Seeking assistance on an issue with forcing upgrades via webdeploy to remote linux clients. After enabling a newer version of AnyConnect on a pair of ASAs (5555-X) when remote linux users running an older version connect they are unable to establish a VPN session. From what I can tell it more than likely has something to do with the client side. I have disabled firewalld, modified perms on /tmp dir, modified owner of dirs, among several other things. From client side debugging I see the following:
acvpnui[9648]: Function: launchRemoteDownloader File: ../../vpn/Api/ConnectMgr.cpp Line: 8667 Successfully launched the downloader.
cisco-anyconnect.desktop: gzip: stdin: unexpected end of file
cisco-anyconnect.desktop: /tmp/vpnldcmv8/vpndownloader.sh: line 25: /tmp/vpn.ot6mXM/vpndownloader: Permission denied
acvpnui[9648]: Function: launchRemoteDownloader File: ../../vpn/Api/ConnectMgr.cpp Line: 8685 Invoked Function: CProcessApi::WaitForProcess Return Code: 126 (0x0000007E) Description: Downloader terminated abnormally
When viewing vpndownloader.sh, line 25 references this chunk:
chmod a+x ./vpndownloader || exit 1
ERRVAL=0
${DOWNLOADERLOCATION}/vpndownloader "$*" || ERRVAL=$?
rm -rf ${FILELIST}
cd - > /dev/null
if [ ${RMTEMP} = "yes" ]; then
rm -rf ${DOWNLOADERLOCATION}
fi
The thinking is that something on client side is killing the upgrade due to this cmd in vpndownloader.sh: chmod a+x ./vpndownloader
However, all changes I have tested result in same error.
I must note that the client is running: CentOS Linux release 7.9.2009 (3.10.0-1160.2.2.el7.x86_64). I am aware that technically it is an unsupported Linux OS. However, there are several clients that work perfectly fine running CentOS.
Has anyone encountered a similar issue with Linux & webdeploy, and has anyone seen webdeploy work for CentOS clients? TIA!
