3

I am not able to connect via openconnect VPN client from my ubuntu 14.04 system. I used to connect to to this VPN 1 month back and since then I had not made any changes to the VPN client settings.

This is the error I am getting in the logs.

POST https://69.195.x.x/
Attempting to connect to server 69.195.x.x:443
SSL negotiation with 69.195.x.x
SSL connection failure: A TLS packet with unexpected length was received.
Failed to open HTTPS connection to 69.195.x.x
GET https://69.195.x.x/
Attempting to connect to server 69.195.244.x:x
SSL negotiation with 69.195.x.x
SSL connection failure: A TLS packet with unexpected length was received.
Failed to open HTTPS connection to 69.195.x.x

I have some team mates who are using Windows AnyConnect client and I am able to connect to the VPN through the windows machine.

Any help would be highly appreciable.

Kalamarico
  • 5,466
  • 22
  • 53
  • 70
Tarun Upadhyay
  • 724
  • 2
  • 7
  • 16

3 Answers3

6

The problem is by the last supported openconnect version in Ubuntu 14.04, that is openconnect 5.02.

There is a problem when you are trying to connect to newers versions of anyconnect server, so, there is a fix to solve it, it is installing the unsupported version of openconnect 7 in Ubuntu 14.04

You need to follow this steps to install openconnect 7:

Preflight

sudo apt-get install curl vpnc-scripts build-essential libssl-dev libxml2-dev liblz4-dev
curl -O ftp://ftp.infradead.org/pub/openconnect/openconnect-7.08.tar.gz
curl -O ftp://ftp.infradead.org/pub/openconnect/openconnect-7.08.tar.gz.asc
gpg --keyserver pgp.mit.edu --recv-key 67e2f359

Verify

gpg --verify openconnect-7.08.tar.gz.asc

Build

tar xzf openconnect-7.08.tar.gz
cd openconnect-7.08
./configure --without-gnutls --with-vpnc-script=/usr/share/vpnc-scripts/vpnc-script
make
sudo make install
sudo ldconfig /usr/local/lib

In this guide you have all the detail.

Kalamarico
  • 5,466
  • 22
  • 53
  • 70
0

You could try to use following command

sudo openconnect --user=%YOUR-USER% --no-xmlpost --interface=sslvpn --no-dtls %hostname%/%vpn_group_name%
Nikita
  • 4,576
  • 1
  • 14
  • 11
0

The pgp command command above failed for me because pgp.mit.edu wasn't working (server timeout), but I substituted keyserver.ubuntu.com in and it found the key.

Robert Pinsky
  • 1
  • Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Aug 10 '22 at 16:31