vpn-slice
vpn-slice copied to clipboard
dlenski
New issue with openconnect/vpn-slice due to env change?
HI folks,
Looking to see if bright folks can help me, I've been using openconnect/vpn-slice for years as a simple user for years w/o issue [thanks!], but today, after a phone update (which i hotspot thru), openconnect and/or vpn-slice aren't working correctly.
openconnect seems to work correctly to the vpn if run without vpn-slice, however i now get this error when connecting
(I get the RTNETLINK answers: Invalid argument error whether vpn-slice is in the picture or not)
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 30, Keepalive 20
Connected as 10.69.39.197 + 2606:b400:600:c063::16d/64, using SSL, with DTLS in progress
Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(ECDHE-RSA)-(AES-256-GCM).
Detected MTU of 1182 bytes (was 1280)
WARNING: IPv6 address or netmask set. Support for IPv6 in vpn-slice should be considered BETA-QUALITY.
WARNING: IPv6 address or netmask set. Support for IPv6 in vpn-slice should be considered BETA-QUALITY.
RTNETLINK answers: Invalid argument
Traceback (most recent call last):
File "/usr/local/bin/vpn-slice", line 8, in <module>
sys.exit(main())
File "/usr/local/lib/python3.8/dist-packages/vpn_slice/__main__.py", line 564, in main
do_connect(env, args)
File "/usr/local/lib/python3.8/dist-packages/vpn_slice/__main__.py", line 198, in do_connect
providers.route.add_address(env.tundev, env.myaddr6)
File "/usr/local/lib/python3.8/dist-packages/vpn_slice/linux.py", line 79, in add_address
self._iproute('address', 'add', address, dev=device)
File "/usr/local/lib/python3.8/dist-packages/vpn_slice/linux.py", line 50, in _iproute
subprocess.check_call(cl)
File "/usr/lib/python3.8/subprocess.py", line 364, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['/usr/sbin/ip', 'address', 'add', '2606:b400:600:c063::16d/64', 'dev', 'tun0']' returned non-zero exit status 2.
Script 'vpn-slice '..................' returned error 1
vpn-slice -V returns `vpn-slice 0.15``
sudo vpn-slice --self-test reports success
uname -a
Linux mbfgdell 5.4.0-169-generic #187-Ubuntu SMP Thu Nov 23 14:52:28 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Linux Mint 20.3 Una \n \l
Samsung Galaxy A53 updated to OpenUI 6.0
Any suggestions or help to diagnose/fix this issue would be appreciated.
thanks, dave
(I get the RTNETLINK answers: Invalid argument error whether vpn-slice is in the picture or not)
Yeah, it's just that vpn-slice checks failures much more carefully than the default vpnc-script, which will simply ignore such errors.
Detected MTU of 1182 bytes (was 1280)
Aaaah, that's the problem. IPv6 requires an MTU of at least 1280 bytes.
Seems like iproute(8) will return this error for any IPv6-related actions you attempt to perform on an adapter that has an MTU of <1280 bytes. In order to resolve this without sloppily ignoring errors, we're going to have to detect (and warn) when MTU is too low for IPv6, and then filter out all subsequent manipulations related to IPv6.
Detected MTU of 1182 bytes (was 1280)
Aaaah, that's the problem. IPv6 requires an MTU of at least 1280 bytes.
@mebigfatguy, please test cd40123.
If OpenConnect provides IPv6 configuration and a too-small MTU, vpn-slice will intentionally abort and will instruct you to add --disable-ipv6 to the command-line:
MTU of 789 is too small for IPv6 (minimum 1280). Invoke OpenConnect with --disable-ipv6 to configure for IPv4 only