Ubuntu
network-manager-openconnect package

Routes not being added by nm-openconnect-server-openconnect-helper

Bug #1870745 reported by Iain Buclaw
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
network-manager-openconnect (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

When connecting to an openconnect VPN using network-manager-gnome, non of the CISCO_SPLIT_INC environment variables are being exported to the helper program.

To test:

dpkg-divert --add --rename --divert \
  /usr/lib/NetworkManager/nm-openconnect-service-openconnect-helper.real \
  /usr/lib/NetworkManager/nm-openconnect-service-openconnect-helper

cat > /usr/lib/NetworkManager/nm-openconnect-service-openconnect-helper << EOF
#!/bin/bash
env | sort
/usr/lib/NetworkManager/nm-openconnect-service-openconnect-helper.real
EOF

chmod +x /usr/lib/NetworkManager/nm-openconnect-service-openconnect-helper

These are the environment variables exported to the helper.
---
CISCO_CSTP_OPTIONS=X-CSTP-Version=1
CISCO_DEF_DOMAIN=mydomain.com
CISCO_SPLIT_EXC_0_ADDR=0.0.0.0
CISCO_SPLIT_EXC_0_MASK=255.255.255.255
CISCO_SPLIT_EXC_0_MASKLEN=32
CISCO_SPLIT_EXC=1
GIO_USE_VFS=local
INTERNAL_IP4_ADDRESS=10.96.54.28
INTERNAL_IP4_DNS=10.96.16.111 10.96.16.112
INTERNAL_IP4_MTU=1406
INTERNAL_IP4_NBNS=10.96.16.111 10.96.16.112
INTERNAL_IP4_NETADDR=10.96.52.0
INTERNAL_IP4_NETMASK=255.255.252.0
INTERNAL_IP4_NETMASKLEN=22
INVOCATION_ID=3fa552aed21e47ce97ae3cad58f7b727
JOURNAL_STREAM=9:16123471
LANG=en_GB.UTF-8
LANGUAGE=en_GB:en
LC_ADDRESS=en_GB.UTF-8
LC_IDENTIFICATION=en_GB.UTF-8
LC_MEASUREMENT=en_GB.UTF-8
LC_MONETARY=en_GB.UTF-8
LC_NAME=en_GB.UTF-8
LC_NUMERIC=en_GB.UTF-8
LC_PAPER=en_GB.UTF-8
LC_TELEPHONE=en_GB.UTF-8
LC_TIME=en_GB.UTF-8
NM_DBUS_SERVICE_OPENCONNECT=org.freedesktop.NetworkManager.openconnect.Connection_20
NM_VPN_LOG_LEVEL=0
NM_VPN_LOG_PREFIX_TOKEN=2042011
NM_VPN_LOG_SYSLOG=1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
PWD=/
reason=pre-init
SHLVL=1
_=/usr/bin/env
VPNGATEWAY=1.2.3.4
---

And then again with same as above, but with following changes/additions.
---
reason=connect
TUNDEV=vpn0
---

Revision history for this message
Iain Buclaw (iainb) wrote :

Running openconnect on the command-line, the environment variables are all present.

echo $COOKIE | /usr/sbin/openconnect --interface vpn0 mydomain.com --cookie-on-stdin

