-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
hostname args ineffective in background mode on openconnect #146
Comments
OS? Version of vpn-slice? Version of openconnect?
Run with
Same, please collect additional logging information. |
Thanks for the follow up!
The output for my command which uses both
The output for my command which uses only |
Just to double-check: you're not running this on WSL, are you? See #145 if so 🤨
Quite an old version at this point, but I can't think of any plausibly relevant recent changes that would affect this.
This log file shows that What's going on with this message about SSH CM sockets at the end of the log? How is SSH involved here at all? 🧐
My suspicion is that you have some additional wrapper layer or script here involved SSH, which is interfering somehow. |
sudo openconnect \
--protocol=anyconnect \
--user=Myself \
--script "vpn-slice --verbose --dump 10.0.0.0/8 hostname1 hostname2 hostname3 hostname4 hostname5 hostname6 hostname7 hostname8 hostname9 hostname10 hostname11 hostname12 hostname13 hostname14 hostname15 hostname16 hostname17 hostname18 hostname19" \
vpn.example.com
>&2 echo "removing SSH ControlMaster sockets..."
if compgen -G ~/.ssh/dev-cm-*; then
rm ~/.ssh/dev-cm-*
fi |
Does it make any difference if you change Can you confirm that |
Sure thing. The self-test works:
...And I have the same outcome when specifying the absolute path to vpn-slice:
My vpn-slice was installed using PyPI: |
@entrity, I have absolutely no idea why OpenConnect appears not to be invoking the vpnc-script at all. Run it through |
I may have hit on something that gives useful information: when I run my openconnect command with stderr redirected (to a file or /dev/null), the intended behaviour appears: openconnect moves to the background and my hosts file gets the updates from vpn-slice. Yes, having stderr redirected is the only difference between my successful case and my failure case. strace<<<$PASSWORD sudo strace -o trace.log -f openconnect --background --passwd-on-stdin --protocol=anyconnect --user=Myself --script "/usr/local/bin/vpn-slice --verbose --dump 10.0.0.0/8 hostname hostname hostname hostname hostname hostname hostname hostname hostname hostname hostname hostname hostname hostname hostname hostname hostname hostname hostname" hostname
|
Good find. So this is definitely an OpenConnect issue rather than a vpn-slice issue. I can't find anything that we might've changed since v8.20 that could be relevant to this, but please check if it still exists in v9.21. If so, report it (at https://gitlab.com/openconnect/openconnect/-/issues). |
@amimof is experiencing the same issue ("redirecting |
Just noticed this myself whe migrating to a new laptop. It seemed to me that the slicing did work (I could verify this with Reading this issue led me to realise the difference was that, on the old laptop, OpenConnect version 9.01 seems to completely ignore I didn't even realise that the backgrounding wasn't working before (it was in the script but I didn't really pay any attention to it - I just left it running in a terminal window because it "just worked"). On the new one the same script did indeed background but I could not resolve any explicit hosts that vpn-slice would normally write to the hosts file. Removing the Just another perspective in case it helps. If it's of interest I am using ArchLinux and connecting to a GlobalProtect VPN. |
Openconnect issue https://gitlab.com/openconnect/openconnect/-/issues/692 |
When I use vpn-slice + openconnect in the background, I observe some bad behaviour: the presence of any hostname arguments for
vpn-slice
appears to eliminate the effect of vpn-slice.I don't want to leave a terminal open for this; I want to run this in the background. I've even tried using
sudo setsid openconnect
(with--passwd-on-stdin
) instead of using--background
, but the effect is the same.The text was updated successfully, but these errors were encountered: