ancwrd1 / snx-rs

Open Source Linux Client For Check Point VPN Tunnels
GNU Affero General Public License v3.0
120 stars 9 forks source link

SSL tunnel with default-route=true causes "No response for keepalive packets, tunnel appears stuck" #50

Closed dpqkdqkj closed 1 month ago

dpqkdqkj commented 1 month ago

The problem occurs when the config file specifies default-route=true. I've seen similar ones issues https://github.com/ancwrd1/snx-rs/issues/42 but I don't understand the solution. I used v2.6.0 (snx-rs-v2.6.0-linux-x86_64.tar.xz).

With default-route=true

Hide/Show config cat conf.conf (with default-route) ``` server-name= user-name= log-level=trace tunnel-type=ssl login-type=vpn cert-type=none no-cert-check=true ignore-server-cert=true default-route=true ```

I run the command ./snx-rs -m command -c conf.conf and then ./snxctl connect -c conf.conf

Hide/Show output ./snx-rs -m command -c conf.conf ``` 2024-10-28T19:06:59.654890Z DEBUG snxcore::platform::linux::net: NetworkManager state changed to ConnectedGlobal 2024-10-28T19:09:27.113916Z TRACE snxcore::server: Command received 2024-10-28T19:09:27.113936Z TRACE snxcore::server: Handling get status command 2024-10-28T19:09:27.113946Z TRACE snxcore::server: Response: ConnectionStatus(ConnectionStatus { connected_since: None, mfa: None }) 2024-10-28T19:09:27.235613Z TRACE snxcore::server: Command received 2024-10-28T19:09:27.235650Z TRACE snxcore::server: Handling connect command 2024-10-28T19:09:27.235670Z DEBUG snxcore::tunnel::ssl::connector: Authenticating to endpoint: 2024-10-28T19:09:27.235802Z WARN snxcore::ccc: Disabling all certificate checks!!! 2024-10-28T19:09:27.263396Z TRACE snxcore::ccc: Request to server: (CCCclientRequest :RequestData ( :client_logging_data ( :device_id ("{}") :os_name (Windows)) :client_type (TRAC) :password () :selectedLoginOption (vpn) :username ()) :RequestHeader ( :id (2) :type (UserPass))) 2024-10-28T19:09:27.263514Z TRACE hyper_util::client::legacy::pool: checkout waiting for idle connection: ("https", ) 2024-10-28T19:09:27.263543Z TRACE hyper_util::client::legacy::connect::http: Http::connect; scheme=Some("https"), host=Some(""), port=None 2024-10-28T19:09:27.263561Z DEBUG hyper_util::client::legacy::connect::http: connecting to :443 2024-10-28T19:09:27.276361Z DEBUG hyper_util::client::legacy::connect::http: connected to :443 2024-10-28T19:09:27.346089Z TRACE hyper_util::client::legacy::client: http1 handshake complete, spawning background dispatcher task 2024-10-28T19:09:27.346296Z TRACE hyper_util::client::legacy::pool: checkout dropped for ("https", ) 2024-10-28T19:09:27.364209Z TRACE snxcore::ccc: Reply from server: (CCCserverResponse :ResponseHeader ( :id (2) :type (UserPass) :session_id () :return_code (600) ) :ResponseData ( :authn_status (continue) :prompt () :prompt_id () :session_id () :auth_state (new_challenge) :error_message () :error_id () ) ) 2024-10-28T19:09:27.366292Z DEBUG snxcore::server: Pending multi-factor, awaiting for it 2024-10-28T19:09:27.366331Z TRACE snxcore::server: Response: Ok 2024-10-28T19:09:27.367304Z TRACE snxcore::server: Command received 2024-10-28T19:09:27.367319Z TRACE snxcore::server: Handling get status command 2024-10-28T19:09:27.367325Z TRACE snxcore::server: Response: ConnectionStatus(ConnectionStatus { connected_since: None, mfa: Some(MfaChallenge { mfa_type: PasswordInput, prompt: "password: " }) }) ```

