1

After some changes on server or in local packages now during trial to connect vpn server I receive 404 error response. Preiously I was using configuration for NetworkManager under Gnome with success for 2 years. I already found a solution when debug connection with command line openconnect client.

It requires adding parameter --useragent=AnyConnect and connection is working fine

Now it's time to update NetworkManager. I didnt't found any field in gui to enter this parameter or add custom parameters to pass to openconnect.

I've found that config reflecting graphic form is located in: /etc/NetworkManager/system-connections/VPN 1.nmconnection

I'v added 'useragent=AnyConnect' line to [vpn] and even after restart of system (to reload configs) vpn connection window reports 404 still

How I should pass this parameter?

Here is [vpn] section from my config:

[vpn]
authtype=cert
autoconnect-flags=0
cacert=/etc/pki/tls/certs/Company_Root_CA.crt
certsigs-flags=0
cookie-flags=2
enable_csd_trojan=no
gateway=vpn.net.company.com/EE-Linux
gateway-flags=2
gwcert-flags=2
lasthost-flags=0
pem_passphrase_fsid=no
prevent_invalid_cert=no
protocol=anyconnect
resolve-flags=2
stoken_source=manual
useragent=AnyConnect
usercert=/home/user/keys/user.crt
userkey=/home/user/keys/user.key
xmlconfig-flags=0
service-type=org.freedesktop.NetworkManager.openconnect
Improve this question

2 Answers 2

Reset to default
2

I've faced this issue recently, also connecting from Ubuntu 22.04.

While @Uwe's answer provided a hint, to me it seemed unlikely that a binary ELF file would continue to work without issues if you replace some text in it with another text of different length (it will mess up internal file pointers).

So I used this command instead and it works for me:

sudo sed -i.bck 's/OpenConnect VPN Agent (NetworkManager)/AnyConnect-compatible, OpenConnect VPN/g' /usr/lib/NetworkManager/nm-openconnect-auth-dialog

You can use any string you want, with the condition that it start with AnyConnect and has same length as the original string:

OpenConnect VPN Agent (NetworkManager) <--- original
AnyConnect-compatible, OpenConnect VPN <--- replacement

so that the resulting file has same length as before:

$ ls -l /usr/lib/NetworkManager/nm-openconnect-auth-dialog*
-rwxr-xr-x 1 root root 55904 oct 19 07:47 /usr/lib/NetworkManager/nm-openconnect-auth-dialog
-rwxr-xr-x 1 root root 55904 feb 21  2022 /usr/lib/NetworkManager/nm-openconnect-auth-dialog.bck

After testing this, I've also noticed @Aracurunir's comment, which found the same issue and solution.

Improve this answer
2

You left us with guesswork about your configuration.

In case you're on Ubuntu 22.04, there's a known issue with OpenConnect, that passes "Open AnyConnect VPN Agent v$VERSION" as UserAgent by default. And there doesn't seem to be a way to configure this in the NetworkManager GUI before Ubuntu 24.04.

Someone on Reddit patched the binaries, which is a bit dirty but seemed to work for him (edited according to comments below):

sudo sed -i.bck 's/OpenConnect VPN Agent (NetworkManager)/AnyConnect-compatible, OpenConnect VPN/g' /usr/lib/NetworkManager/nm-openconnect-auth-dialog

(Note: I modified the Reddit answer slightly to match the string that OpenConnect passes by default in newer versions

Note 2: Changed the sed command, kudos to @andrei-b)

Improve this answer
8
  • Yes, my system is 22.04. I tried this dirty patch but didn't work - there was no time to investigate why. To continue my projects at work I use now openconnect commandline, but there is a big drawback - it doesn't activate global proxy setting so not everything works ok, e.g. apt is looking for some ipv6 addresses, in terminal I have to manually activate script to fetch proxy variables, in gui programs set proxy separatelly There is already plan to migrate to 24.04.1 but I need to prepare backup, same time I will move to bigger disk etc. Formatting disapeared even if in edit \n's visible Commented Sep 19, 2024 at 19:46
  • Thanks for the confirmation on your system; can you edit your question to include the information you added in this answer, to aid those focusing on your question. Commented Sep 26, 2024 at 13:34
  • @AdamMierzwiak and while your at it and think that my answer is helpful for others, kindly mark it as "accepted". Commented Sep 27, 2024 at 12:52
  • 1
    @AdamMierzwiak that fix suggested on Reddit also didn't work for me. On my older Ubuntu VM, I'll simply continue to live with the issue and either connect via CLI or log in via GUI on second attempt. Because for me, a second attempt after getting the 404 works. I heard from others that they don't get a second login prompt, however. Commented Oct 25, 2024 at 9:06
  • 1
    For me, replacing with sed -i.bck 's/OpenConnect VPN Agent (NetworkManager)/AnyConnect (actually openconnect) abcd/g' /usr/lib/NetworkManager/nm-openconnect-auth-dialog worked. The replacement string mentioned on reddit "AnyConnect compatible OpenConnect " did not work for me, neither did the one mentioned in this answer "AnyConnect-compatible OpenConnect VPN Agent ". Both result in segfaults when trying to connect to the VPN. I think, the replacement string must have 38 characters, same as the original one "OpenConnect VPN Agent (NetworkManager)", else the file becomes corrupted Commented Jan 20 at 7:53

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.