Results 1 to 6 of 6

Thread: Openconnect VPN client stope internet

  1. #1
    Join Date
    Jul 2008
    Location
    India
    Posts
    182

    Default Openconnect VPN client stope internet

    Hello,

    I'm trying to use openconnect to connect to my organisation's VPN. My organisation has purchased GlobalProtect but never thought that people will access the systems using Linux OS. So i am using openconnect with these commands as root:

    Code:
    openconnect --protocol=gp --script /etc/openconnect/vpnc-script https://ipaddr -u username
    However after establishing contact my internet stops working.

    Since openconnect version 8 onwards only can connect to GlobalProtect, i installed openconnect after adding the network repo https://download.opensuse.org/reposi...USE_Leap_15.2/

    I'm not too knowledgeable about internet issues.

    If i use the additional argument --dump in the command line, after connecting i keep getting the following message:

    Requeueing failed ESP send: Resource temporarily unavailable
    Please suggest. Thanks.

  2. #2
    Join Date
    Sep 2012
    Posts
    6,801

    Default Re: Openconnect VPN client stope internet

    Quote Originally Posted by samrat_rao View Post
    However after establishing contact my internet stops working.
    That may mean very different things for different people. Please explain what exactly are you trying to do when it "stops working", what do you expect and what do you observe.

    Also please post output of the following commands before and after you established VPN connection.
    Code:
    ip a
    ip r
    ip -6 r
    cat /etc/resolv.conf

  3. #3
    Join Date
    Oct 2014
    Location
    Rotterdam
    Posts
    663

    Default Re: Openconnect VPN client stope internet

    Please see the GlobalProtect "Cannot connect to local gpd service." thread, it seems to me you need to have a quite recent version of Openconnect to work with recent versions of GlobalProtect.

  4. #4
    Join Date
    Jul 2008
    Location
    India
    Posts
    182

    Default Re: Openconnect VPN client stope internet

    Quote Originally Posted by arvidjaar View Post
    That may mean very different things for different people. Please explain what exactly are you trying to do when it "stops working", what do you expect and what do you observe.

    Also please post output of the following commands before and after you established VPN connection.
    Code:
    ip a
    ip r
    ip -6 r
    cat /etc/resolv.conf
    Hi,

    Thanks for your reply. I have openconnect version 8.10 installed from network repo.

    Once, as root in a terminal, the connection is established, my internet connection stops ie i cannot browse any sites. I can again connect to the net once i kill the VPN connection by pressing Ctrl+C. I don't know what else to say.

    Before establishing VPN connection:

    ip a

    Code:
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 
        inet 127.0.0.1/8 scope host lo 
           valid_lft forever preferred_lft forever 
        inet6 ::1/128 scope host  
           valid_lft forever preferred_lft forever 
    2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000 
        link/ether 58:8a:5a:30:0c:50 brd ff:ff:ff:ff:ff:ff 
    3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 
        link/ether 9c:30:5b:bc:f0:69 brd ff:ff:ff:ff:ff:ff 
        inet 192.168.1.5/24 brd 192.168.1.255 scope global dynamic noprefixroute wlan0 
           valid_lft 81277sec preferred_lft 81277sec 
        inet6 fe80::1056:c35e:89cd:b1e4/64 scope link noprefixroute  
           valid_lft forever preferred_lft forever
    ip r

    Code:
    default via 192.168.1.1 dev wlan0 proto dhcp metric 600  
    192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.5 metric 600
    ip -6 r

    Code:
    ::1 dev lo proto kernel metric 256 pref medium 
    fe80::/64 dev wlan0 proto kernel metric 600 pref medium
    cat /etc/resolv.conf