after entering the password

Hide/Show output ``` 2024-10-28T19:10:31.310072Z TRACE snxcore::server: Command received 2024-10-28T19:10:31.310156Z DEBUG snxcore::server: Handling challenge code command 2024-10-28T19:10:31.310189Z DEBUG snxcore::tunnel::ssl::connector: Authenticating with challenge code to endpoint: 2024-10-28T19:10:31.310255Z WARN snxcore::ccc: Disabling all certificate checks!!! 2024-10-28T19:10:31.334757Z TRACE snxcore::ccc: Request to server: (CCCclientRequest :RequestData ( :auth_session_id () :client_type (TRAC) :user_input ()) :RequestHeader ( :id (3) :session_id () :type (MultiChallange))) 2024-10-28T19:10:31.334875Z TRACE hyper_util::client::legacy::pool: checkout waiting for idle connection: ("https", ) 2024-10-28T19:10:31.334894Z TRACE hyper_util::client::legacy::connect::http: Http::connect; scheme=Some("https"), host=Some(""), port=None 2024-10-28T19:10:31.334902Z DEBUG hyper_util::client::legacy::connect::http: connecting to :443 2024-10-28T19:10:31.347857Z DEBUG hyper_util::client::legacy::connect::http: connected to :443 2024-10-28T19:10:31.461687Z TRACE hyper_util::client::legacy::client: http1 handshake complete, spawning background dispatcher task 2024-10-28T19:10:31.462040Z TRACE hyper_util::client::legacy::pool: checkout dropped for ("https", ) 2024-10-28T19:10:32.968098Z TRACE snxcore::ccc: Reply from server: (CCCserverResponse :ResponseHeader ( :id (3) :type (MultiChallange) :session_id () :return_code (600) ) :ResponseData ( :authn_status (done) :is_authenticated (true) :active_key () :server_fingerprint () :server_cn () :session_id () :active_key_timeout (28800) ) ) 2024-10-28T19:10:32.969005Z DEBUG snxcore::tunnel::ssl::connector: Authentication OK, session id: 2024-10-28T19:10:32.981809Z WARN snxcore::tunnel::ssl: Disabling all certificate checks!!! 2024-10-28T19:10:33.064732Z DEBUG snxcore::tunnel::ssl: Tunnel connected 2024-10-28T19:10:33.064856Z DEBUG snxcore::tunnel::ssl: Running SSL tunnel for session 2024-10-28T19:10:33.064892Z TRACE snxcore::tunnel::ssl: Hello request: ClientHelloData { client_version: 1, protocol_version: 1, protocol_minor_version: 1, office_mode: OfficeMode { ipaddr: "0.0.0.0", keep_address: Some(false), dns_servers: None, dns_suffix: None }, optional: Some(OptionalRequest { client_type: "4" }), cookie: "" } 2024-10-28T19:10:33.064960Z TRACE snxcore::server: Response: Ok 2024-10-28T19:10:33.065689Z TRACE snxcore::server: Command received 2024-10-28T19:10:33.065708Z TRACE snxcore::server: Handling get status command 2024-10-28T19:10:33.065717Z TRACE snxcore::server: Response: ConnectionStatus(ConnectionStatus { connected_since: Some(2024-10-28T22:10:33.064807619+03:00), mfa: None }) 2024-10-28T19:10:33.079853Z TRACE snxcore::tunnel::ssl: Hello reply: Object(Some("hello_reply"), {"OM": Object(None, {"dns_servers": Array([Value("192.168.25.5")]), "dns_suffix": Value(""), "ipaddr": Value("192.168.26.15")}), "optional": Object(None, {"subnet": Value("255.255.255.0")}), "protocol_version": Value("1"), "range": Array([Object(None, {"from": Value(""), "to": Value("")}), Object(None, {"from": Value(""), "to": Value("")}), Object(None, {"from": Value("192.168.1.1"), "to": Value("192.168.1.1")}), Object(None, {"from": Value("192.168.20.1"), "to": Value("192.168.20.1")}), Object(None, {"from": Value("192.168.21.1"), "to": Value("192.168.21.1")}), Object(None, {"from": Value("192.168.22.1"), "to": Value("192.168.22.1")}), Object(None, {"from": Value("192.168.23.1"), "to": Value("192.168.23.1")}), Object(None, {"from": Value("192.168.24.1"), "to": Value("192.168.24.1")}), Object(None, {"from": Value("192.168.25.1"), "to": Value("192.168.25.1")}), Object(None, {"from": Value("192.168.26.0"), "to": Value("192.168.26.255")}), Object(None, {"from": Value("192.168.27.1"), "to": Value("192.168.27.1")}), Object(None, {"from": Value("192.168.28.1"), "to": Value("192.168.28.1")}), Object(None, {"from": Value("192.168.29.1"), "to": Value("192.168.29.1")}), Object(None, {"from": Value("192.168.30.1"), "to": Value("192.168.30.1")}), Object(None, {"from": Value("192.168.31.1"), "to": Value("192.168.31.1")}), Object(None, {"from": Value("192.168.63.1"), "to": Value("192.168.63.1")})]), "timeouts": Object(None, {"authentication": Value("28793"), "keepalive": Value("20")}), "version": Value("1")}) 2024-10-28T19:10:33.079934Z TRACE snxcore::tunnel::ssl: Hello reply: