Saturday, 5 May 2012

Building openconnect for RHEL 5

This blog entry is of historical interest now. If you just want openconnect ready to run for RHEL/CentOS/clones, you can get openconnect 4.0 from EPEL now, thanks to David Woodhouse. (2012-07-26)

Openconnect is an open source client that can connect to Cisco's AnyConnect SSL VPN. There are packages for Fedora but none for RHEL 5. I needed one (actually for CentOS 5) so I set myself the task of building it from the latest Fedora 18 source RPM.


First of all install mock from the EPEL repo. You will need to track down the latest version of Mock 1.0, as Mock 1.1 has Python 2.5 constructs which won't work on RHEL 5.


You can't just do a mock rebuild right away. The Fedora SRPM has an MD5 sum which causes an error when extracting on RHEL 5. In any case we need to make some edits to the spec file. So first extract the Fedora 18 openconnect SRPM in the standard RHEL area, /usr/src/redhat:


rpm -i --nomd5 openconnect-...src.rpm


Now edit the spec file and remove the dependency on libproxy and change vpnc-script to vpnc. Also change the openssl dependency to the latest available for RHEL 5. RedHat keeps the version number the same while backporting fixes so it's ok that the required version decreases.


Create a new SRPM with


rpmbuild -bs openconnect.spec


Do the mock build on the new SRPM


mock openconnect-...src.rpm


You will encounter missing dependencies, so use tell mock to install those in the fakeroot and try again. Eventually you will get a binary RPM in /var/lib/mock/epel-5-x86_64/result (i386 for 32-bit of course).


Unfortunately the associated NetworkManager-openconnect cannot be ported to RHEL 5 due to requiring higher versions of X libraries. However it isn't too unfriendly to run openconnect from the command line (with root privilege, as it configures a TUN device):


openconnect ip_address_of_gateway


and it will prompt you for the username and password. You may want to look at command line options of openconnect to see what else is needed.


Probably the best you can do to make it user friendly is to use sudo to run it, and then create a GNOME or KDE launcher to run a terminal running it.

No comments:

Post a Comment