Manjaro stable 23.1.0 with Cisco AnyConnect Secure Mobility Client 4.10.06079.
Named version of AnyConnect is only version I got from remote network administrators.
Since two weeks (or so) ago it is no more possible to build vpn connection to remote network, “Connection attempt is everything” what user gets back from AnyConnect.
VPN worked very well till appx. the mid of week no. 48.
Dec 07 01:12:43 machi acvpnagent[995]: Function: determineAcidexMacAddrMapForTlv File: ../../vpn/Agent/MainThread.cpp Line: 6694 [ACIDEX] Determined public interface MAC address 08-00-33-xx-xx-xx (interface IPv4 address: 10.0.xx.xx)
Dec 07 01:12:43 machi acvpnui[14342]: Function: getUserName File: ../../vpn/Api/CTransportCurlStatic.cpp Line: 2843 PasswordEntry username is root
Dec 07 01:12:43 machi acvpnui[14342]: Function: PeerCertVerifyCB File: ../../vpn/Api/CTransportCurlStatic.cpp Line: 1114 Return success from VerifyServerCertificate
Dec 07 01:12:43 machi acvpnui[14342]: Function: errorCB File: ../../vpn/Common/Xml/CVCSaxParser.cpp Line: 119 xml errorCB: Document is empty
Dec 07 01:12:43 machi acvpnui[14342]: Function: startParser File: ../../vpn/Common/Xml/CVCSaxParser.cpp Line: 206 Invoked Function: xmlParseDocument Return Code: -1 (0xFFFFFFFF) Description: MTUADJUSTMENTCACHE_ERROR_UNKNOWN
Dec 07 01:12:43 machi acvpnui[14342]: Function: processXML File: ../../vpn/Api/xml/AggAuth.cpp Line: 71 Invoked Function: XmlParser::parseXml Return Code: -33554423 (0xFE000009) Description: Unable to process response from Gateway.
Dec 07 01:12:43 machi acvpnui[14342]: Function: processResponseStringFromSG File: ../../vpn/Api/ConnectMgr.cpp Line: 11894 Invoked Function: AggrAuth::processXML Return Code: -27590645 (0xFE5B000B) Description: AGGAUTH_ERROR_FAILED_TO_PARSE_XML
Dec 07 01:12:43 machi acvpnui[14342]: Message type warning sent to the user: Connection attempt has failed.
The log as above leads me to following discussion: archlinux, Cisco secure client fails to connect
<I am not eligible to place a link to this post, sorry>, archlinux user forum thread id 290520 where guys found out that libxml2 switch from 2.11.5-1 to 2.12.0-1 to cause such worsening.
Drop stuff form Cisco, it was always ■■■■■■ and it will be. For AnyConnect, there are way better VPN technologies available.
Since Arch and Manjaro usually don’t fix upstream problems, there is nothing you or Manjaro can do. There is no point in creating Bug reports with Arch. It will not be fixed there. The only entity that should do anything is Cisco, but Cisco don’t care, so stop buying and using there systems.
If users connecting to their organisation remote network are instructed by IT-team of same organisation network to use Cisco AnyConnect and only this how are the chances VPN client other vendors to work same well?
Your view is biased, biased not at single point but at number of points.
I wonder how you get myself to be in position in this particular case to have the power of deciding which VPN-solution to use. I wonder how you get me to had made the purchase of VPN solution. I wonder how you get me wants Manjaro to fix upstream problem. I wonder how you get it is my function to care for VPN server and client sides. These are not what I have reported.
You won’t understand that my position is a standpoint of organization network remote user where on another side following act: remote network administration, used VPN-solution provider, vendor of used operating system and all his dependencies.
I am not in power to know: if switch to other solution will happen, if it will happen the day it does yet what will be new solution. I am only instructed to use Cisco VPN client, otherwise in case of problems the remote network IT provides no support.
One day it will for sure be possible for me to get rid of Cisco VPN. In same period of time I won’t need to use Manjaro any more - I am happy that day to come.
Unfortunately you can’t just drop it into the existing location /opt/cisco/secureclient/lib because it does some kind of code integrity check on all the files in that directory.
Re: the other discussion in the thread. I’m a freelancer and have quit this client. I am actively excited to rm -rf /opt/cisco in the new year.
The period of time where I observed the worsening (working to not working) correlates with log points this Manjaro reading short series of updates libxml2 2.11.last to 2.12.first, subsequently to 2.12.2.
Am I dependent on what in this particular case remote network IT says or not? Do I need to adhere to, or not? If not, I need a solution of which the vendor will support in case of problems.
I don’t dare to ask remote network administration to change VPN-solution as I know they will laugh if myself comes to them with such request - I am one among thousands of their users.
Signals are received for libxml.2 version 2.12.4-1 to fix problem with Cisco AnyConnect client.
It seems to be released mid of previous week by Gnome project.
However in Manjaro somehow it got stuck - up to now reached no more as Unstable.
What is the reason?
All previous 2.12.x versions progressed pretty well and quickly to Stable. 2.12.4 doesn’t.
I need it to have AnyConnect working.
libxml2 version 2.12.4 is in the unstable branch. If you need it asap switch the this branch. Don’t forget to update all packages after the switch.
If you don’t care about system stability you can try to manually download and install the new libxml2 version. This is not a supported way and may result in an completely unusable system. But if you are lucky this can be a very fast way. Just make sure you have a working backup and can roll back fast.
Unfortunately Manjaro here is used to accomplish tasks. We need it to be stable and reliable - for user to be productive.
In case of troubles this Manjaro needs vendor’s support, hence modifications conducted are minimal, if any.
All prior 2.12 subversions needed short time to run through all branches then to reach stable.
Why is 2.12.4 different?
I see right now it reached Testing.
How are chances for it to need less time to make step to final branch than it needed for last branch transition?
I have no idea about when a stable snap is needed - it relies on the feedback from users on testing branch.
cisco anyconnect is - as I recall not in the repo - thus it must be custom build.
Like with anything else from AUR it requires arch package level - sometimes attainable at stable, sometimes not.
Take responsibility
If you have the resources for it - create your own environment and take responsibility for your systems
First
you can run your own inhouse mirror
point all your office workstations to that mirror
Second
deploy a custom mirror for hosting the packages you need from AUR
Add it before [core] to override any package of the same name in official repo
Add it to end to make it an additional repo
None of this is supported by the Manjaro Linux Community but I am fairly certain you can make some kind of agreement with the corporate part of Manjaro Imprint.
In my feeling dropping the usage of Manjaro will cost less effort.
Broken lib version grabbed from upstream Distribution in rapid manner.
To grab for fixed one needs ten times longer or more, there must be a good rationale behind it.
I have been using Manjaro Linux since late 2016 and I have had no downtime that was not caused by my lack of knowledge.
I have been more productive on Manjaro Linux than I have ever been with Windows systems.
You should do whatever you are most comfortable with.
These sentences make no sense to me.
If I understand you correct - you are implying that the file you require for a custom package should be available in Manjaro Linux repo?
Custom packaging is always the user’s responsibility - that goes for Arch Linux and Manjaro Linux - and any other Arch Linux based distribution out there.
You are most likely best served using a distribution less rolling - or if you really need that AnyConnect package - the easiest method is to switch the system to unstable branch and be done with it.
That would take far less resources and make for zero downtime.
And it is far easier to maintain a local mirror than you think.
If you do not have the knowledge yourself or the manpower to do so - I have offered my assistance which of course - as you appear to be running a business - is assistance that comes with a fee.