search

adrienverge / openfortivpn

Client for PPP+TLS VPN tunnel services
GNU General Public License v3.0
2.67k stars 319 forks source link

Dropped protocol specifier '.openfortivpn' from 'ppp0.openfortivpn'. Using 'ppp0' (ifindex=22). #1239

Open chriscorrales opened 1 month ago

chriscorrales commented 1 month ago

Hello 👋

I'm having trouble connecting to the VPN where I work. Most of my coworkers use openfortivpn with the same version, and can connect normally. I'm also the only one with the latest version of Ubuntu (24.04). I also added the line: resolvectl domain ppp0 my.suffix1 my.suffix2 to the /etc/ppp/ip-up file.

I noticed that my terminal has a different output, which is this message: "Dropped protocol specifier '.openfortivpn' from 'ppp0.openfortivpn'. Using 'ppp0' (ifindex=24)."

I use the following command to connect:

$ sudo openfortivpn <host>:<port> --username=<user>  --trusted-cert=<cert>

Here is the terminal output using -v. I replaced some confidential information with * and for some repeated outputs I put ...

DEBUG:  openfortivpn 1.21.0
DEBUG:  revision unavailable
DEBUG:  Loaded configuration file "/etc/openfortivpn/config".
VPN account password: 
DEBUG:  Configuration host = "*"
DEBUG:  Configuration realm = ""
DEBUG:  Configuration port = "*"
DEBUG:  Configuration username = "*"
DEBUG:  Resolving gateway host ip
DEBUG:  Establishing ssl connection
DEBUG:  SO_KEEPALIVE: OFF
DEBUG:  TCP_KEEPIDLE: 7200
DEBUG:  TCP_KEEPINTVL: 75
DEBUG:  TCP_KEEPCNT: 9
DEBUG:  SO_SNDBUF: 16384
DEBUG:  SO_RCVBUF: 131072
DEBUG:  server_addr: *
DEBUG:  server_port: 10443
DEBUG:  gateway_ip: *
DEBUG:  gateway_port: 10443
DEBUG:  Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG:  Setting minimum protocol version to: 0x303.
DEBUG:  Gateway certificate validation failed.
DEBUG:  Gateway certificate digest found in white list.
INFO:   Connected to gateway.
DEBUG:  Cookie: SVPNCOOKIE=*
INFO:   Authenticated.
DEBUG:  Cookie: SVPNCOOKIE=*
INFO:   Remote gateway has allocated a VPN.
DEBUG:  SO_KEEPALIVE: OFF
DEBUG:  TCP_KEEPIDLE: 7200
DEBUG:  TCP_KEEPINTVL: 75
DEBUG:  TCP_KEEPCNT: 9
DEBUG:  SO_SNDBUF: 16384
DEBUG:  SO_RCVBUF: 131072
DEBUG:  server_addr: *
DEBUG:  server_port: 10443
DEBUG:  gateway_ip: *
DEBUG:  gateway_port: 10443
DEBUG:  Setting cipher list to: HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4
DEBUG:  Setting minimum protocol version to: 0x303.
DEBUG:  Gateway certificate validation failed.
DEBUG:  Gateway certificate digest found in white list.
DEBUG:  Retrieving configuration
DEBUG:  Found dns server * in xml config
DEBUG:  Found dns server * in xml config
DEBUG:  Establishing the tunnel
DEBUG:  ppp_path: /usr/sbin/pppd
DEBUG:  Switch to tunneling mode
DEBUG:  Starting IO through the tunnel
DEBUG:  pppd_read thread
DEBUG:  ssl_read thread
DEBUG:  ssl_write thread
DEBUG:  if_config thread
Using interface ppp0
Connect: ppp0 <--> /dev/pts/1
DEBUG:  pppd_write thread
DEBUG:  pppd ---> gateway (16 bytes)
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  gateway ---> pppd (16 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
...
DEBUG:  gateway ---> pppd (12 bytes)
...
INFO:   Got addresses: [*], ns [*, *]
INFO:   Negotiation complete.
DEBUG:  Got Address: *
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
...
DEBUG:  Got Address: *
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
...
DEBUG:  Got Address: *
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
...
DEBUG:  Got Address: *
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
...
DEBUG:  Got Address: *
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
...
DEBUG:  Got Address: *
DEBUG:  if_config: not ready yet...
DEBUG:  gateway ---> pppd (12 bytes)
DEBUG:  pppd ---> gateway (12 bytes)
...
INFO:   Negotiation complete.
DEBUG:  pppd ---> gateway (6 bytes)
local  IP address *
remote IP address *
DEBUG:  Got Address: *
DEBUG:  Interface Name: ppp0
DEBUG:  Interface Addr: *
INFO:   Interface ppp0 is UP.
INFO:   Setting new routes...
DEBUG:  ip route show to */* dev !ppp0
DEBUG:  ip route show to */* dev ppp0
DEBUG:  Route not found.
DEBUG:  ip route show to */* dev !ppp0
DEBUG:  Setting route to vpn server...
DEBUG:  ip route show to */* via * dev wlp4s0
DEBUG:  ip route add to */* via * dev wlp4s0
DEBUG:  ip route add to */* dev ppp0
...
INFO:   Adding VPN nameservers...
DEBUG:  Attempting to run /sbin/resolvconf.
DEBUG:  resolvconf_call: /sbin/resolvconf -a "ppp0.openfortivpn"
Dropped protocol specifier '.openfortivpn' from 'ppp0.openfortivpn'. Using 'ppp0' (ifindex=23).
INFO:   Tunnel is up and running.

Does anyone know what can it be?

chriscorrales commented 1 month ago

UPDATE: I discovered that if I access the services by IP it works normally, but via DNS it doesn't work.

Mihai-B commented 1 month ago

I am having the same issue.

Until a permanent fix is found for this, I can bypass this by running these commands after connecting to VPN:

sudo resolvectl dns ppp0 <insert_company_internal_dns_ip>
sudo resolvectl domain ppp0 ~.