/vpnc/vpnc-script' for reconnect: Success

In the terminal where openconnect was started (stdout of the vpnc-script):
unknown reason 'reconnect'. Maybe vpnc-script is out of date

This is a nuisance. It can be solved by packaging the version of vpnc-script maintained by openconnect's author instead, which has a few extra features (including support for the above "reconnect" action). (This would also nicely remove the otherwise unnecessary dependency on vpnc.) This version can be found at http://git.infradead.org/users/dwmw2/vpnc-scripts.git/blob_plain/HEAD:/vpnc-script . The upstream recommendation for doing this can be found at http://www.infradead.org/openconnect/vpnc-script.html . Instructions for getting around the check for /etc/vpnc/vpnc-script being present on the system at build-time can be found at http://www.infradead.org/openconnect/building.html .

Additional info:
* package version(s)
openconnect 1:3.18-1
vpnc 0.5.3.svn516-1

Steps to reproduce:
Use openconnect with the default /etc/vpnc/vpnc-script and wait for the tunnel to be rekeyed (takes 4 hours with my VPN server, not sure what the usual timing is).
This task depends upon

Closed by  Dave Reisner (falconindy)
Thursday, 10 May 2012, 19:16 GMT
Reason for closing:  Fixed
Additional comments about closing:  extra/vpnc-0.5.3.svn516-2
Comment by Dave Reisner (falconindy) - Thursday, 10 May 2012, 02:24 GMT
I used to package vpnc-script from David's repo. When his changes were merged into vpnc-svn, I stopped doing that... I suppose I can go back to his script -- he's very responsive to bug reports.
Comment by Ray (ataraxia) - Thursday, 10 May 2012, 18:06 GMT
That would be entirely satisfactory as far as I'm concerned.

You might consider just fetching the HEAD version of the script with curl in build() rather than cloning the whole vpnc-scripts git repo as you used to do.
Comment by Dave Reisner (falconindy) - Thursday, 10 May 2012, 18:13 GMT
Yep, it would pay off to just grab the single file.

Could you give one of the below packages a whirl? I don't use openconnect so I can't test this:

http://dev.archlinux.org/~dreisner/vpnc-0.5.3.svn516-2-i686.pkg.tar.xz
http://dev.archlinux.org/~dreisner/vpnc-0.5.3.svn516-2-x86_64.pkg.tar.xz
Comment by Ray (ataraxia) - Thursday, 10 May 2012, 18:26 GMT
Ok, I tested the x86_64 version. You forgot to set the execute bit on the script, so openconnect can't run it. (If I chmod it by hand, it works fine.)

I used this version of the script with the previous version of openconnect, so I'm quite confident in the script itself, even without letting openconnect run long enough to rekey.
Comment by Dave Reisner (falconindy) - Thursday, 10 May 2012, 18:27 GMT
Oops. Cool, I'll repackage and push to extra then.

Loading...