Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Building OpenConnect 7 on Ubuntu 14 (trusty), 15 (vivid), and 16 (xenial)

Building OpenConnect 7 on Ubuntu 14 (trusty) and 15 (vivid)

The steps in this guide are available as an autobuild shell script

Why?

Because the OpenConnect package from Ubuntu is a bit outdated, and if you have a recent AnyConnect server, you need a newer OpenConnect to play with it.

Why this guide uses OpenSSL instead of GnuTLS

We'll be building OpenConnect mostly with its defaults, but we're going to use OpenSSL rather than GnuTLS. This isn't a philosophical choice: GnuTLS is still maturing, and my testing showed that compilation with GnuTLS leads to a bit of a crapshoot when connecting to AnyConnect endpoints. I haven't debugged this; if you find a good path to compiling with GnuTLS that works reliably, I'm all ears.

Build

Preflight

sudo apt-get install curl vpnc-scripts build-essential libssl-dev libxml2-dev liblz4-dev
curl -O ftp://ftp.infradead.org/pub/openconnect/openconnect-7.08.tar.gz
curl -O ftp://ftp.infradead.org/pub/openconnect/openconnect-7.08.tar.gz.asc
gpg --keyserver pgp.mit.edu --recv-key 67e2f359

Verify

gpg --verify openconnect-7.08.tar.gz.asc

You should see something very much like:

gpg: assuming signed data in `openconnect-7.08.tar.gz'
gpg: Signature made Tue 17 Mar 2015 08:33:15 AM CDT using RSA key ID 67E2F359
gpg: Good signature from "David Woodhouse <dwmw2@infradead.org>"
gpg:                 aka "David Woodhouse <dwmw2@exim.org>"
gpg:                 aka "David Woodhouse <david@woodhou.se>"
gpg:                 aka "David Woodhouse <dwmw2@kernel.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: BE07 D9FD 5480 9AB2 C4B0  FF5F 6376 2CDA 67E2 F359

Build

tar xzf openconnect-7.08.tar.gz
cd openconnect-7.08
./configure --without-gnutls --with-vpnc-script=/usr/share/vpnc-scripts/vpnc-script
make
sudo make install
sudo ldconfig /usr/local/lib

OpenConnect will be at /usr/local/sbin/openconnect

@colintsteele

This comment has been minimized.

Copy link

commented Oct 19, 2016

configure: error: The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config.

Any idea how to solve this problem?

@subhashdasyam

This comment has been minimized.

Copy link

commented Nov 24, 2016

@colintsteele

if using ubuntu install pkg-config by

apt-get install pkg-config -y

@stuartminch

This comment has been minimized.

Copy link

commented Dec 16, 2016

We are running firmware version 8.2R5.1 (build 50797) on our MAG 2600 HA Pair and had to install openconnect-7.08 in order to connect via VPN from Ubuntu. The instructions above work almost flawlessly by simply substituting '7.06' with '7.08'. The one thing we needed to add to the /.configure command was --without-openssl-version-check.

@suxxor

This comment has been minimized.

Copy link

commented Apr 25, 2017

How can I build with PKCS#11 support?
Autobuild script worked successfully, but I get This version of OpenConnect was built without PKCS#11 support error when I run:
$ openconnect --juniper --no-cert-check -c 'pkcs11:MY_PARAMS' example.com

EDIT:
Got the answer: for PKCS#11 support you need to install the following libraries before building:
sudo apt-get install libp11-kit-dev libp11-dev

@calamarico

This comment has been minimized.

Copy link

commented Feb 28, 2018

I have an error in 'make check':

...
PASS: lzstest
PASS: seqtest
FAIL: bad_dtls_test
============================================================================
Testsuite summary for openconnect 7.08
============================================================================
# TOTAL: 3
# PASS:  2
# SKIP:  0
# XFAIL: 0
# FAIL:  1
# XPASS: 0
# ERROR: 0

Any clue about what means that fail?: bad_dtls_test.

It doesn't matter, install is ok and working.

@jussi-ft

This comment has been minimized.

Copy link

commented May 29, 2018

Working, thanks for advice.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.