Openconnect VPN client stope internet

samrat_rao · July 30, 2021, 9:39am

Hello,

I’m trying to use openconnect to connect to my organisation’s VPN. My organisation has purchased GlobalProtect but never thought that people will access the systems using Linux OS. So i am using openconnect with these commands as root:

openconnect --protocol=gp --script /etc/openconnect/vpnc-script https://ipaddr -u username

However after establishing contact my internet stops working.

Since openconnect version 8 onwards only can connect to GlobalProtect, i installed openconnect after adding the network repo https://download.opensuse.org/repositories/network:/utilities/openSUSE_Leap_15.2/

I’m not too knowledgeable about internet issues.

If i use the additional argument –dump in the command line, after connecting i keep getting the following message:

Requeueing failed ESP send: Resource temporarily unavailable

Please suggest. Thanks.

arvidjaar · July 30, 2021, 10:22am

That may mean very different things for different people. Please explain what exactly are you trying to do when it “stops working”, what do you expect and what do you observe.

Also please post output of the following commands before and after you established VPN connection.

ip a
ip r
ip -6 r
cat /etc/resolv.conf

marel · July 30, 2021, 9:59pm

Please see the GlobalProtect “Cannot connect to local gpd service.” thread, it seems to me you need to have a quite recent version of Openconnect to work with recent versions of GlobalProtect.

samrat_rao · July 31, 2021, 6:30pm

arvidjaar:

That may mean very different things for different people. Please explain what exactly are you trying to do when it “stops working”, what do you expect and what do you observe.

Also please post output of the following commands before and after you established VPN connection.
ip a
ip r
ip -6 r
cat /etc/resolv.conf

Hi,

Thanks for your reply. I have openconnect version 8.10 installed from network repo.

Once, as root in a terminal, the connection is established, my internet connection stops ie i cannot browse any sites. I can again connect to the net once i kill the VPN connection by pressing Ctrl+C. I don’t know what else to say.

Before establishing VPN connection:

ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 
    inet 127.0.0.1/8 scope host lo 
       valid_lft forever preferred_lft forever 
    inet6 ::1/128 scope host  
       valid_lft forever preferred_lft forever 
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000 
    link/ether 58:8a:5a:30:0c:50 brd ff:ff:ff:ff:ff:ff 
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 
    link/ether 9c:30:5b:bc:f0:69 brd ff:ff:ff:ff:ff:ff 
    inet 192.168.1.5/24 brd 192.168.1.255 scope global dynamic noprefixroute wlan0 
       valid_lft 81277sec preferred_lft 81277sec 
    inet6 fe80::1056:c35e:89cd:b1e4/64 scope link noprefixroute  
       valid_lft forever preferred_lft forever

ip r

default via 192.168.1.1 dev wlan0 proto dhcp metric 600  
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.5 metric 600

ip -6 r

::1 dev lo proto kernel metric 256 pref medium 
fe80::/64 dev wlan0 proto kernel metric 600 pref medium

cat /etc/resolv.conf

### /etc/resolv.conf is a symlink to /var/run/netconfig/resolv.conf 
### autogenerated by netconfig! 
# 
# Before you change this file manually, consider to define the 
# static DNS configuration using the following variables in the 
# /etc/sysconfig/network/config file: 
#     NETCONFIG_DNS_STATIC_SEARCHLIST 
#     NETCONFIG_DNS_STATIC_SERVERS 
#     NETCONFIG_DNS_FORWARDER 
# or disable DNS configuration updates via netconfig by setting: 
#     NETCONFIG_DNS_POLICY='' 
# 
# See also the netconfig(8) manual page and other documentation. 
# 
### Call "netconfig update -f" to force adjusting of /etc/resolv.conf. 
nameserver 61.0.2.2 
nameserver 8.8.8.8

**After establishing VPN connection using openconnect --protocol=gp --script /etc/openconnect/vpnc-script https://ipaddr -u username:
**
ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 
    inet 127.0.0.1/8 scope host lo 
       valid_lft forever preferred_lft forever 
    inet6 ::1/128 scope host  
       valid_lft forever preferred_lft forever 
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000 
    link/ether 58:8a:5a:30:0c:50 brd ff:ff:ff:ff:ff:ff 
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 
    link/ether 9c:30:5b:bc:f0:69 brd ff:ff:ff:ff:ff:ff 
    inet 192.168.1.5/24 brd 192.168.1.255 scope global dynamic noprefixroute wlan0 
       valid_lft 80635sec preferred_lft 80635sec 
    inet6 fe80::1056:c35e:89cd:b1e4/64 scope link noprefixroute  
       valid_lft forever preferred_lft forever 
17: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1422 qdisc pfifo_fast state UNKNOWN group default qlen 500 
    link/none  
    inet 192.168.100.19/32 scope global tun0 
       valid_lft forever preferred_lft forever 
    inet6 fe80::c250:9591:f963:b080/64 scope link stable-privacy  
       valid_lft forever preferred_lft forever

**ip r
**

default dev tun0 scope link  
default via 192.168.1.1 dev wlan0 proto dhcp metric 600  
14.139.53.129 via 192.168.1.1 dev wlan0 src 192.168.1.5  
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.5 metric 600  
192.168.100.19 dev tun0 scope link

ip -6 r

::1 dev lo proto kernel metric 256 pref medium 
fe80::/64 dev tun0 proto kernel metric 256 pref medium 
fe80::/64 dev wlan0 proto kernel metric 600 pref medium

cat /etc/resolv.conf

### /etc/resolv.conf is a symlink to /var/run/netconfig/resolv.conf 
### autogenerated by netconfig! 
# 
# Before you change this file manually, consider to define the 
# static DNS configuration using the following variables in the 
# /etc/sysconfig/network/config file: 
#     NETCONFIG_DNS_STATIC_SEARCHLIST 
#     NETCONFIG_DNS_STATIC_SERVERS 
#     NETCONFIG_DNS_FORWARDER 
# or disable DNS configuration updates via netconfig by setting: 
#     NETCONFIG_DNS_POLICY='' 
# 
# See also the netconfig(8) manual page and other documentation. 
# 
### Call "netconfig update -f" to force adjusting of /etc/resolv.conf. 
nameserver 61.0.2.2 
nameserver 8.8.8.8

samrat_rao · July 31, 2021, 6:32pm

Hi,

I already have version openconnect 8.10 installed from the network repo.

arvidjaar · July 31, 2021, 7:03pm

Please always copy and paste full lines with command, its output and subsequent shell prompt. This way we know that output was actually produced by this command and that the output is complete.

default dev tun0 scope link

Your VPN connection installs default route via your VPN server. You said “organization”; it is quite likely that your organization does not allow direct Internet connection. Mine organization certainly does not

To verify, you can provide output of

ip route get 8.8.8.8
ping 8.8.8.8
ping -4 dns.google