openconnect: Start doesn't work after timeout

[alexyao2015]

Important notices
Before you add a new report, we ask you kindly to acknowledge the following:

• I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
• I have searched the existing issues, open and closed, and I'm convinced that mine is new.
• The title contains the plugin to which this issue belongs

Describe the bug
My openconnect server will automatically disconnect after a period of time without opnsense disconnecting. When this happens, starting the plugin again will not cause the interface to come back.

To Reproduce

1. Start openconnect
2. From the server side, disconnect the client.
3. Start openconnect client again and observe an ip address does not appear in interfaces.
4. Stop and start openconnect again and observe an ip address appears.

Diagnosis
I've determined that since the server side disconnects the client, the call to openconnect_stop is not made. Critically, the step to rename the ocvpn0 interface to tun3000 is not done. When starting the client again, it is unable to find the tun30000 interface because the stop procedure was not run.

plugins/security/openconnect/src/etc/rc.d/opnsense-openconnect

Line 38 in 58d06c7

ifconfig ocvpn0 name tun30000

Potential solutions:

1. In the startup procedure, attempt to detect if the stop routine was not called and rename an existing ocvpn0 interface back to tun30000 before proceeding.
2. Remove the renaming of the ocvpn0 interface to tun30000. I am unaware of the implications of doing so and what the purpose of renaming the interface is in the first place. However, if this could be done, this would be the simplest solution.

[ander089]

I have the same issue

[ander089]

solved in this way:

I moved the IF configuration scripts from the launch file to the vpnc script hooks.

in the specific way:

from /usr/local/etc/rc.d/opnsense-openconnect I removed

ifconfig ocvpn0 name tun30000

from the stop function and

sleep 5
ifconfig tun30000 name ocvpn0
ifconfig ocvpn0 group ocvpn

from the start function

Then, I created the hooks files under /usr/local/etc/vpnc (create vpnc folder in case) with this tree

-- vpnc
---- attempt-reconnect.d
------ restore-ifname
---- disconnect.d
----- restore-ifname
--- post-attemp-reconnect.d
----- set-ifname
--- post-connect.d
----- set-ifname

with the following content for the files:

set-ifname

#!/bin/sh

ifconfig tun30000 name ocvpn0
ifconfig ocvpn0 group ocvpn

restore-ifname

#!/bin/sh

ifconfig ocvpn0 name tun30000

This change allows to reset the interface at original state if the connection drops on both sides (client or server) instead of only on client side.

To automatically re-establish a stable connection after a disconnection, I'm using Monit.

To better understand tha changes done, I created a PR ( #4126 ) with my changes, hope it helps !

[OPNsense-bot]

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository,
please read https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue,
just let us know, so we can reopen the issue and assign an owner to it.