Editing CommunityData:Northwestern VPN

From CommunityData

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 26: Line 26:


==== OpenSSL error ====
==== OpenSSL error ====
If you get an error saying "UNSAFE_RENEGOTIATION DISABLED", this is because our setup relies on Python library that is using an older  deprecated ("unsafe") protocol. Until we get it fixed on the server, you need to disable checking on your local machine.
If you get an error saying "UNSAFE_RENEGOTIATION DISABLED", this is because Kibo is using an unsafe protocol. Until we get it fixed on the server, you need to disable checking on your local machine.


The simplest thing (described in [https://stackoverflow.com/a/72245418 this stackoverflow suggestion]). Basically, it should be possible to add this line to the following files (after the fourth line): <code>openconnect_command-general.sh</code>, <code>openconnect_command-http.sh</code>, <code>openconnect_command-ssh.sh</code>:
Comment 7 on this bug report worked for Jeremy - https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1963834


:<code>export OPENSSL_CONF=./openssl.conf</code>
Aaron also found that editing the openconnect_command-general.sh script to add the following line immediately after line 4 works too (without requiring you to alter your system-wide openconnect configuration settings):


The downside to this is that will require that the command be run ''from the local directory''. Alternatively, you can put the full path to the <code>openssl.conf</code> file that is shipped with the repository into the line above (e.g., <code>/home/mako/bin/nu-vpn-proxy/openssl.conf</code>).
<code>export OPENSSL_CONF=./openssl.conf</code>
 
Another option is to change your systemwide OpenSSL configuration as described in comment 7 on [https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1963834 this bug report]. This is probably more dangerous.


==== Openconnect error ====
==== Openconnect error ====
Line 40: Line 38:
The other error that you may get is: <code>Failed to parse server response</code>
The other error that you may get is: <code>Failed to parse server response</code>


If you get this error, it's likely because there was a bug in openconnect. The bug seems to have begun in openconnect 8.2 and been fixed at some point before openconnect 9.0. Basically,that breaks when upgrading to openconnect version 8.20+ but less than 9.0.
If you get this error, it's likely because there's something that breaks when upgrading to openconnect version 8.20+. For now, downgrading to version 8.1x works.
 
If you can upgrade to 9.0, that is best. If you cannot easily do this, it is likely best to downgrade to 8.1.


Instructions for Ubuntu:
Instructions for Ubuntu:
Please note that all contributions to CommunityData are considered to be released under the Attribution-Share Alike 3.0 Unported (see CommunityData:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following CAPTCHA:

Cancel Editing help (opens in new window)
Retrieved from "https://wiki.communitydata.science/CommunityData:Northwestern_VPN"
Attribution-Share Alike 3.0 Unported
Powered by MediaWiki