search

dlenski / vpn-slice

vpnc-script replacement for easy and secure split-tunnel VPN setup
GNU General Public License v3.0
712 stars 86 forks source link

$reason not set #70

Closed sparrowek closed 2 years ago

sparrowek commented 3 years ago

When running:

openconnect -v --script-tun -u test -c /vpn/cert.pem -s 'vpn-slice 10.0.0.0/8' server

I get error:

Must be called as vpnc-script, with $reason set

I also get errors:

Failed to read from SSL socket: The transmitted packet is too large (EMSGSIZE).
Failed to recv DPD request (1406)
openconnect --version
OpenConnect version v8.02-1+deb10u1
Using GnuTLS. Features present: TPMv2, PKCS#11, RSA software token, HOTP software token, TOTP software token, Yubikey OATH, System keys, DTLS, ESP
Supported protocols: anyconnect (default), nc, gp
dlenski commented 3 years ago

You've specified --script-tun, meaning that you're trying to run OpenConnect's proxy mode rather than direct routing mode.

vpn-slice doesn't support this. If you're using the proxy mode, then no OS-level routing or DNS configuration is needed. You need to run ocproxy.

A patch to update the docs, or to detect it and give a clearer error in vpn-slice… that would be quite welcome.

I also get errors:

Failed to read from SSL socket: The transmitted packet is too large (EMSGSIZE). Failed to recv DPD request (1406)

These aren't related to vpn-slice. They come from OpenConnect's MTU detection routines (https://gitlab.com/openconnect/openconnect/-/issues/157), which have been considerably improved post OpenConnect v8.02.