WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Getting Cisco AnyConnect to work with TC?  (Read 7610 times)

Offline tayloratosu

  • Newbie
  • *
  • Posts: 20
Getting Cisco AnyConnect to work with TC?
« on: February 12, 2011, 03:38:17 PM »
Has anyone tried getting Cisco's AnyConnect Linux vpn client to work with Tinycore?  I've been playing around with it, but I haven't figured it out yet.  It works just fine with Arch and Ubuntu, and I've gotten it to work with Slax, but not TC yet.

Under TC, I can install the client just fine, but when I run it, it says that it can't confirm that I have a secure connection to the server.  I'm pretty sure that means that AnyConnect is having trouble locating some of the libraries it needs.  (At least, that was the problem with Slax.)

I have played around with strace, trying to figure out which libraries I'm missing, but haven't had much luck.  I know it needs libnss3 and some of the libs that come with firefox, but even after I install those and even soft-link them into the Cisco lib directory, it still fails.

So anyway, I'm looking for some ideas.  This is a new installation of TC, so I'll happily blow everything away and start fresh if that will help.

(BTW, I have used vpnc in the past, but my work has changed the vpn server such that only AnyConnect with work.)

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 12276
Re: Getting Cisco AnyConnect to work with TC?
« Reply #1 on: February 12, 2011, 04:59:43 PM »
Hi tayloratosu
ldd clientprogramname will tell you what libraries it depends on.

Offline tayloratosu

  • Newbie
  • *
  • Posts: 20
Re: Getting Cisco AnyConnect to work with TC?
« Reply #2 on: February 13, 2011, 12:59:41 PM »
Thanks for the info about ldd, Rich.

I ran ldd against the client program, and it looks like it's finding a version of every library it's looking for.

In addition, I checked on my Slax installation (where the AnyConnect client works), grabbed copies of every lib file it was referencing, and tried putting them in the cisco library directory, so that they would get called before any of the TC libraries.  Still get the same error, which is "Unable to process response from <VPN server>".

So, at this point, I'm really not sure what's causing the error.  Could still be some sort of library problem, I guess, or a problem with the way TC is handling the cert, or something else.

Anybody have any idea how one would go about diagnosing something like this?  I gotta get this to work if I want TC to be my main OS on this computer.

--Doug

Offline gutmensch

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 605
  • I can make it disappear, have no fear!
    • remembrance blog
Re: Getting Cisco AnyConnect to work with TC?
« Reply #3 on: February 13, 2011, 01:16:08 PM »
you could try to use an OSS alternative to the anyconnect cisco client, which resides here:

http://git.infradead.org/users/dwmw2/openconnect.git

if I find some time tomorrow I can try to build it. personally I wouldn't bother with any of the cisco products for linux.
If I seem unduly clear to you, you must have misunderstood what I said. (Alan Greenspan)

Offline tinypoodle

  • Hero Member
  • *****
  • Posts: 3857
Re: Getting Cisco AnyConnect to work with TC?
« Reply #4 on: February 13, 2011, 01:44:22 PM »
Have you tried placing the cert into '/usr/local/etc/ssl/certs' ?
"Software gets slower faster than hardware gets faster." Niklaus Wirth - A Plea for Lean Software (1995)

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 12276
Re: Getting Cisco AnyConnect to work with TC?
« Reply #5 on: February 13, 2011, 02:00:29 PM »
Hi tayloratosu

          "Unable to process response from <VPN server>".

That message suggests that the client is starting and connecting to the server but does not
understand how to log in or negotiate with it.
It's not missing a library although an incorrect library version is possible.

@gutmensch:

       "but my work has changed the vpn server such that only AnyConnect with work."

Would openconnect still work despite the above quote?

Offline tayloratosu

  • Newbie
  • *
  • Posts: 20
Re: Getting Cisco AnyConnect to work with TC?
« Reply #6 on: February 13, 2011, 04:09:42 PM »
 "but my work has changed the vpn server such that only AnyConnect with work."

To clarify this, the announcement I received was that they "will discontinue the use and support for Cisco VPN Client versions 5.x (Windows) and 4.9 (Mac) that use the IPSec protocol . . . . All users will be required to download and install the new Cisco AnyConnect VPN Client version 2.x."

If openconnect works, then that would be great.

Thanks for all the replies so far.

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 12276
Re: Getting Cisco AnyConnect to work with TC?
« Reply #7 on: February 13, 2011, 06:33:19 PM »
Hi tayloratosu
Try this link sluge.dk/egroupware/sitemgr-sluge/index.php?wikipage=linux and click
on My Projects and then How to make Cisco AnyConnect VPN Client work?

Offline gutmensch

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 605
  • I can make it disappear, have no fear!
    • remembrance blog
Re: Getting Cisco AnyConnect to work with TC?
« Reply #8 on: February 14, 2011, 08:17:45 AM »
uploaded openconnect.tcz extension, it can take some time until it's visible in appbrowser... try it out then! ;-)
If I seem unduly clear to you, you must have misunderstood what I said. (Alan Greenspan)

Offline tayloratosu

  • Newbie
  • *
  • Posts: 20
Re: Getting Cisco AnyConnect to work with TC?
« Reply #9 on: February 15, 2011, 07:45:43 AM »
tinypoodle:  AnyConnect actually prompts me to add the cert itself, so I don't think that's the problem.

Rich:  Thanks for the link.  That particular user had a weird directory problem with firefox which I don't have.  And the openconnect page that gutmensch pointed out has the following complaint about AnyConnect which may explain some of the problems I was having:   '"Stealth" use of libraries with dlopen(), even using the development-only symlinks such as libz.so — making it hard to properly discover the dependencies which proper packaging would have expressed'

Gutmensch:  Thanks a bunch!  I was able to get openconnect working with our new VPN setup.  Seems fairly fast, too.  It looks like that's the way I'll be going.

Thanks, everyone, for your help!