Hi,
this is not related to @tech, I'm resending to @ports and I'm putting Bryan
as CC as he have takend care about openconnect port (thought not commited yet).
----- Forwarded message from Vitali <coonar...@gmail.com> -----
Date: Mon, 5 Dec 2011 10:00:37 +0100
From: Vitali <coonar...@gmail.com>
To: t...@openbsd.org
Subject: openconnect and libproxy
Hi, gentelmen.
Several days ago I needed badly to set up a VPN channel.
Usually I'd been using vpnc.
This time it was an SSL VPN connection and vpnc returned a long error:
quick mode response rejected: (ISAKMP_N_INVALID_PAYLOAD_TYPE)(1)
this means the concentrator did not like what we had to offer.
Possible reasons are:
* concentrator configured to require a firewall
this locks out even Cisco clients on any platform expect windows
which is an obvious security improvment. There is no workaround (yet).
* concentrator configured to require IP compression
this is not yet supported by vpnc.
Note: the Cisco Concentrator Documentation recommends against using
compression, expect on low-bandwith (read: ISDN) links, because it
uses much CPU-resources on the concentrator
so I went googling a little and found another solution - openconnect.
openconnect compiled with no hitch on 4.9-R at my office desktop but
it stuck on my notebook with a freshly installed 5.0 Nov 1 snapshot.
The error returned by openconnect was:
/usr/local/lib/libproxy.so.1.0: undefined reference to `pthread_mutex_unlock'
/usr/local/lib/libproxy.so.1.0: undefined reference to `pthread_mutex_destroy'
/usr/local/lib/libproxy.so.1.0: undefined reference to `pthread_mutex_lock'
/usr/local/lib/libproxy.so.1.0: undefined reference to `pthread_mutex_init'
collect2: ld returned 1 exit status
gmake[1]: * [openconnect] Error 1
gmake[1]: Leaving directory `/usr/local/src/openconnect-3.15'
gmake: * [all-recursive] Error 1
doing a little research I paid attention to the openconnect ./configure line:
checking for supported compiler flags... -Wall -Wextra
-Wno-missing-field-initializers -Wno-sign-compare
-Wno-unused-parameter -Werror=pointer-to-int-cast
-Wdeclaration-after-statement -Werror-implicit-function-declaration
-Wformat-nonliteral -Wformat-security -Winit-self
-Wmissing-declarations -Wmissing-include-dirs -Wnested-externs
-Wpointer-arith -Wwrite-strings
I edited the Makefile by modifying the line:
CFLAGS = -g -O2 -pthread -Wall -Wextra -Wno-missing-field-initializers
-Wno-sign-compare -Wno-unused-parameter -Werror=pointer-to-int-cast
-Wdeclaration-after-statement -Werror-implicit-function-declaration
-Wformat-nonliteral -Wformat-security -Winit-self
-Wmissing-declarations -Wmissing-include-dirs -Wnested-externs
-Wpointer-arith -Wwrite-strings
where I just added "-pthread" as you can see, and openconnect normally
compiled and worked properly.
Anyway I decided to go on with the experiments and poked about
libproxy in ports.
In the patch file
"/usr/ports/net/libproxy/patches/patch-libproxy_cmake_libproxy_cmk"
there was a replacement line:
- target_link_libraries(libproxy modman;m;pthread;dl;${LIBPROXY_LIBRARIES})
+ target_link_libraries(libproxy modman;m;${LIBPROXY_LIBRARIES})
which I edited for:
+ target_link_libraries(libproxy modman;m;pthread;${LIBPROXY_LIBRARIES})
I put back only "pthread" as you see, rebuilt libproxy and gave
openconnect a new try, and this time it built with no errors.
Here is my conversation with the openconnect developer
https://plus.google.com/u/0/113990329890790578682/posts/fxytv9BTkcY
I wonder why "pthread" had been removed from libproxy? Or maybe I've
lost something? I found no information on the OpenBSD site about this.
Thanks for your time.
Vitali.
----- End forwarded message -----
