FS#29825 - [openconnect] vpnc-script from vpnc package is not suitable
Attached to Project:
Arch Linux
Opened by Ray (ataraxia) - Thursday, 10 May 2012, 02:09 GMT
Last edited by Dave Reisner (falconindy) - Thursday, 10 May 2012, 19:16 GMT
Opened by Ray (ataraxia) - Thursday, 10 May 2012, 02:09 GMT
Last edited by Dave Reisner (falconindy) - Thursday, 10 May 2012, 19:16 GMT
|
Details
Description:
As of 3.18, openconnect depends on vpnc, presumably because it provides /etc/vpnc/vpnc-script. Unfortunately, that copy of the script is not quite what openconnect is expecting to use (and this in spite of the openconnect developer's comment that "it's exactly the same script that vpnc uses" - it clearly isn't). The script from the vpnc package produces errors every time openconnect renews a connection. In openconnect's output: Failed to spawn script '/etc/vpnc/vpnc-script' for reconnect: Success In the terminal where openconnect was started (stdout of the vpnc-script): unknown reason 'reconnect'. Maybe vpnc-script is out of date This is a nuisance. It can be solved by packaging the version of vpnc-script maintained by openconnect's author instead, which has a few extra features (including support for the above "reconnect" action). (This would also nicely remove the otherwise unnecessary dependency on vpnc.) This version can be found at http://git.infradead.org/users/dwmw2/vpnc-scripts.git/blob_plain/HEAD:/vpnc-script . The upstream recommendation for doing this can be found at http://www.infradead.org/openconnect/vpnc-script.html . Instructions for getting around the check for /etc/vpnc/vpnc-script being present on the system at build-time can be found at http://www.infradead.org/openconnect/building.html . Additional info: * package version(s) openconnect 1:3.18-1 vpnc 0.5.3.svn516-1 Steps to reproduce: Use openconnect with the default /etc/vpnc/vpnc-script and wait for the tunnel to be rekeyed (takes 4 hours with my VPN server, not sure what the usual timing is). |
This task depends upon
Closed by Dave Reisner (falconindy)
Thursday, 10 May 2012, 19:16 GMT
Reason for closing: Fixed
Additional comments about closing: extra/vpnc-0.5.3.svn516-2
Thursday, 10 May 2012, 19:16 GMT
Reason for closing: Fixed
Additional comments about closing: extra/vpnc-0.5.3.svn516-2
You might consider just fetching the HEAD version of the script with curl in build() rather than cloning the whole vpnc-scripts git repo as you used to do.
Could you give one of the below packages a whirl? I don't use openconnect so I can't test this:
http://dev.archlinux.org/~dreisner/vpnc-0.5.3.svn516-2-i686.pkg.tar.xz
http://dev.archlinux.org/~dreisner/vpnc-0.5.3.svn516-2-x86_64.pkg.tar.xz
I used this version of the script with the previous version of openconnect, so I'm quite confident in the script itself, even without letting openconnect run long enough to rekey.