Closed Meister1593 closed 2 years ago
Reverting to b816b72d315ef8cbf6973095cdb9f4a72182ed0d3ff8c9ac33fb088b77b77ce6
ostree commit from 19th February does not solve the issue too (it has openconnect 8.10-8)
I did it like so:
sudo ostree pull fedora:fedora/36/x86_64/silverblue --commit-metadata-only --depth=150
rpm-ostree deploy b816b72d315ef8cbf6973095cdb9f4a72182ed0d3ff8c9ac33fb088b77b77ce6
Reverting to least available commit 186e73f4d1fd8cefa68a065c57d8c6bbbb9cc91cc4cb19707a91d488ddc17927
(from February 9th) does not fix issue either.
Reverting to silverblue 35 (a49552f262d00a173d1e7e8d57e2afdad348e0974d1d372e92884a1679adf8e8
) fixes issue completely.
I will stay on 35 until i will have some sort of fix/workaround on 36, but i will keep 36 pinned for testing
@Meister1593 would you mind reporting a bug in https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora against the openconnect component? I don't think that we will be able to help you here (we don't have the expertise).
@Meister1593 would you mind reporting a bug in https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora against the openconnect component? I don't think that we will be able to help you here (we don't have the expertise).
Closing this one as it has been reported upstream and will be tracked there and there is a workaround in https://bugs.launchpad.net/ubuntu/+source/openconnect/+bug/1968467/comments/6.
From https://bugs.launchpad.net/ubuntu/+source/openconnect/+bug/1968467/comments/6 the next works for me:
$ cat > /tmp/openssl.conf <<EOF
openssl_conf = openssl_init
[openssl_init]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
Options = UnsafeLegacyRenegotiation
EOF
$ sudo OPENSSL_CONF=/tmp/openssl.conf openconnect <gateway> --csd-wrapper=/usr/lib/openconnect/csd-post.sh [other options]
Describe the bug Openconnect csd post wrapper used for anyconnect vpn service fails unexpectedly with empty document returned from vpn.
To Reproduce I'm not sure if it's possible to replicate locally (requires vpn credentials) but i will at least try to replicate it the way i did
sudo openconnect --user=user --csd-wrapper=/usr/libexec/openconnect/csd-post.sh hostname
^ -:1.1: Document is empty
^
State: idle BootedDeployment: ● fedora:fedora/36/x86_64/silverblue Version: 36.20220508.0 (2022-05-08T00:42:01Z) BaseCommit: dd4ac38b4030e0192777eef2c243f1b2a777f6d6526fd52b84f0a2ec2984b6bb GPGSignature: Valid signature by 53DED2CB922D8B8D9E63FD18999F7CBF38AB71F4 RemovedBasePackages: firefox 100.0-2.fc36 gnome-software gnome-software-rpm-ostree 42.0-4.fc36 vim-minimal 2:8.2.4845-1.fc36 LayeredPackages: corectrl distrobox fish fzf gnome-tweaks google-roboto-fonts langpacks-en materia-gtk-theme neofetch neovim openssl python-pip rpmfusion-free-release rpmfusion-nonfree-release steam-devices xdotool xinput xmlstarlet-1.6.1-18.fc36.x86_64 LocalPackages: logmein-hamachi-2.1.0.203-1.x86_64