Latest revision |
Your text |
Line 9: |
Line 9: |
| To install it you can download the software from the [[CommunityData:Git|CDSC Git repository]] like: | | To install it you can download the software from the [[CommunityData:Git|CDSC Git repository]] like: |
|
| |
|
| gitea@gitea.communitydata.science:collective/nu-vpn-proxy.git
| | git clone git@code.communitydata.science:nu-vpn-proxy |
|
| |
|
| Details on how to set use that code are up are in the <code>README-CDSC</code> file in that repostiroy. | | Details on how to set use that code are up are in the <code>README-CDSC</code> file in that repostiroy. |
Line 19: |
Line 19: |
|
| |
|
| Please commit any changes to the code and/or or the documentation in the git repository. | | Please commit any changes to the code and/or or the documentation in the git repository. |
|
| |
|
| |
| === Troubleshooting ===
| |
|
| |
| New versions of openconnect and openssl can cause a few issues.
| |
|
| |
| ==== OpenSSL error ====
| |
| If you get an error saying "UNSAFE_RENEGOTIATION DISABLED", this is because our setup relies on Python library that is using an older deprecated ("unsafe") protocol. Until we get it fixed on the server, you need to disable checking on your local machine.
| |
|
| |
| The simplest thing (described in [https://stackoverflow.com/a/72245418 this stackoverflow suggestion]). Basically, it should be possible to add this line to the following files (after the fourth line): <code>openconnect_command-general.sh</code>, <code>openconnect_command-http.sh</code>, <code>openconnect_command-ssh.sh</code>:
| |
|
| |
| :<code>export OPENSSL_CONF=./openssl.conf</code>
| |
|
| |
| The downside to this is that will require that the command be run ''from the local directory''. Alternatively, you can put the full path to the <code>openssl.conf</code> file that is shipped with the repository into the line above (e.g., <code>/home/mako/bin/nu-vpn-proxy/openssl.conf</code>).
| |
|
| |
| Another option is to change your systemwide OpenSSL configuration as described in comment 7 on [https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1963834 this bug report]. This is probably more dangerous.
| |
|
| |
| ==== Openconnect error ====
| |
|
| |
| The other error that you may get is: <code>Failed to parse server response</code>
| |
|
| |
| If you get this error, it's likely because there was a bug in openconnect. The bug seems to have begun in openconnect 8.2 and been fixed at some point before openconnect 9.0. Basically,that breaks when upgrading to openconnect version 8.20+ but less than 9.0.
| |
|
| |
| If you can upgrade to 9.0, that is best. If you cannot easily do this, it is likely best to downgrade to 8.1.
| |
|
| |
| Instructions for Ubuntu:
| |
|
| |
| 1. Uninstall <code>openconnect</code> and <code>libopenconnect5</code>
| |
|
| |
| sudo apt remove openconnect libopenconnect5
| |
|
| |
| 2. Download version 8.10
| |
|
| |
| cd ~/Some/dir
| |
| wget https://www.infradead.org/openconnect/download/openconnect-8.10.tar.gz
| |
| tar -xvf ./openconnect-8.10.tar.gz
| |
| cd ./openconnect-8.10
| |
|
| |
| 3. Install openconnect following [https://www.infradead.org/openconnect/building.html these instructions]
| |
|
| |
| ./configure
| |
| make
| |
| make install
| |
|
| |
| 4. Cross your fingers and try to connect to the VPN again (e.g., with <code>ssh kibo</code>).
| |