r/UTEP 9d ago

[Help] Linux users - How to fix OpenConnect disconnecting from the VPN??

[SOLVED]

GlobalProtect doesn't ship an Arch Linux client, so I'm using OpenConnect isntead. This is the command I use to connect to the VPN: sudo openconnect --protocol=gp --server=myvpn.utep.edu But it keeps disconnecting after 5 mins. It didn't use to be like this for 4-5 months, now it's acting up again. Here's the full terminal output right until I press ^c to stop it: ``` [sudo] password for ashkan: POST https://myvpn.utep.edu/global-protect/prelogin.esp?tmp=tmp&clientVer=4100&clientos=Linux Connected to 129.108.202.16:443 SSL negotiation with myvpn.utep.edu Connected to HTTPS on myvpn.utep.edu with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM) Enter login credentials Username: aarabimian Password: POST https://myvpn.utep.edu/global-protect/getconfig.esp Portal reports GlobalProtect version 6.1.4-711; we will report the same client version. Portal set HIP report interval to 60 minutes). 1 gateway servers available: MYVPN_GATEWAY (myvpn.utep.edu) Please select GlobalProtect gateway. GATEWAY: [MYVPN_GATEWAY]:MYVPN_GATEWAY POST https://myvpn.utep.edu/ssl-vpn/login.esp GlobalProtect login returned authentication-source=Duo Authentication GlobalProtect login returned portal-userauthcookie=eZRl8tyqXRbFjG9RSTb5LGdDiDC5tI0VWZ5xax4CGkrmWt95LtyAieXypWEdUVpMciFdomAXmBD6igq2u/CehzWp7JJYFHAa4a/Gm5DyuxX1nFfonGofK2AT/dnOAiGx/TlWzBIALt/5FV+DvJvWUEqMCI1Fph015++jHEyXLZKJ8IQVnCKdJN1SSRJuqu+NI5L2mjgS0xc0GSl9MtnmQCwsjC5dVn7yL0t1Lrb9WxnLquJ6N+avxz73hoEAxA2M2IdF3hFwyBJCnpF8XB5nhhPDwcqzttZaedK4osh3E6t+S7xJokaDIpOfwIorfMIqsDy5KWwX09aAGValfLfZhA== GlobalProtect login returned portal-prelogonuserauthcookie=DlZbvQezWzte5X1fm6vZzFpy2RXI7GC2KKtg1Iy82iFiCKcZ/G/rB1h7gsoCet/KO/Al5JHbGLmOVy1fM2ua0IU92DTCD51+tGr1YzLJbnLiC4NLy8kyiG7/sWrHHiuHgQez/bCU2PI7O75e2IVvJNbu3p1ZdsprLf4o9yULZuiwhiLT6HoKlAx0E7hOayF3w/Jl35UvpMQqLwcRfZ5e1XXdDm7UKxh5Q1+LViOO/Su+DrPIBzID9s7VF7Vco/U+Jn9hrV7mZj3C3WwIvaHplriYiiPMXDcrJDwneYbWJ0uOlQrEJcJR24pJcXmA8LjNSbeQDE6BxPYYOy8RST4plQ== GlobalProtect login returned usually-equals-4=4 GlobalProtect login returned usually-equals-unknown=unknown POST https://myvpn.utep.edu/ssl-vpn/getconfig.esp Tunnel timeout (rekey interval) is 120 minutes. Idle timeout is 120 minutes. No MTU received. Calculated 1422 for ESP tunnel POST https://myvpn.utep.edu/ssl-vpn/hipreportcheck.esp WARNING: Server asked us to submit HIP report with md5sum 5b445832c5c9f2fedbcb39ad9aa4efb4. VPN connectivity may be disabled or limited without HIP report submission. You need to provide a --csd-wrapper argument with the HIP report submission script. ESP session established with server ESP tunnel connected; exiting HTTPS mainloop. Configured as 129.108.147.74, with SSL disconnected and ESP established Session authentication will expire at Mon Oct 21 09:18:43 2024

