Closed podly closed 1 month ago
Hi, do you have password specified in the config file or as a command line parameter? If yes could you try not specifying it? I think there is a bug in the code but I need to confirm it.
Hi, yes, I provided password with BASE64 in command line and in config file. If I tried to not provide password, there was no prompt and auth was unsuccessful.
2024-06-04T12:05:06.195901Z DEBUG snxcore::tunnel::ipsec::connector: No status in reply, requested challenge for: UserPassword
2024-06-04T12:05:06.195917Z DEBUG snxcore::tunnel::ipsec::connector: Challenge msg: password:
2024-06-04T12:05:06.195927Z TRACE snxcore::tunnel::ipsec::connector: msg_obj: (msg_obj
:format (1.0)
:id (VPN_CUMULATE_PROMPT)
:def_msg ("password: ")
:arguments (
:0 (
:type (msg_obj)
:val (msg_obj
:format (1.0)
:id (CPSC_RADIUS_ENTER_PASSWORD)
:def_msg ("password: ")
:arguments ()
)
:def_text ("password: ")
)
)
)
2024-06-04T12:05:06.196627Z DEBUG isakmp::transport: Sending ISAKMP message of size 80 to 10.10.10.10:500
Error: No state
I have pushed a possible fix, if you could build the project please try it.
Now it is asking for password, but there is still something wrong with MFA:
2024-06-04T12:45:52.673288Z DEBUG snxcore::tunnel::ipsec::connector: No status in reply, requested challenge for: UserPassword
2024-06-04T12:45:52.673313Z DEBUG snxcore::tunnel::ipsec::connector: Challenge msg: password:
2024-06-04T12:45:52.673322Z TRACE snxcore::tunnel::ipsec::connector: msg_obj: (msg_obj
:format (1.0)
:id (VPN_CUMULATE_PROMPT)
:def_msg ("password: ")
:arguments (
:0 (
:type (msg_obj)
:val (msg_obj
:format (1.0)
:id (CPSC_RADIUS_ENTER_PASSWORD)
:def_msg ("password: ")
:arguments ()
)
:def_text ("password: ")
)
)
)
2024-06-04T12:45:52.673493Z DEBUG snxcore::tunnel::ipsec::connector: Challenge ID: CPSC_RADIUS_ENTER_PASSWORD
2024-06-04T12:45:52.673520Z DEBUG snxcore::tunnel::ipsec::connector: Challenge prompt: password:
password:
2024-06-04T12:46:00.738953Z DEBUG isakmp::ikev1::service: Sending auth attribute: UserPassword, timeout: Some(120) seconds
2024-06-04T12:46:00.739211Z DEBUG isakmp::transport: Sending ISAKMP message of size 92 to 10.10.10.10:500
2024-06-04T12:46:00.739370Z TRACE isakmp::transport: Discarding already received message
2024-06-04T12:46:00.739407Z TRACE isakmp::transport: Discarding already received message
2024-06-04T12:46:00.739426Z TRACE isakmp::transport: Discarding already received message
2024-06-04T12:46:00.739450Z TRACE isakmp::transport: Discarding already received message
2024-06-04T12:46:01.669836Z DEBUG isakmp::transport: Parsing ISAKMP message of size 444
2024-06-04T12:46:01.669913Z TRACE isakmp::payload: Parsing payload: type=Hash, size=20, next=Attributes
2024-06-04T12:46:01.669928Z TRACE isakmp::payload: Parsing payload: type=Attributes, size=378, next=None
2024-06-04T12:46:01.669965Z DEBUG isakmp::ikev1::service: Message ID: c1ce912f
2024-06-04T12:46:01.669975Z DEBUG isakmp::ikev1::service: Response message ID: c1ce912f
2024-06-04T12:46:01.670031Z DEBUG snxcore::tunnel::ipsec::connector: No status in reply, requested challenge for: UserPassword
2024-06-04T12:46:01.670053Z DEBUG snxcore::tunnel::ipsec::connector: Challenge msg: Enter Your Microsoft verification code
2024-06-04T12:46:01.670061Z TRACE snxcore::tunnel::ipsec::connector: msg_obj: (msg_obj
:format (1.0)
:id (VPN_CUMULATE_PROMPT)
:def_msg ("Enter Your Microsoft verification code")
:arguments (
:0 (
:type (msg_obj)
:val (msg_obj
:format (1.0)
:def_msg ("Enter Your Microsoft verification code")
:arguments ()
)
:def_text ("Enter Your Microsoft verification code")
)
)
)
2024-06-04T12:46:01.670771Z DEBUG isakmp::transport: Sending ISAKMP message of size 80 to 10.10.10.10:500
Error: No challenge id!
Ok, another attribute missing in checkpoint reply. Try now please.
It is working OK now, thank you!
Great, thanks for your help with testing.
Hi,
I'm trying to get this working with username + password + SMS verification code. Username and password seems to authenticate OK, but there is no prompt for providing SMS code. Each time I try to connect I receive SMS with code twice. Any chance to get this working?
Thx.