search

pop-os / pop

A project for managing all Pop!_OS sources
https://system76.com/pop
2.38k stars 81 forks source link

Update network-manager-openconnect pkg to version 1.2.10 (or newer) #2913

Open epoxi opened 1 year ago

epoxi commented 1 year ago

Distribution (run cat /etc/os-release):

NAME="Pop!_OS"
VERSION="22.04 LTS"
ID=pop
ID_LIKE="ubuntu debian"
PRETTY_NAME="Pop!_OS 22.04 LTS"
VERSION_ID="22.04"
HOME_URL="https://pop.system76.com"
SUPPORT_URL="https://support.system76.com"
BUG_REPORT_URL="https://github.com/pop-os/pop/issues"
PRIVACY_POLICY_URL="https://system76.com/privacy"
VERSION_CODENAME=jammy
UBUNTU_CODENAME=jammy
LOGO=distributor-logo-pop-os

Related Application and/or Package Version (run apt policy $PACKAGE NAME):

network-manager-openconnect:
  Installed: 1.2.6-4
  Candidate: 1.2.6-4
  Version table:
 *** 1.2.6-4 500
        500 http://apt.pop-os.org/ubuntu jammy/universe amd64 Packages
        100 /var/lib/dpkg/status

Issue/Bug Description: Version 1.2.6 is being hit by this bug, causing to drop VPN connection right after it was set up.

It seems the network-manager-openconnect plugin can't istall received routes from vpn gateway, causing the inmediate disconnection.

...
Jun  5 11:14:52 mars4 NetworkManager[38962]: ESP session established with server
Jun  5 11:14:52 mars4 NetworkManager[38962]: ESP tunnel connected; exiting HTTPS mainloop.
Jun  5 11:14:52 mars4 NetworkManager[38962]: Configured as 10.217.40.234, with SSL disconnected and ESP established
Jun  5 11:14:52 mars4 NetworkManager[38962]: Session authentication will expire at Wed Jul  5 11:14:52 2023
Jun  5 11:14:52 mars4 openconnect[38962]: SIOCSIFMTU: Operation not permitted
Jun  5 11:14:52 mars4 NetworkManager[942]: <warn>  [1685974492.4319] vpn[0x56070966e6f0,5e948781-bc29-4ee8-aa7e-ec87c348e9d4,"Danone GP",if:7,dev:2:(vpn0)]: invalid IP4 config received: no valid IP address/prefix
Jun  5 11:14:52 mars4 NetworkManager[942]: <warn>  [1685974492.4320] vpn[0x56070966e6f0,5e948781-bc29-4ee8-aa7e-ec87c348e9d4,"VPN-GW GP",if:7,dev:2:(vpn0)]: did not receive valid IP config information
...

Steps to reproduce (if you know):

Try any VPN that uses SSO, specially Cisco's AnyConnect or Palo Alto's Global Protect

Expected behavior:

Other Notes:

It was noted in RedHat and Ubuntu bug forums that this issue is resolved on version 1.2.10 or newer https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/-/tags/1.2.10

jacobgkau commented 1 year ago

The network-manager-openconnect package comes from Ubuntu; Pop!_OS is not currently repackaging it. (You can see this in your apt policy output, where the URL is the Ubuntu mirror, apt.pop-os.org/ubuntu, rather than the Pop!_OS repo, apt.pop-os.org/release.)

Ideally, Ubuntu needs to update this package in their repository, so the issue will be fixed for both Ubuntu and Pop!_OS users. It seems like they're aware of the issue from the Launchpad bug that you linked, although it hasn't seen activity in a couple of years.

lumbric commented 7 months ago

Note that new Cisco servers won't allow a VPN connect unless the user agent string is changed (see here). This is possible with >= 1.2.10. Any help how to backport the new package would be appreciated. (See also this question on askubuntu.com)

lumbric commented 7 months ago

I've found a workaround: OpenConnect provides binary packages via the Open Build Service (found here).

If you want to use the NetworkManager and the Gnome integration, it is necessary to update openconnect and the networkmanager/gnome packages after adding the repository:

sudo apt install openconnect network-manager-openconnect network-manager-openconnect-gnome

nexoscp commented 2 months ago

Ubuntu provides package version 1.2.10 https://packages.ubuntu.com/noble/network-manager-openconnect-gnome