dlenski
commented
4 years ago Failed to exec HIP script /home/max/anyconnect/hipreport.sh
Is the script file executable? chmod +x /home/max/anyconnect/hipreport.sh
Closed Jasonsey closed 4 years ago
dlenski
commented
4 years ago Failed to exec HIP script /home/max/anyconnect/hipreport.sh
Is the script file executable? chmod +x /home/max/anyconnect/hipreport.sh
Jasonsey
commented
4 years ago Failed to exec HIP script /home/max/anyconnect/hipreport.shIs the script file executable?
chmod +x /home/max/anyconnect/hipreport.sh
Well done and solved my problem smoothly. And unfortunately I found a new problem. Do you know what is causing this problem:
......
HIP report submitted successfully.
Parameters for incoming ESP: SPI 0x58740311
ESP encryption type AES-128-CBC (RFC3602) key 0x27f55626342bb314cfa59dcffbea679b
ESP authentication type HMAC-SHA-1-96 (RFC2404) key 0xd3f637b5b038e6aa631510170f5cc9683ff253d2
Parameters for outgoing ESP: SPI 0x5a2fbece
ESP encryption type AES-128-CBC (RFC3602) key 0x6d64f3c3f0e8cd84de892d3f50adc34c
ESP authentication type HMAC-SHA-1-96 (RFC2404) key 0xe127eebd467577166f0392aa3d506926e103133d
Send ESP probes
Connected as 10.107.194.56, using SSL, with ESP in progress
Error: ipv4: Invalid values in header for route get request.
Usage: ip route { list | flush } SELECTOR
ip route save SELECTOR
ip route restore
ip route showdump
ip route get [ ROUTE_GET_FLAGS ] ADDRESS
......:man_shrugging:
openconnect that you're running.Jasonsey
commented
4 years ago 🤷♂
- Did you read, and follow, the issue template before posting this issue? https://raw.githubusercontent.com/dlenski/openconnect/master/.github/issue_template.md
- It appears that you did not because you didn't include information on the exact build of
openconnectthat you're running.- If I had to take a semi-wild guess about what's going on here, you're using a newish version of iproute2 which suffers from the bug discussed in more detail here: https://gitlab.com/openconnect/vpnc-scripts/-/merge_requests/5#note_230292593
You are right, @dlenski . By downgrading iproute2 to 4.x version, I have solved the problem. And everything seems to be going well, but I still regret to find that I can only ping the intranet IP, but the intranet network service still cannot be opened. Maybe I need to study HIP configuration again
dlenski
commented
4 years ago By downgrading iproute2 to 4.x version, I have solved the problem.
Good to know. I just merged the fixes to the upstream vpnc-script, so consider installing the latest version from that repository and trying it again with iproute2 5.x.
I still regret to find that I can only ping the intranet IP, but the intranet network service still cannot be opened. Maybe I need to study HIP configuration again
Not sure what you mean… you're saying you can ping IP addresses that should accessible via the VPN, but you can't send TCP/UDP traffic to them?
Jasonsey
commented
4 years ago hi @dlenski, I finnally login my vpn with this package. What I am missing before is the HIP report was not consistent with the server requirements. Then, I found a way to get the report that the server required: hip.
In order to capture the contents of the official Windows client's HIP reports, enable the highest logging level for the "PanGPS Service", and then sift through the giant PanGPS.log file
I really appreciate that you developed this package. It was so helpful.
My VPN server using PAN and it requires HIP. When I run the command:
sudo openconnect --protocol=gp xxx.xxx.xxx --os=linux -vvv --csd-wrapper=/home/max/anyconnect/hipreport.sh, it reported the following error:Here is the hipreport.sh:
Have I done anything wrong?