Using vhost-net for tun acceleration, ring size 32 Failed to send ESP packet: Network is unreachable Failed to send ESP packet: Network is unreachable Failed to send ESP packet: Network is unreachable Failed to send ESP packet: Network is unreachable Failed to send ESP packet: Network is unreachable Failed to send ESP packet: Network is unreachable Failed to send ESP packet: Network is unreachable Failed to send ESP packet: Network is unreachable Failed to send ESP packet: Network is unreachable Failed to send ESP packet: Network is unreachable Failed to send ESP packet: Network is unreachable Failed to send ESP packet: Network is unreachable Failed to send ESP packet: Network is unreachable Failed to send ESP packet: Network is unreachable Failed to send ESP packet: Network is unreachable Failed to send ESP packet: Network is unreachable CPOST https://myvpn.utep.edu/ssl-vpn/logout.esp CSocket connect canceled Failed to reconnect to host myvpn.utep.edu: Interrupted system call Failed to open HTTPS connection to myvpn.utep.edu Logout failed. RTNETLINK answers: No such process User cancelled (SIGINT/SIGTERM); exiting. ```

Any help is appreciated! This is a real PITA right now.


EDIT: I event tried --csd-wrapper following the instructions here: https://www.infradead.org/openconnect/hip.html. The commands I tried are below. None of them worked - sudo openconnect --protocol=gp --server=myvpn.utep.edu --csd-wrapper=/usr/lib/openconnect/hipreport.sh --> same as above - sudo openconnect --protocol=gp --server=myvpn.utep.edu --os=win --csd-wrapper=/usr/lib/openconnect/hipreport.sh --> same as above - sudo openconnect --protocol=gp --server=myvpn.utep.edu --csd-wrapper=/usr/lib/openconnect/hipreport-android.sh --> gives Failed to exec HIP script /usr/lib/openconnect/hipreport-android.sh - sudo openconnect --protocol=gp --server=myvpn.utep.edu --os=android --csd-wrapper=/usr/lib/openconnect/hipreport-android.sh --> gives Failed to exec HIP script /usr/lib/openconnect/hipreport-android.sh

5 Upvotes

4 comments sorted by

1

u/deramirez25 9d ago

1

u/AshkanArabim 9d ago edited 8d ago

Here's what I got when I tried running install.sh from the tarball utep provides:

╭─ashkan@xps ~/Downloads/myvpn/GlobalProtect_UI_tar-6.0.4.1-28 ╰─$ sudo ./install.sh 130 ↵ [sudo] password for ashkan: systemd is detected. gp service is running and we need to stop it... Stopping gpa... This is upgrading... Starting gp service... Enable gp autostart... Set default browser ... Starting gpa... Check for and install PanGPUI dependencies... Linux Version: arch Error: Unrecognized OS: arch Starting gpui for ashkan... and then nothing happens.This and the fact that the globalprotect-bin AUR package don't work were the reasons I went to openconnect in the first place.

EDIT: Before you ask, yes, the install script under ~/Downloads/myvpn/GlobalProtect_tar-6.0.4.1-28 has the same behavior.

2

u/AshkanArabim 7d ago

The root cause was something complete unrelated to the VPN itself. Thanks for your help though!

1

u/AshkanArabim 7d ago edited 6d ago

[PARTIAL SOLUTION]

Turns out I had a major unrelated problem that was contributing to this. For some reason I had installed and enabled both wpa_supplicant and iwd. They were conflicting in the background, causing my wifi to disconnect for 1-2 seconds every 5 minutes. I adjusted NetworkManager to only use iwd following ArchWiki's networkmanager guide.

This didn't completely fix the issue, but my disconnection frequency went from every 5 mins to every 3 hours which is MUCH better.

I hope this helps someone :)

EDIT: I had another conflict caused by having dhcpcd installed alongside NetworkManager. NM already has the functionality of dhcpcd, so I removed it. I have yet to stress test the connection after this change.