Open sourav-majumdar-math opened 1 year ago
A simple network change cannot explain the lack of messages on stdout. You must be using a different version of openfortivpn on your home wifi and elsewhere.
What about the output of openfortivpn -v -v -v
?
Thank you so much for responding.
I ran sudo openfortivpn -v -v -v -c openfortivpn.conf
and I get the following,
DEBUG: ATTENTION: the output contains sensitive information such as the THE CLEAR TEXT PASSWORD.
DEBUG: openfortivpn 1.20.3
DEBUG: Loaded configuration file "openfortivpn.conf".
DEBUG: Loaded password from configuration file "openfortivpn.conf"
DEBUG: Configuration host = "REDACTED"
DEBUG: Configuration realm = ""
DEBUG: Configuration port = "REDACTED"
DEBUG: Configuration username = "REDACTED"
DEBUG: Configuration password = "REDACTED"
DEBUG: Resolving gateway host ip
DEBUG: Establishing ssl connection
DEBUG: SO_KEEPALIVE: OFF
DEBUG: TCP_KEEPIDLE: 7200
DEBUG: TCP_KEEPINTVL: 75
DEBUG: TCP_KEEPCNT: 9
DEBUG: SO_SNDBUF: 16384
DEBUG: SO_RCVBUF: 131072
DEBUG: server_addr: REDACTED
DEBUG: server_port: REDACTED
DEBUG: gateway_ip: REDACTED
DEBUG: gateway_port: REDACTED
DEBUG: Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG: Setting minimum protocol version to: 0x303.
No response to 4 echo-requests
Serial link appears to be disconnected.
Connection terminated.
Modem hangup
and it just stays stuck here on my home wifi
So there is output to stdout after all.
What does openfortivpn -v -v -v
has to say from a different network than home wifi?
Also, these messages are from pppd
:
Not sure why pppd
doesn't work as expected. Perhaps a routing problem?
So there is output to stdout after all.
I wasn't patient enough to wait for it to appear previously. Apologies for the confusion.
When I change network I am able to connect and the output of the command is,
DEBUG: ATTENTION: the output contains sensitive information such as the THE CLEAR TEXT PASSWORD.
DEBUG: openfortivpn 1.20.3
DEBUG: Loaded configuration file "openfortivpn.conf".
DEBUG: Loaded password from configuration file "openfortivpn.conf"
DEBUG: Configuration host = "REDACTED"
DEBUG: Configuration realm = ""
DEBUG: Configuration port = "REDACTED"
DEBUG: Configuration username = "REDACTED"
DEBUG: Configuration password = "REDACTED"
DEBUG: Resolving gateway host ip
DEBUG: Establishing ssl connection
DEBUG: SO_KEEPALIVE: OFF
DEBUG: TCP_KEEPIDLE: 7200
DEBUG: TCP_KEEPINTVL: 75
DEBUG: TCP_KEEPCNT: 9
DEBUG: SO_SNDBUF: 16384
DEBUG: SO_RCVBUF: 131072
DEBUG: server_addr: REDACTED
DEBUG: server_port: REDACTED
DEBUG: gateway_ip: REDACTED
DEBUG: gateway_port: REDACTED
DEBUG: Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG: Setting minimum protocol version to: 0x303.
DEBUG: Gateway certificate validation failed.
DEBUG: Gateway certificate digest found in white list.
INFO: Connected to gateway.
DEBUG: http_send:
POST /remote/logincheck HTTP/1.1
Host: REDACTED
User-Agent: Mozilla/5.0 SV1
Accept: */*
Accept-Encoding: gzip, deflate, br
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT
Content-Type: application/x-www-form-urlencoded
Cookie:
Content-Length: 51
username=REDACTED&credential=REDACTED&realm=&ajax=1
DEBUG: http_receive:
HTTP/1.1 200 OK
Date: Thu, 25 May 2023 15:16:26 GMT
Server: xxxxxxxx-xxxxx
Set-Cookie: SVPNCOOKIE=REDACTED; path=/; secure; httponly; SameSite=Strict
Transfer-Encoding: chunked
Content-Type: text/html
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'; object-src 'self'; script-src 'self' https 'unsafe-eval' 'unsafe-inline' blob:;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
6e
<html><head>
<script language='javascript'>
document.location='/sslvpn/portal.html';
</script>
</head></html>
0
7.0
DEBUG: Cookie: SVPNCOOKIE=REDACTED
INFO: Authenticated.
DEBUG: Cookie: SVPNCOOKIE=REDACTED
DEBUG: http_send:
GET /remote/index HTTP/1.1
Host: REDACTED
User-Agent: Mozilla/5.0 SV1
Accept: */*
Accept-Encoding: gzip, deflate, br
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT
Content-Type: application/x-www-form-urlencoded
Cookie: SVPNCOOKIE=REDACTED
Content-Length: 0
and it goes on and on. Let me know if a specific portion of the output is worth looking at
I see the message Establishing ssl connection
but not the message Connected to gateway.
which means openfortivpn fails to complete step 1, creating the TLS connection,
https://github.com/adrienverge/openfortivpn/blob/45cb8e0f9984f1d54b648e499bda637d96568908/src/tunnel.c#L1266-L1271
In that case, it shouldn't attempt step 4, starting pppd
:
https://github.com/adrienverge/openfortivpn/blob/45cb8e0f9984f1d54b648e499bda637d96568908/src/tunnel.c#L1311-L1313
And indeed, I don't see message Establishing the tunnel
. Yet, we see error messages from pppd
. That's disturbing. It's been a long time since I last looked at the details of openfortivpn sources, so I may be missing something, but I find this disturbing. Something's very wrong here, but what?
Perhaps you can add a few printf
calls here and there in the source code, rebuild, and attempt to find where exactly openfortivpn fails.
I have been using
openfortivpn
for around two years. On my home wifi when I try to connect to the vpn there are no messages on stdout and it doesn't connect. I used to be able to connect on the home wifi earlier. I am able to connect to the vpn when I change my network to my mobile data.However when I connect to the vpn using the android forticlient through the home wifi I am able to connect.
The issue seems to be openfortivpn+linux+home wifi? I am out of my wits on how to debug this.
I am on Arch Linux.