Bug 985443 - openconnect-5.01 XML POST doesn't send specified group correctly
openconnect-5.01 XML POST doesn't send specified group correctly
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: openconnect (Show other bugs)
19
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: David Woodhouse
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-17 09:45 EDT by Joshua Roys
Modified: 2014-12-08 11:20 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-12-08 11:20:18 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Joshua Roys 2013-07-17 09:45:03 EDT
Description of problem:
After upgrading to F19, my openconnect VPN doesn't allow access to certain resources.  Issue was traced to my client being issued an IP address from the default group.  After reading the man page, adding --no-xmlpost to the command restores expected behavior.


Version-Release number of selected component (if applicable):
openconnect-5.01


How reproducible:
openconnect -v -v -v --authgroup ORG-UNIT -u uid --no-cert-check vpn1.example.com
[...]
X-CSTP-Address: 10.43.100.99
[...]

openconnect -v -v -v --authgroup ORG-UNIT -u uid --no-cert-check --no-xmlpost vpn1.example.com
[...]
X-CSTP-Address: 10.43.16.157
[...]


Actual results:
Incorrect IP address assignment resulting from incorrect/missing group sent in new XML POST.


Expected results:
Correct IP address.
Comment 1 David Woodhouse 2014-07-08 12:19:30 EDT
This should be worked around in 5.02 (in Fedora 20) and properly fixed in the 6.00 release (rawhide, coming to 20 soon).

Are you still on Fedora 19, or are you able to test with F20?

I'll push out an update for Fedora 19 too.
Comment 2 David Woodhouse 2014-07-09 03:09:29 EDT
Oh, pushing the update to F19/F20 is non-trivial since it involves an ABI change in the libopenconnect library... which the KDE authentication tool isn't yet fully prepared to cope with.

If you can confirm that OpenConnect v6.00 works correctly, I'll try to work out the upgrade process.

Thanks.

Note You need to log in before you can comment on or make changes to this bug.