    Code:
    ### /etc/resolv.conf is a symlink to /var/run/netconfig/resolv.conf 
    ### autogenerated by netconfig! 
    # 
    # Before you change this file manually, consider to define the 
    # static DNS configuration using the following variables in the 
    # /etc/sysconfig/network/config file: 
    #     NETCONFIG_DNS_STATIC_SEARCHLIST 
    #     NETCONFIG_DNS_STATIC_SERVERS 
    #     NETCONFIG_DNS_FORWARDER 
    # or disable DNS configuration updates via netconfig by setting: 
    #     NETCONFIG_DNS_POLICY='' 
    # 
    # See also the netconfig(8) manual page and other documentation. 
    # 
    ### Call "netconfig update -f" to force adjusting of /etc/resolv.conf. 
    nameserver 61.0.2.2 
    nameserver 8.8.8.8
    After establishing VPN connection using openconnect --protocol=gp --script /etc/openconnect/vpnc-script https://ipaddr -u username:

    ip a

    Code:
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 
        inet 127.0.0.1/8 scope host lo 
           valid_lft forever preferred_lft forever 
        inet6 ::1/128 scope host  
           valid_lft forever preferred_lft forever 
    2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000 
        link/ether 58:8a:5a:30:0c:50 brd ff:ff:ff:ff:ff:ff 
    3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 
        link/ether 9c:30:5b:bc:f0:69 brd ff:ff:ff:ff:ff:ff 
        inet 192.168.1.5/24 brd 192.168.1.255 scope global dynamic noprefixroute wlan0 
           valid_lft 80635sec preferred_lft 80635sec 
        inet6 fe80::1056:c35e:89cd:b1e4/64 scope link noprefixroute  
           valid_lft forever preferred_lft forever 
    17: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1422 qdisc pfifo_fast state UNKNOWN group default qlen 500 
        link/none  
        inet 192.168.100.19/32 scope global tun0 
           valid_lft forever preferred_lft forever 
        inet6 fe80::c250:9591:f963:b080/64 scope link stable-privacy  
           valid_lft forever preferred_lft forever
    ip r

    Code:
    default dev tun0 scope link  
    default via 192.168.1.1 dev wlan0 proto dhcp metric 600  
    14.139.53.129 via 192.168.1.1 dev wlan0 src 192.168.1.5  
    192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.5 metric 600  
    192.168.100.19 dev tun0 scope link
    ip -6 r

    Code:
    ::1 dev lo proto kernel metric 256 pref medium 
    fe80::/64 dev tun0 proto kernel metric 256 pref medium 
    fe80::/64 dev wlan0 proto kernel metric 600 pref medium
    cat /etc/resolv.conf

    Code:
    ### /etc/resolv.conf is a symlink to /var/run/netconfig/resolv.conf 
    ### autogenerated by netconfig! 
    # 
    # Before you change this file manually, consider to define the 
    # static DNS configuration using the following variables in the 
    # /etc/sysconfig/network/config file: 
    #     NETCONFIG_DNS_STATIC_SEARCHLIST 
    #     NETCONFIG_DNS_STATIC_SERVERS 
    #     NETCONFIG_DNS_FORWARDER 
    # or disable DNS configuration updates via netconfig by setting: 
    #     NETCONFIG_DNS_POLICY='' 
    # 
    # See also the netconfig(8) manual page and other documentation. 
    # 
    ### Call "netconfig update -f" to force adjusting of /etc/resolv.conf. 
    nameserver 61.0.2.2 
    nameserver 8.8.8.8

  5. #5
    Join Date
    Jul 2008
    Location
    India
    Posts
    182

    Default Re: Openconnect VPN client stope internet

    Quote Originally Posted by marel View Post
    Please see the GlobalProtect "Cannot connect to local gpd service." thread, it seems to me you need to have a quite recent version of Openconnect to work with recent versions of GlobalProtect.
    Hi,

    I already have version openconnect 8.10 installed from the network repo.

  6. #6
    Join Date
    Sep 2012
    Posts
    6,801

    Default Re: Openconnect VPN client stope internet

    Quote Originally Posted by samrat_rao View Post
    After establishing VPN connection
    ip r
    Please always copy and paste full lines with command, its output and subsequent shell prompt. This way we know that output was actually produced by this command and that the output is complete.
    Code:
    default dev tun0 scope link
    Your VPN connection installs default route via your VPN server. You said "organization"; it is quite likely that your organization does not allow direct Internet connection. Mine organization certainly does not

    To verify, you can provide output of
    Code:
    ip route get 8.8.8.8
    ping 8.8.8.8
    ping -4 dns.google

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •