openconnect-gui-menu-bar icon indicating copy to clipboard operation
openconnect-gui-menu-bar copied to clipboard

Published 20 hours ago verified publisher icon ventz

Error: parse error in openconnect file

Open quantumgolem opened this issue 4 years ago • 6 comments

I'm going mad trying to figure this out. So connecting from the menu bar wasn't doing anything for me. I typed this into the Terminal substituting all the variables to try to debug my issue:

sudo "$VPN_EXECUTABLE" -u "$VPN_USERNAME" -i "$VPN_INTERFACE" "$VPN_HOST"

I get this error:

>>> /private/etc/sudoers.d/openconnect: syntax error near line 2 <<<
sudo: parse error in /private/etc/sudoers.d/openconnect near line 2
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

Not sure why, because this is my openconnect file:

sn0w ALL=(ALL) NOPASSWD: /usr/local/bin/openconnect
sn0w ALL=(ALL) NOPASSWD: /usr/bin/killall -2 openconnect

where sn0w is the result of the whoami.

quantumgolem avatar Jul 03 '20 14:07 quantumgolem

@sn0wyfall This is one of those "easy in concept but hard to debug" things, mixed with an outdated structure.

Make sure you have spaces and not tabs (literally the tab character itself, vs when hitting tab generates 4 or 2 spaces) My guess is this is the problem.

see: https://stackoverflow.com/questions/1878974/redefine-tab-as-4-spaces

ventz avatar Jul 03 '20 17:07 ventz

@ventz Thanks a lot for the reply! Unfortunately I don't use tabs at all, and I just checked using regex. There are no tabs in the file.

Is there anything else I could try?

quantumgolem avatar Jul 09 '20 23:07 quantumgolem

@sn0wyfall Try using some kind of a sudoers "linter" (ex: https://www.sudo.ws/tools.html)

Alternatively, I am attaching a file here you can just move into /etc/sudoers.d/ and unzip: openconnect.zip

ventz avatar Jul 10 '20 02:07 ventz

Thanks! I will try this out.

What's the advantage of using this applet, actually? I forgot why I'm trying to install it. I know that the Cisco client is annoying to log into and it disconnects a lot. I presume this applet removed the annoying login bit. Would it suffer from the same connections issues though, because the backed it uses is the same (cisco)?

quantumgolem avatar Jul 30 '20 15:07 quantumgolem

For me the reason for writing the applet was because I wanted an easy "connect/disconnect" option for OpenConnect.

The reason OpenConnect over the Cisco client is:

  • OpenConnect allows for split tunnel even when it's disabled "server side" (it ignores the server push policy if you want it to)
  • it allows for "embedding" the password within your encrypted keychain, so with 2FA, you don't have to have a box pop up every time for the password which greatly slows down/makes it a pain to auth, especially if you are changing VPNs constantly.
  • it seems to perform quite a bit better overall - both for connections that drop out/closing your mac, and for performance.

ventz avatar Jul 30 '20 16:07 ventz

Got it, thanks! I'll see if I can try it out.

quantumgolem avatar Aug 08 '20 12:08 quantumgolem