Conditions: Reportedly occurs using AnyConnect 4.0.x on RHEL 6, OpenSuSE 13.2, Fedora 22 and FreeBSD 10.0. Problem may occur on other distros as well. Problem may occur on other distros as well. Workarounds: Use OpenConnect, a free and open source SSL VPN client software initially created to support Cisco's AnyConnect SSL VPN. Pascal researched and found that the error, anyconnect was not able to establish a connection to the specified secure gateway is a known problem with Cisco clients before version 4, when these earlier clients are installed on Ubuntu 16.04+. The solution is either to downgrade your Ubuntu, or upgrade your Cisco client. NetworkManager-openconnect provides VPN support to NetworkManager for OpenConnect, an implementation of the Cisco AnyConnect VPN system. Version 1.2.6; Size 716 KB; openSUSE Leap 15.2; Direct Install Expert Download. Debian / OpenSUSE / Gentoo. The openconnect and NetworkManager-openconnect (or network-manager-openconnect) packages are included in most Linux distributions. The openconnect and network-manager-openconnect packages are included in Ubuntu but bug fixes are sometimes very slow. Citrix virtual apps chrome.
I decided to take the Cisco Anyconnect 3.1 client for a spin on 64-bit Suse 12.1
The issue I am seeing is that the client launches and when it attempts to run the Cisco Secure Destop (csd) binary it chokes. The reason why is interesting:
ldd shows /opt/cisco/anyconnect/bin/vpnui (32bit) links to all needed libraries, including libcurl.so in /opt/cisco/anyconnect/lib
So this launches fine.
In turn, it calls ~/.cisco/hostscan/bin/cscan (32bit) which logs:
/home/user/.cisco/hostscan/log/cscan.log
/var/log/messages
So the linker runs off to library land and comes back with /usr/lib64/libcurl.so.4, which of course is wrong ELF class.
My questions then are:
1) ldd shows cscan is not itself linked to any libcurl, but it tries to load /opt/cisco/anyconnect/lib/libcurl.so.3 - resulting in 'does not have the required support' (Cisco, you include a version of libcurl which does not work with your own product?) I'm curious why ldd does not show this:
2) I don't understand why the linker is linking to the 64bit lib when it is executing a 32bit binary. Tried to LD_PRELOAD the 32-bit one and LD_PRELOAD is not allowed. Does anyone have an idea on how to force it to find the (installed) 32bit version first?
This looks to be the same issue in: https://supportforums.cisco.com/thread/2145858 from April of this year - but no answers to that post.
Thanks for any tips on how to get this working.
OpenConnect is an SSL VPN client initially created to support Cisco's AnyConnect SSL VPN. It has since been extended to support the Pulse Connect Secure VPN (formerly known as Juniper Network Connect or Junos Pulse) and the Palo Alto Networks GlobalProtect SSL VPN.
A corresponding OpenConnect VPN server implementation can be found in the ocserv package.
A corresponding OpenConnect VPN server implementation can be found in the ocserv package.
| Original maintainer | Mike Miller |
|---|---|
| Homepage | http://www.infradead.org/openconnect.html |
Fedora 31
OpenSUSE Tumbleweed
Fedora 30
Cisco Anyconnect Windows 10
Ubuntu 19.04
Ubuntu 20.04
Fedora 28
OpenSUSE Leap 15.0
OpenSUSE Leap 15.2
Ubuntu 17.10
Ubuntu 18.10
Ubuntu 16.04 LTS
| Distribution | Version | Since | Package | Installed | Packager | |
|---|---|---|---|---|---|---|
| Arch rolling extra/os | xz | 1:8.05-1 | 2019-09-14 | 589 kiB | 3.12 MiB | Levente Polyak |
| Debian 10.0 buster/main | deb | 8.02-1+deb10u1 | 2020-02-08 | 462 kiB | 2.51 MiB | Mike Miller |
| Debian 9.0 stretch/main | deb | 7.08-1+deb9u1 | 2020-02-08 | 408 kiB | 2.23 MiB | Mike Miller |
