How to debug tun0 issues with OpenConnect

Message

avelach · #1 Post by **avelach** » 2017-06-09 08:17

First of all, sorry for crossposting from ServerFault but I feel this is a more proper forum to deal with this issue.

I'm using OpenConnect in Debian testing to connect to a corporate Juniper VPN server, this way:

(as root):

Code: Select all

openconnect --juniper -v <my_corporate_VPN_url>

I'm doing this from three physical instances of this OS and in all cases I'm passing authentication phase. However in just one case I'm not getting any IP for the tun0 interface. According to openconnect verbosity:

Code: Select all

Mensaje KMP  301 conseguido de tamaño 347
Grupo TLV 3 desconocido atrib 1 longitud 1: 00
Grupo TLV 3 desconocido atrib 2 longitud 1: 01
Recibida ruta incluida dividida 10.141.3.92/255.255.255.255
Recibida ruta incluida dividida 10.141.1.26/255.255.255.255
Recibida ruta incluida dividida 10.141.1.27/255.255.255.255
Recibida MTU 1400 desde el servidor
Recibido servidor DNS 10.141.1.26
Recibido servidor DNS 10.141.1.27
Grupo TLV 2 desconocido atrib 3 longitud 4: 00 00 00 00
Recibido servidor WINS 255.255.255.255
Compresión ESP: 0
Cifrado ESP: 0x02 (AES-128)
ESP HMAC: 0x02 (SHA1)
Tiempo de vida de la clave ESP: 1200 segundos
Tiempo de vida de la clave ESP: 0 bytes
Protección de repetición ESP: 1
Grupo TLV 8 desconocido atrib 11 longitud 4: 00 00 00 00
Puerto ESP: 4500
Alternativa ESP a SSL: 15 segundos
Grupo TLV 8 desconocido atrib 8 longitud 4: 00 00 00 3c
Recibida dirección IP interna 192.168.230.227
Máscara de red recibida 255.255.255.255
Dirección de puerta de enlace interna recibida <MY_GATEWAY>

I'm getting all DNS, gateway and IP stuff. However somehow this info is not making into the network interface nor into kernel routing tables:

Code: Select all

ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
    inet <MY_ETHERNET_IP>  netmask 255.255.255.0  broadcast <MY_BROADCAST>
    inet6 fe80::4ddc:41ef:da5f:26a5  prefixlen 64  scopeid 0x20<link>
    ether c4:34:6b:4e:66:c1  txqueuelen 1000  (Ethernet)
    RX packets 2997380  bytes 1108126020 (1.0 GiB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 4504576  bytes 5803368452 (5.4 GiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    device interrupt 20  memory 0xf7c00000-f7c20000  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
    inet 127.0.0.1  netmask 255.0.0.0
    inet6 ::1  prefixlen 128  scopeid 0x10<host>
    loop  txqueuelen 1  (Local Loopback)
    RX packets 514  bytes 42008 (41.0 KiB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 514  bytes 42008 (41.0 KiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1400
    inet6 fe80::4f1:8f7:a24:1664  prefixlen 64  scopeid 0x20<link>
    unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)
    RX packets 1  bytes 126 (126.0 B)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 30  bytes 5404 (5.2 KiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

And:

Code: Select all

ip route
default via <MY_GATEWAY> dev eth0 proto static metric 100 
<VPN_SERVER_IP> via <MY_GATEWAY> dev eth0 src <MY_ETHERNET_IP>
<MY_NETWORK> dev eth0 proto kernel scope link src <MY_ETHERNET_IP> metric 100

My /etc/network/interfaces:

Code: Select all

auto tun0

auto eth0
iface eth0 inet static
address <MY_ETHERNET_IP>
netmask 255.255.255.0
gateway <MY_GATEWAY> 

auto lo
iface lo inet loopback

My /etc/NetworkManager/NetworkManager.conf:

Code: Select all

[main]
plugins=ifupdown,keyfile

[ifupdown]
managed=true

I'm not very much into tunnel networking so a helping hand should be welcome to understand why routing table/network interface are not being updated.

Regards,
Antonio