---
CISCO_CSTP_OPTIONS=X-CSTP-Version=1
CISCO_DEF_DOMAIN=mydomain.com
CISCO_SPLIT_EXC_0_ADDR=0.0.0.0
CISCO_SPLIT_EXC_0_MASK=255.255.255.255
CISCO_SPLIT_EXC_0_MASKLEN=32
CISCO_SPLIT_EXC_1_ADDR=10.1.12.244
CISCO_SPLIT_EXC_1_MASK=255.255.255.255
CISCO_SPLIT_EXC_1_MASKLEN=32
CISCO_SPLIT_EXC_2_ADDR=10.194.4.23
CISCO_SPLIT_EXC_2_MASK=255.255.255.255
CISCO_SPLIT_EXC_2_MASKLEN=32
CISCO_SPLIT_EXC=3
CISCO_SPLIT_INC_0_ADDR=10.96.52.0
CISCO_SPLIT_INC_0_MASK=255.255.252.0
CISCO_SPLIT_INC_0_MASKLEN=22
CISCO_SPLIT_INC_10_ADDR=10.96.52.0
CISCO_SPLIT_INC_10_MASK=255.255.252.0
CISCO_SPLIT_INC_10_MASKLEN=22
CISCO_SPLIT_INC_11_ADDR=10.96.52.0
CISCO_SPLIT_INC_11_MASK=255.255.252.0
CISCO_SPLIT_INC_11_MASKLEN=22
-- [snip] --
CISCO_SPLIT_INC=42
INTERNAL_IP4_ADDRESS=10.96.54.29
INTERNAL_IP4_DNS=10.96.16.111 10.96.16.112
INTERNAL_IP4_MTU=1402
INTERNAL_IP4_NBNS=10.96.16.111 10.96.16.112
INTERNAL_IP4_NETADDR=10.96.52.0
INTERNAL_IP4_NETMASK=255.255.252.0
INTERNAL_IP4_NETMASKLEN=22
LANG=en_GB.UTF-8
LANGUAGE=en_GB:en
LC_ADDRESS=en_GB.UTF-8
LC_IDENTIFICATION=en_GB.UTF-8
LC_MEASUREMENT=en_GB.UTF-8
LC_MONETARY=en_GB.UTF-8
LC_NAME=en_GB.UTF-8
LC_NUMERIC=en_GB.UTF-8
LC_PAPER=en_GB.UTF-8
LC_TELEPHONE=en_GB.UTF-8
LC_TIME=en_GB.UTF-8
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
PWD=/
reason=connect
SHLVL=1
TUNDEV=vpn0
VPNGATEWAY=1.2.3.4
X-CSTP-Address=10.96.54.29
X-CSTP-Client-Bypass-Protocol=false
X-CSTP-Default-Domain=mydomain.com
X-CSTP-Disable-Always-On-VPN=false
X-CSTP-Disconnected-Timeout=3600
X-CSTP-DNS=10.96.16.111
X-CSTP-DNS=10.96.16.112
X-CSTP-DPD=30
X-CSTP-Hostname=mydomain.com
X-CSTP-Idle-Timeout=3600
X-CSTP-Keepalive=20
X-CSTP-Keep=true
X-CSTP-Lease-Duration=28800
X-CSTP-MSIE-Proxy-Lockdown=true
X-CSTP-MTU=1379
X-CSTP-NBNS=10.96.16.111
X-CSTP-NBNS=10.96.16.112
X-CSTP-Netmask=255.255.252.0
X-CSTP-Protocol=Copyright (c) 2004 Cisco Systems, Inc.
X-CSTP-Quarantine=false
X-CSTP-Routing-Filtering-Ignore=false
X-CSTP-Session-Timeout=28800
X-CSTP-Smartcard-Removal-Disconnect=true
X-CSTP-Split-Exclude=0.0.0.0/255.255.255.255
X-CSTP-Split-Exclude=10.1.12.244/255.255.255.255
X-CSTP-Split-Exclude=10.194.4.23/255.255.255.255
X-CSTP-Split-Include=10.0.0.0/255.0.0.0
X-CSTP-Split-Include=10.96.52.0/255.255.252.0
X-CSTP-Split-Include=10.96.52.0/255.255.252.0
X-CSTP-Split-Include=10.96.52.0/255.255.252.0
-- [snip] --
X-CSTP-TCP-Keepalive=true
X-CSTP-Tunnel-All-DNS=false
---

Revision history for this message
Iain Buclaw (iainb) wrote :

Currently I'm having to work around by putting in a wrapper script instead of nm-openconnect-service-openconnect-helper.