| Fedora 28 releases/Everything-os | rpm | 7.08-5.fc28 | 2019-01-14 | 573 kiB | 2.38 MiB | Fedora Project |
| Fedora 28 releases/Workstation-os | rpm | 7.08-5.fc28 | 2019-01-14 | 573 kiB | 2.38 MiB | Fedora Project |
| Fedora 29 releases/Everything-os | rpm | 7.08-8.fc29 | 2019-01-14 | 564 kiB | 2.38 MiB | Fedora Project |
| Fedora 29 releases/Workstation-os | rpm | 7.08-8.fc29 | 2019-01-14 | 564 kiB | 2.38 MiB | Fedora Project |
| Fedora 29 releases-test/Everything-os | rpm | 7.08-8.fc29 | 2019-01-14 | 564 kiB | 2.38 MiB | Fedora Project |
| Fedora 29 releases-test/Workstation-os | rpm | 7.08-8.fc29 | 2019-01-14 | 564 kiB | 2.38 MiB | Fedora Project |
| Fedora 30 releases/Everything-os | rpm | 8.02-3.fc30 | 2019-06-17 | 508 kiB | 2.34 MiB | Fedora Project |
| Fedora 30 releases/Workstation-os | rpm | 8.02-3.fc30 | 2019-06-17 | 508 kiB | 2.34 MiB | Fedora Project |
| Fedora 30 releases-test/Workstation-os | rpm | 8.02-3.fc30 | 2019-06-17 | 508 kiB | 2.34 MiB | Fedora Project |
| Fedora 31 releases/Everything-os | rpm | 8.05-1.fc31 | 2020-01-07 | 684 kiB | 2.83 MiB | Fedora Project |
| Fedora rawhide development/Everything-os | rpm | 8.05-2.fc32 | 2020-02-08 | 684 kiB | 2.83 MiB | Fedora Project |
| Fedora rawhide development/Workstation-os | rpm | 8.03-2.fc31 | 2019-08-03 | 658 kiB | 2.77 MiB | Fedora Project |
| Manjaro rolling stable/extra | xz | 1:8.02-1 | 2019-02-19 | 559 kiB | 2.99 MiB | Levente Polyak |
| Manjaro rolling testing/extra | xz | 1:8.02-1 | 2019-02-14 | 559 kiB | 2.99 MiB | Levente Polyak |
| Manjaro rolling unstable/extra | xz | 1:8.02-1 | 2019-02-12 | 559 kiB | 2.99 MiB | Levente Polyak |
| OpenSUSE Leap 15.0 oss | rpm | 7.08-lp150.4.1 | 2019-01-17 | 149 kiB | 324 kiB | https://bugs.opensuse.org |
| OpenSUSE Leap 15.0 update/oss | rpm | 7.08-lp150.5.3.1 | 2019-10-27 | 137 kiB | 324 kiB | http://bugs.opensuse.org |
| OpenSUSE Leap 15.1 oss | rpm | 7.08-lp151.5.3 | 2019-01-23 | 149 kiB | 324 kiB | https://bugs.opensuse.org |
| OpenSUSE Leap 15.1 update/oss | rpm | 7.08-lp151.6.3.1 | 2019-10-27 | 137 kiB | 324 kiB | http://bugs.opensuse.org |
| OpenSUSE Leap 15.2 oss | rpm | 7.08-lp152.7.26 | 2020-03-23 | 136 kiB | 324 kiB | https://bugs.opensuse.org |
| OpenSUSE Leap 42.3 oss | rpm | 7.06-5.2 | 2019-01-17 | 120 kiB | 258 kiB | http://bugs.opensuse.org |
| OpenSUSE Leap 42.3 update/oss | rpm | 7.08-7.1 | 2019-01-21 | 130 kiB | 283 kiB | http://bugs.opensuse.org |
| OpenSUSE Tumbleweed oss | rpm | 8.05-2.1 | 2020-01-13 | 47.2 kiB | 101 kiB | https://bugs.opensuse.org |
| Ubuntu 17.10 artful/universe | deb | 7.08-1 | 2017-11-10 | 382 kiB | 2.23 MiB | Ubuntu Developers |
| Ubuntu 18.04 LTS bionic/universe | deb | 7.08-3 | 2018-03-07 | 383 kiB | 2.23 MiB | Ubuntu Developers |
| Ubuntu 18.04 LTS bionic-updates/universe | deb | 7.08-3ubuntu0.18.04.1 | 2019-06-17 | 383 kiB | 2.23 MiB | Ubuntu Developers |
| Ubuntu 18.10 cosmic/universe | deb | 7.08-3 | 2019-01-14 | 383 kiB | 2.23 MiB | Ubuntu Developers |
| Ubuntu 19.04 disco/universe | deb | 8.02-1 | 2019-01-28 | 434 kiB | 2.51 MiB | Ubuntu Developers |
| Ubuntu 19.10 eoan/universe | deb | 8.02-1build1 | 2019-09-06 | 434 kiB | 2.52 MiB | Ubuntu Developers |
| Ubuntu 20.04 focal/universe | deb | 8.02-1build1 | 2020-01-07 | 434 kiB | 2.52 MiB | Ubuntu Developers |
| Ubuntu 16.04 LTS xenial/universe | deb | 7.06-2build2 | 2017-11-10 | 300 kiB | 1.59 MiB | Ubuntu Developers |
openconnect(8)
openconnect - Multi-protocol VPN client, for Cisco AnyConnect VPNs and others
OpenSUSE Leap 15.2 oss: Updated from 7.08-lp152.7.24 to 7.08-lp152.7.26
- Add openconnect-CVE-2019-16239.patch: Fix buffer overflow with chunked HTTP handling(bsc#1151178, CVE-2019-16239).
