On Mon, Aug 21, 2017 at 7:31 PM, Aube, Jeremy <[email protected]> wrote: > > I'm having issues running OpenConnect on a router I flashed with > Asuswrt-Merlin. I have a USB drive connected with Entware-ng installed, and > was able to install OpenConnect and related packages. > > The first time I run OpenConnect, I get some error about /etc/resolv.conf. > Overwriting this file with a non-read-only duplicate seems to solve that. > > Next, it seems to run okay, but I can tell I'm not actually connected to the > VPN because I still have the IP my ISP provided. I've tried adding in some > "missing" routes based off of what I see when I run OpenConnect successfully > on OSX, but then I can't connect to any sites at all. > > I've tried a lot of different things, but I don't know how helpful it is to > list all of those out, and I'm not sure I can remember them all at this > point. The VPN does seem to work correctly while SSH'd into the router itself > if I run OpenConnect and add a route via the following: > > route add -net 0.0.0.0 netmask 0.0.0.0 gw x.x.x.x dev tun0 > > Where x.x.x.x is the same ip in this output: > > Connected as x.x.x.x, using SSL + lzs > > I then confirm that I'm getting the IP from the VPN via: > > wget http://checkip.dyndns.org/ | sed 's/[a-zA-Z<>/ :]//g' > > The other thing I had thought of is that when I use L2TP or OpenVPN from the > router interface, the /etc/resolv/conf file doesn't change, whereas > OpenConnect removes the default nameserver adds a couple other nameservers > when it runs. I tried changing this back to the default nameserver, but that > didn't seem to help. > > Any idea what's going wrong or thoughts on how I could troubleshoot this > further?
In a nutshell, it sounds like none of the expected routing configuration is happening. Do you have a vpnc-script installed? Have you tried running openconnect manually from the command line and seeing if it complains about a missing script? OpenConnect calls this script to do all of its routing configuration: www.infradead.org/openconnect/vpnc-script.html I have not used AsusWRT specifically, but the last time I looked at OpenWRT, it didn't automatically require or install a vpnc-script as part of the installation for OpenConnect. :-( :-( Dan _______________________________________________ openconnect-devel mailing list [email protected] http://lists.infradead.org/mailman/listinfo/openconnect-devel