#!/bin/bash
# Routes that we want to be used by the VPN link
ROUTES="10.0.0.0/8 \
       10.96.52.0/22 \
       10.96.16.111/32 \
       ..."

# Helpers to create dotted-quad netmask strings.
MASKS[8]="255.0.0.0"
MASKS[12]="255.240.0.0"
MASKS[16]="255.255.0.0"
MASKS[18]="255.255.192.0"
MASKS[20]="255.255.240.0"
MASKS[22]="255.255.252.0"
MASKS[24]="255.255.255.0"
MASKS[32]="255.255.255.255"

export CISCO_SPLIT_INC=0

# Create environment variables that vpnc-script uses to configure network
function addroute()
{
    local ROUTE="$1"
    local ADDR=${ROUTE%%/*}
    local MASKLEN=${ROUTE##*/}
    export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_ADDR=${ADDR}
    export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASKLEN=${MASKLEN}
    export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASK=${MASKS[${MASKLEN}]}
    export CISCO_SPLIT_INC=$((${CISCO_SPLIT_INC}+1))
}

for r in $ROUTES; do
    addroute $r
done
/usr/lib/NetworkManager/nm-openconnect-service-openconnect-helper.real

Revision history for this message
Iain Buclaw (iainb) wrote :

Package: network-manager-openconnect
Version: 1.2.4-1ubuntu1
Priority: optional
Section: universe/net
Origin: Ubuntu
Maintainer: Ubuntu Developers <email address hidden>
Original-Maintainer: Mike Miller <email address hidden>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 84.0 kB
Depends: adduser, network-manager (>= 1.2), openconnect, libc6 (>= 2.4), libglib2.0-0 (>= 2.41.1), libnm0 (>= 1.1.90)
Homepage: http://www.gnome.org/projects/NetworkManager/
Download-Size: 21.0 kB
APT-Manual-Installed: no
APT-Sources: http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages
Description: network management framework (OpenConnect plugin core)
 NetworkManager is a system network service that manages your network
 devices and connections, attempting to keep active network connectivity
 when available. It manages ethernet, WiFi, mobile broadband (WWAN), and
 PPPoE devices, and provides VPN integration with a variety of different
 VPN services.
 .
 This package provides a VPN plugin for OpenConnect, an open client for
 Cisco's AnyConnect SSL VPN.

Package: network-manager-openconnect-gnome
Version: 1.2.4-1ubuntu1
Priority: optional
Section: universe/net
Source: network-manager-openconnect
Origin: Ubuntu
Maintainer: Ubuntu Developers <email address hidden>
Original-Maintainer: Mike Miller <email address hidden>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 2,252 kB
Depends: network-manager-openconnect (= 1.2.4-1ubuntu1), libc6 (>= 2.4), libglib2.0-0 (>= 2.37.3), libgtk-3-0 (>= 3.0.0), libnm-glib-vpn1 (>= 0.7.999), libnm-util2 (>= 0.8.998), libnm0 (>= 1.1.90), libopenconnect5 (>= 7.05), libsecret-1-0 (>= 0.7), libxml2 (>= 2.7.4)
Homepage: http://www.gnome.org/projects/NetworkManager/
Download-Size: 342 kB
APT-Manual-Installed: yes
APT-Sources: http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages
Description: network management framework (OpenConnect plugin GNOME GUI)
 NetworkManager is a system network service that manages your network
 devices and connections, attempting to keep active network connectivity
 when available. It manages ethernet, WiFi, mobile broadband (WWAN), and
 PPPoE devices, and provides VPN integration with a variety of different
 VPN services.
 .
 This package provides the GNOME bits of NetworkManager's OpenConnect
 plugin.

Revision history for this message
dwmw2 (dwmw2) wrote :

Can you file this upstream at https://gitlab.com/OpenConnect/OpenConnect/issues please?

Revision history for this message
Iain Buclaw (iainb) wrote :

Done https://gitlab.com/openconnect/openconnect/-/issues/121

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in network-manager-openconnect (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.