Closed IdiotEbrilo closed 1 month ago
I think it's probably just a bug. could you please run the following command and attach the output (redacting any sensitive info). Replace SERVER_ADDRESS with your VPN GW.
curl -k -X POST -d '(CCCclientRequest :RequestHeader ( :id (0) :type (ClientHello)) :RequestData ( :client_info ( :client_type (TRAC) :client_version (1) :client_support_saml (true))))' https://SERVER_ADDRESS/clients
Here it goes:
(CCCserverResponse
:ResponseHeader (
:id (0)
:type (ClientHello)
:session_id ()
:return_code (600)
)
:ResponseData (
:protocol_version (
:protocol_version (100)
:features (0x1)
)
:upgrade_configuration (
:available_client_version (835000022)
:client_upgrade_url ("/CSHELL/")
:upgrade_mode (no_upgrade)
)
:connectivity_info (
:default_authentication_method (client_decide)
:client_enabled (true)
:supported_data_tunnel_protocols (
: (IPSec)
: (SSL)
: (L2TP)
)
:connectivity_type (IPSec)
:server_ip (10.5.242.70)
:ipsec_transport (auto_detect)
:tcpt_port (443)
:natt_port (4500)
:connect_with_certificate_url ("/clients/cert/")
:cookie_name (CPCVPN_SESSION_ID)
:internal_ca_fingerprint (
:1 (707371107877627815647e62630478707c6909ff0c010d13030e71610f0d1a086074110a0513121713097018137c776e07ff1d660b051d6c)
)
)
:end_point_security (
:ics (
:run_ics (false)
:ics_base_url ("/clients/ICS/components")
:ics_version (403006000)
:ics_upgrade_url ("/clients/ICS/components/icsweb.cab")
:ics_images_url ("/clients/ICS/components/ICS_images.cab")
:ics_images_ver (403006000)
:ics_cab_url ("/clients/ICS/components/cl_ics.cab")
:ics_cab_version ("994000010
")
)
)
:login_options_data (
:login_options_list (
:0 (
:id (vpn_Certificate_**********)
:secondary_realm_hash (1679091c5a880faf6fb5e6087eb1b2dc)
:display_name ("********** Certificate")
:show_realm (1)
:factors (
:0 (
:factor_type (certificate)
:securid_card_type ()
:certificate_storage_type (capi)
:custom_display_labels (
:header ("Please provide certificate in order to authenticate")
)
)
)
)
:1 (
:id (vpn_**********-Certificate)
:secondary_realm_hash (1679091c5a880faf6fb5e6087eb1b2dc)
:display_name ("********** Certificate")
:show_realm (1)
:factors (
:0 (
:factor_type (certificate)
:securid_card_type ()
:certificate_storage_type (any)
:custom_display_labels (
:header ("Please provide certificate in order to authenticate")
)
)
)
)
:2 (
:id (vpn_Cert_DID)
:secondary_realm_hash (1679091c5a880faf6fb5e6087eb1b2dc)
:display_name (**********_Contracts)
:show_realm (1)
:factors (
:0 (
:factor_type (certificate)
:securid_card_type ()
:certificate_storage_type (capi)
:custom_display_labels (
:header ("Please provide certificate in order to authenticate")
)
)
)
)
:3 (
:id (vpn_dso-cert)
:secondary_realm_hash (1679091c5a880faf6fb5e6087eb1b2dc)
:display_name ("DSO Certificate")
:show_realm (1)
:factors (
:0 (
:factor_type (certificate)
:securid_card_type ()
:certificate_storage_type (capi)
:custom_display_labels (
:header ("Please provide certificate in order to authenticate")
)
)
)
)
:4 (
:id (vpn_DSO_Capsule)
:secondary_realm_hash (1679091c5a880faf6fb5e6087eb1b2dc)
:display_name ("DSO capsule certificate")
:show_realm (1)
:factors (
:0 (
:factor_type (certificate)
:securid_card_type ()
:certificate_storage_type (any)
:custom_display_labels (
:header ("Please provide certificate in order to authenticate")
)
)
)
)
:5 (
:id (vpn_**********_ca2)
:secondary_realm_hash (1679091c5a880faf6fb5e6087eb1b2dc)
:display_name ("********** **********")
:show_realm (1)
:factors (
:0 (
:factor_type (certificate)
:securid_card_type ()
:certificate_storage_type (capi)
:custom_display_labels (
:header ("Please provide certificate in order to authenticate")
)
)
)
)
:6 (
:id (vpn)
:secondary_realm_hash (1679091c5a880faf6fb5e6087eb1b2dc)
:display_name (Standard)
:show_realm (1)
:factors (
:0 (
:factor_type (certificate)
:securid_card_type ()
:certificate_storage_type (capi)
:custom_display_labels (
:header ("Please provide certificate in order to authenticate")
)
)
)
)
)
:login_options_md5 (63596529732fdb11915ceb72660e0515)
)
)
)
Please pull the changes, build and try again.
Thanks! Now it connects.
But here's one more thing with routing. I set it to ignore all routes provided by snx server and add one route manually:
But it adds completely different route:
So i can add it only manually with console:
sudo ip route add 10.0.0.0/8 dev snx-xfrm scope link
How can i add custom static routes with gui app?
So there was yet another bug (manual routes ignored for IPSec tunnel), now fixed. Thanks for reporting.
The one on the screenshot is the kernel route added automatically when interface is configured with IP address.
Connects flawlessly now. Thanks for your work!
Hi! Sorry to annoy you once again, but i've been experimenting with snx-rs-gui for some time, and it apparently is unable to fetch login types that can be obtained with the console.
Here's the output of the
snx-rs -m info
(i removed some personal info):So login options are available, although the cert check must be disabled. But when i try to do the same with GUI app, it says it's unable to fetch anything from data it received:
Cert check is disabled too:
What am i doing wrong?..
Update: also noticed, that gui app attempts to get login types from https://DOMAIN/clients, while console command uses just https://DOMAIN.