Cannot establish VPN connection with vpn-slice
szymon-kuklewicz opened this issue · comments
Hi
I have vpn-slice installed.
~ ❯ vpn-slice
WARNING: Couldn't configure hosts provider: Cannot read/write /etc/hosts
Aborting because providers for hosts are required; use --help for more information
When I use sudo, it helps.
~ ❯ sudo vpn-slice
Must be called as vpnc-script, with $reason set; use --help for more information
which is ok outside of openconnect.
I don't know if I should use sudo or not in combination of vpn-slice and openconnect.
Without sudo:
~ ❯ openconnect my.company -u username --script "vpn-slice -v 10.0.0.0/8"
POST https://my.company/
Connected to my.company.ip:443
SSL negotiation with my.company
Connected to HTTPS on my.company
XML POST enabled
Please enter your username and password.
Password:
POST https://my.company/
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 30, Keepalive 20
Connected as my.local.ip, using SSL, with DTLS in progress
Established DTLS connection (using GnuTLS). Ciphersuite (DTLS0.9)-(DHE-CUSTOM)-(AES-256-CBC)-(SHA1).
WARNING: Couldn't configure hosts provider: Cannot read/write /etc/hosts
Aborting because providers for hosts are required; use --help for more information
Script 'vpn-slice -v 10.0.0.0/8' returned error 1
WARNING: Couldn't configure hosts provider: Cannot read/write /etc/hosts
Aborting because providers for hosts are required; use --help for more information
Script 'vpn-slice -v 10.0.0.0/8' returned error 1
With sudo:
~ ❯ openconnect my.company -u username --script "sudo vpn-slice -v 10.0.0.0/8"
POST https://my.company/
Connected to my.company.ip:443
SSL negotiation with my.company
Connected to HTTPS on my.company
XML POST enabled
Please enter your username and password.
Password:
POST https://my.company/
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 30, Keepalive 20
Connected as my.local.ip, using SSL, with DTLS in progress
Established DTLS connection (using GnuTLS). Ciphersuite (DTLS0.9)-(DHE-CUSTOM)-(AES-256-CBC)-(SHA1).
Must be called as vpnc-script, with $reason set; use --help for more information
Script 'sudo vpn-slice -v 10.0.0.0/8' returned error 1
Must be called as vpnc-script, with $reason set; use --help for more information
Script 'sudo vpn-slice -v 10.0.0.0/8' returned error 1
I know I just probably wrong call openconnect with vpn-slice, however I do my best given the readme.
Thanks,
Szymon
I know I just probably wrong call openconnect with vpn-slice, however I do my best given the readme.
The README makes this pretty clear already. The example in the README shows that both of your attempts are wrong.
You do need to invoke openconnect
with sudo
; you don't need to tell openconnect to invoke vpn-slice
with sudo
, because it will already be running as root at that point (and if you do add sudo
there, it will kill the environment variables which vpn-slice
needs, which is exactly what you're seeing).
So, run it like the example shows:
$ sudo openconnect gateway.bigcorp.com -u user1234 \
-s 'vpn-slice 192.168.1.0/24 hostname1 alias2=alias2.bigcorp.com=192.168.1.43'
The error you're getting without sudo should also make this clear: vpn-slice
needs to be able to read/write /etc/hosts
, which of course it cannot do unless it's running as root
.