Link to home
Create AccountLog in
Avatar of Brandon Garnett
Brandon Garnett

asked on

Connecting to VPN using OpenConnect on a CentOs Box

I have been attempting to connect to our company's network through VPN.  We have a Cisco 2821 router and its already setup for remote connections.  Our webserver is a CentOS linux.  I have installed the OpenConnect VPN client from http://www.infradead.org/openconnect/.  Every time I try to connect to our network I receive the error

Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 30, Keepalive 20
Failed to open tun device: Permission denied

It seems I am able to authenticate, but the tun device is not working.

I have researched this and when I run the command

lsmod | grep tun

To check if the module is loaded nothing is displayed.  A new line is displayed.

I have also tried running

cat /dev/net/tun
cat: /dev/net/tun: Permission denied

I've even tried contacting my hosting provider to see if they could help but they seem to be clueless.  Any assistance with this issue would be greatly appreciated.
Avatar of asavener
asavener
Flag of United States of America image

have you installed the vpnc package?
Avatar of Brandon Garnett
Brandon Garnett

ASKER

Yes vpnc is installed.
That's not something your provider can help you with. It's an error message from the local machine, complaining that it doesn't have permissions to open the 'tun' device and configure networking. Most likely cause is that you are running OpenConnect as your own user, and not as root. It shouldn't surprise you to find that normal users don't have privileges to redirect all network traffic from all programs on the box, through their own program!

It's possible to run OpenConnect as non-root, but you have to have things properly set up by root in order to do that. So it works nicely when you're using it from NetworkManager, but if you're doing things manually you're better off doing it as root.

By the way, please see http://www.infradead.org/openconnect/mail.html — I had to jump through even more hoops to answer here, than I usually do when people post questions on random web forums instead of on the mailing list ¿
Ok, thanks. I will definitely check into that link.
ASKER CERTIFIED SOLUTION
Avatar of Brandon Garnett
Brandon Garnett

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
We have moved to a different server and no longer require assistance with this question.