search

ancwrd1 / snx-rs

Open Source Linux Client For Check Point VPN Tunnels
GNU Affero General Public License v3.0
95 stars 8 forks source link

ipsec `Error: Unknown device type` #25

Closed sneakythr0ws closed 3 months ago

sneakythr0ws commented 3 months ago

Hi! Thanks for your work!

I successfully connected via snx-rs in ssl mode. But I have a problem with ipsec. Error: Unknown device type May bee I need additional libraries? Ubuntu 23.04. 6.8.0-35-generic

ancwrd1 commented 3 months ago

Can you provide trace-level log please? I am not sure on which stage this happens. May be some kernel module is missing.

ancwrd1 commented 3 months ago

I think xfrm_interface module might not be loaded automatically. Please check with lsmod|grep xfrm

sneakythr0ws commented 3 months ago

trace log

➜  ~ snxctl connect
2024-06-20T13:33:19.300728Z  WARN snxcore::ccc: Disabling all certificate checks!!!
2024-06-20T13:33:19.312762Z TRACE snxcore::ccc: Request to server: (CCCclientRequest
    :RequestData (
        :client_info (
            :client_support_saml (true)
            :client_type (SYMBIAN)
            :client_version (1)))
    :RequestHeader (
        :id (2)
        :type (ClientHello)))
2024-06-20T13:33:19.313505Z TRACE hyper_util::client::legacy::pool: checkout waiting for idle connection: ("https", host)
2024-06-20T13:33:19.313521Z TRACE hyper_util::client::legacy::connect::http: Http::connect; scheme=Some("https"), host=Some("host"), port=None
2024-06-20T13:33:19.313620Z DEBUG hyper_util::client::legacy::connect::dns: resolving host="host"
2024-06-20T13:33:19.510207Z DEBUG hyper_util::client::legacy::connect::http: connecting to host:443
2024-06-20T13:33:19.565816Z DEBUG hyper_util::client::legacy::connect::http: connected to host:443
2024-06-20T13:33:19.705676Z TRACE hyper_util::client::legacy::client: http1 handshake complete, spawning background dispatcher task
2024-06-20T13:33:19.705830Z TRACE hyper_util::client::legacy::pool: checkout dropped for ("https", host)
2024-06-20T13:33:19.762895Z TRACE snxcore::ccc: Reply from server: (CCCserverResponse
    ...
OTP: 
Domain Password: 
Error: Error: Unknown device type.

lsmod

➜  ~ lsmod|grep  xfrm
xfrm_user              61440  3
xfrm_algo              20480  1 xfrm_user
ancwrd1 commented 3 months ago

Can you try sudo modprobe xfrm_interface?

sneakythr0ws commented 3 months ago

sudo modprobe xfrm_interface


modprobe: ERROR: could not insert 'xfrm_interface': Address family not supported by protocol```
sneakythr0ws commented 3 months ago

As I understand it requires ipv6 enabled?

ancwrd1 commented 3 months ago

Hmm I am not sure about ipv6, to be honest. But it might be the cause indeed. XFRM kernel module is required for ipsec, otherwise it won't work.

sneakythr0ws commented 3 months ago

Hmm I am not sure about ipv6, to be honest. But it might be the cause indeed. XFRM kernel module is required for ipsec, otherwise it won't work.

thank you very much! after enabling ipv6 everything was connected

ancwrd1 commented 3 months ago

I will put it in the README file as a system requirement.