OpenSUSE Leap 15.2 oss: Updated from 7.08-lp152.7.20 to 7.08-lp152.7.24
- Add openconnect-CVE-2019-16239.patch: Fix buffer overflow with chunked HTTP handling(bsc#1151178, CVE-2019-16239).
OpenSUSE Leap 15.2 oss: Updated from 7.08-lp152.7.19 to 7.08-lp152.7.20
- Add openconnect-CVE-2019-16239.patch: Fix buffer overflow with chunked HTTP handling(bsc#1151178, CVE-2019-16239).
OpenSUSE Leap 15.2 oss: Updated from 7.08-lp152.7.18 to 7.08-lp152.7.19
- Add openconnect-CVE-2019-16239.patch: Fix buffer overflow with chunked HTTP handling(bsc#1151178, CVE-2019-16239).
OpenSUSE Leap 15.2 oss: Updated from 7.08-lp152.7.15 to 7.08-lp152.7.18
- Add openconnect-CVE-2019-16239.patch: Fix buffer overflow with chunked HTTP handling(bsc#1151178, CVE-2019-16239).
Fedora rawhide development/Everything-os: Updated from 8.05-1.fc32 to 8.05-2.fc32
Debian 10.0 buster-proposed-updates/main: Version 8.02-1+deb10u1 removed
Debian 10.0 buster/main: Updated from 8.02-1 to 8.02-1+deb10u1
- Non-maintainer upload by the Security Team.
- Close HTTPS connection on failure returns from process_http_response()
- Fix buffer overflow with chunked HTTP handling (CVE-2019-16239) (Closes: #940871)
Debian 9.0 stretch-proposed-updates/main: Version 7.08-1+deb9u1 removed
Debian 9.0 stretch/main: Updated from 7.08-1 to 7.08-1+deb9u1
- Non-maintainer upload by the Security Team.
- Close HTTPS connection on failure returns from process_http_response()
- Fix buffer overflow with chunked HTTP handling (CVE-2019-16239) (Closes: #940871)
OpenSUSE Leap 15.2 oss: Updated from 7.08-lp152.7.13 to 7.08-lp152.7.15
- Add openconnect-CVE-2019-16239.patch: Fix buffer overflow with chunked HTTP handling(bsc#1151178, CVE-2019-16239).
Debian 10.0 buster-proposed-updates/main: Version 8.02-1+deb10u1 introduced
- Non-maintainer upload by the Security Team.
- Close HTTPS connection on failure returns from process_http_response()
- Fix buffer overflow with chunked HTTP handling (CVE-2019-16239) (Closes: #940871)
Debian 9.0 stretch-proposed-updates/main: Version 7.08-1+deb9u1 introduced
- Non-maintainer upload by the Security Team.
- Close HTTPS connection on failure returns from process_http_response()
- Fix buffer overflow with chunked HTTP handling (CVE-2019-16239) (Closes: #940871)
OpenSUSE Leap 15.2 oss: Updated from 7.08-lp152.7.12 to 7.08-lp152.7.13
Cisco Anyconnect Linux Client
- Add openconnect-CVE-2019-16239.patch: Fix buffer overflow with chunked HTTP handling(bsc#1151178, CVE-2019-16239).
OpenSUSE Tumbleweed oss: Updated from 8.05-1.1 to 8.05-2.1
- Remove tncc-wrapper.py script as it is python2 only bsc#1157446
Fedora 31 releases/Everything-os: Version 8.05-1.fc31 introduced
- Update to 8.05 release (CVE-2019-16239)
OpenSUSE Leap 15.2 oss: Version 7.08-lp152.7.12 introduced
- Add openconnect-CVE-2019-16239.patch: Fix buffer overflow with chunked HTTP handling(bsc#1151178, CVE-2019-16239).
Ubuntu 20.04 focal/universe: Version 8.02-1build1 introduced
OpenSUSE Tumbleweed oss: Updated from 8.03-1.4 to 8.05-1.1
- No need to ship hipreport-android.sh as it is intented for android systems only
Where Is Cisco Anyconnect Installed On Ubuntu
OpenSUSE Leap 15.0 update/oss: Version 7.08-lp150.5.3.1 introduced
- Add openconnect-CVE-2019-16239.patch: Fix buffer overflow with chunked HTTP handling(bsc#1151178, CVE-2019-16239).
openconnect-dbg - debugging symbols for the OpenConnect VPN client
openconnect-debuginfo - Debug information for package openconnect
openconnect-debugsource - Debug sources for package openconnect
Cisco Anyconnect Vpn Client Download
openconnect-devel - Development package for OpenConnect VPN authentication tools
Cisco Anyconnect Vpn Linux
openconnect-lang - Translations for package openconnect