search

MatthiasLohr / docker-f5fpc

F5 VPN Client Docker Router
54 stars 26 forks source link

Connection Status: logon failed #17

Closed DavidGzzMilan closed 6 years ago

DavidGzzMilan commented 6 years ago 
Additional information:
Connection Status: logon failed
Server certificate verification failed.
Unknown result code: 7
Please create an issue with this code here:
https://github.com/MatthiasLohr/docker-f5fpc/issues/new
MatthiasLohr commented 6 years ago

Can you please check if my new commit in the bugfix/logonDenied branch deals successfully with that? Thanks!

DavidGzzMilan commented 6 years ago

Certainly I can go forward, but now I'm receiving this message:

➜  docker-f5fpc git:(bugfix/logonDenied) ./f5fpc-vpn.sh client
Please enter VPN host name (e.g. vpn.yourserver.com): vpn.example.us
Please enter your VPN username: ***********
Please enter your VPN password:
Logon denied. Insufficient privileges/wrong logon credentials?
Exiting...f5fpc-vpn

If I try connect with my BIG-IP EDGE f5 client I connect with no trouble.

screen shot 2018-09-26 at 11 29 58 am
MatthiasLohr commented 6 years ago

Do you have any bash/shell relevant special characters in your username/password? Something that should be escaped?

DavidGzzMilan commented 6 years ago

No really, username has a dot '.' and password a pound '#' but I suppose that is ok

MatthiasLohr commented 6 years ago

Ah, the problem is in your first post:

Server certificate verification failed.

So I have to think on how to deal with that...

MatthiasLohr commented 6 years ago

Are you using the newest docker image? Can you retry deleting and pulling again (the docker image, not (only) this repository)?

DavidGzzMilan commented 6 years ago

Just tried the suggest, getting slightly different message but at the end same result:

➜  ~ docker image rm matthiaslohr/f5fpc
Untagged: matthiaslohr/f5fpc:latest
Untagged: matthiaslohr/f5fpc@sha256:a8dcbb022316163499b91773548f167374873e4a9d30d2a7fe720d54a6c6a939
Deleted: sha256:ec0349d4c5a82f2bf4093b14c9b119b02660a89cc742b75224958deecfbf6578
Deleted: sha256:882c3c031d170f6b7b0c020b572b03a789be039beccd0553ff7d8a816181e944
Deleted: sha256:3edad633fc891ae70280286878b277d207c1f8f8899d6583f0775fd763137ca2
Deleted: sha256:ad649e4108b54ef6f341731f19142391da9b0c27a653ec040d3381c9fdc84931
Deleted: sha256:df64d3292fd6194b7865d7326af5255db6d81e9df29f48adde61a918fbd8c332

➜  ~ docker image pull matthiaslohr/f5fpc
Using default tag: latest
latest: Pulling from matthiaslohr/f5fpc
4fe2ade4980c: Pull complete
3d3df7cb688f: Pull complete
d95014599d07: Pull complete
9dd9ebd1d880: Pull complete
Digest: sha256:a8dcbb022316163499b91773548f167374873e4a9d30d2a7fe720d54a6c6a939
Status: Downloaded newer image for matthiaslohr/f5fpc:latest
➜  docker-f5fpc git:(bugfix/logonDenied) git fetch origin
remote: Enumerating objects: 5, done.
remote: Counting objects: 100% (5/5), done.
remote: Compressing objects: 100% (1/1), done.
remote: Total 3 (delta 2), reused 3 (delta 2), pack-reused 0
Desempaquetando objetos: 100% (3/3), listo.
Desde https://github.com/MatthiasLohr/docker-f5fpc
   2432be6..ce1a0d1  bugfix/logonDenied -> origin/bugfix/logonDenied

➜  docker-f5fpc git:(bugfix/logonDenied) git pull
Actualizando 2432be6..ce1a0d1
Fast-forward
 f5fpc-vpn.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

➜  docker-f5fpc git:(bugfix/logonDenied) ./f5fpc-vpn.sh client
Please enter VPN host name (e.g. vpn.yourserver.com): vpn.example.us
Please enter your VPN username: d*****.g******
Please enter your VPN password:
Logon denied
Connection Status: logon failed
Server certificate verification failed.
f5fpc-vpn

➜  docker-f5fpc git:(bugfix/logonDenied)
MatthiasLohr commented 6 years ago

Ok. Then, in my opinion, the problem is not part of this project. Your server certificate (your real domain is contained in one of your pictures...) seems not to be verifiable by CAs contained in the ca-certificates package. I already created a new ticket (#19) for supporting custom CAs, but for now I'm not sure why my browser validates your server certificate, but curl (on the same machine) does not. You could try the following:

curl https://vpn.yourserver.us/

either on your local machine or better in the f5fpc container. That gives me:

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

That's also the reason why the f5vpn script says "Server certificate verification failed." So, please check your server certificate.