HelloReplyData { version: 1, protocol_version: 1, office_mode: OfficeMode { ipaddr: "192.168.26.15", keep_address: None, dns_servers: Some(["192.168.25.5"]), dns_suffix: Some([""]) }, range: [NetworkRange { from: , to: }, NetworkRange { from: , to: }, NetworkRange { from: 192.168.1.1, to: 192.168.1.1 }, NetworkRange { from: 192.168.20.1, to: 192.168.20.1 }, NetworkRange { from: 192.168.21.1, to: 192.168.21.1 }, NetworkRange { from: 192.168.22.1, to: 192.168.22.1 }, NetworkRange { from: 192.168.23.1, to: 192.168.23.1 }, NetworkRange { from: 192.168.24.1, to: 192.168.24.1 }, NetworkRange { from: 192.168.25.1, to: 192.168.25.1 }, NetworkRange { from: 192.168.26.0, to: 192.168.26.255 }, NetworkRange { from: 192.168.27.1, to: 192.168.27.1 }, NetworkRange { from: 192.168.28.1, to: 192.168.28.1 }, NetworkRange { from: 192.168.29.1, to: 192.168.29.1 }, NetworkRange { from: 192.168.30.1, to: 192.168.30.1 }, NetworkRange { from: 192.168.31.1, to: 192.168.31.1 }, NetworkRange { from: 192.168.63.1, to: 192.168.63.1 }], timeouts: Timeouts { authentication: 28793, keepalive: 20 }, optional: Some(OptionalResponse { subnet: "255.255.255.0" }) } 2024-10-28T19:10:33.080942Z DEBUG snxcore::tunnel::ssl::device: Created tun device: snx-tun 2024-10-28T19:10:33.080963Z DEBUG snxcore::platform::linux::net: Adding default route for snx-tun 2024-10-28T19:10:33.080984Z TRACE snxcore::util: Exec: "ip" ["route", "add", "default", "dev", "snx-tun"] 2024-10-28T19:10:33.085995Z DEBUG snxcore::tunnel::ssl::device: Adding acquired DNS suffixes: [""] 2024-10-28T19:10:33.086024Z DEBUG snxcore::tunnel::ssl::device: Adding provided DNS suffixes: [] 2024-10-28T19:10:33.086033Z TRACE snxcore::util: Exec: "resolvectl" ["domain", "snx-tun"] 2024-10-28T19:10:33.088392Z DEBUG snxcore::tunnel::ssl::device: Adding DNS servers: ["192.168.25.5"] 2024-10-28T19:10:33.088468Z TRACE snxcore::util: Exec: "resolvectl" ["dns", "snx-tun", "192.168.25.5"] 2024-10-28T19:10:33.090641Z TRACE snxcore::util: Exec: "nmcli" ["device", "set", "snx-tun", "managed", "no"] 2024-10-28T19:10:33.093770Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: Signal, serial: 3826, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] } 2024-10-28T19:10:33.093838Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..) 2024-10-28T19:10:33.093852Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: Signal, serial: 3826, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] }) 2024-10-28T19:10:33.093867Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket.. 2024-10-28T19:10:33.093969Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: Signal, serial: 3830, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] } 2024-10-28T19:10:33.093990Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..) 2024-10-28T19:10:33.094001Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: Signal, serial: 3830, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] }) 2024-10-28T19:10:33.094015Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket.. 2024-10-28T19:10:33.094112Z TRACE new:{}{task_name="org.freedesktop.NetworkManager proxy caching"}:keep_updated: zbus::proxy: Property `org.freedesktop.NetworkManager.AllDevices` updated 2024-10-28T19:10:33.094159Z TRACE new:{}{task_name="org.freedesktop.NetworkManager proxy caching"}:keep_updated: zbus::proxy: Property `org.freedesktop.NetworkManager.Devices` updated 2024-10-28T19:10:33.099607Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: Signal, serial: 3842, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] } 2024-10-28T19:10:33.103082Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..) 2024-10-28T19:10:33.103100Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: Signal, serial: 3842, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] }) 2024-10-28T19:10:33.103112Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket.. 2024-10-28T19:10:33.103182Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: Signal, serial: 3851, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] } 2024-10-28T19:10:33.103195Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..) 2024-10-28T19:10:33.103200Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: Signal, serial: 3851, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] }) 2024-10-28T19:10:33.103207Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket.. 2024-10-28T19:10:33.103250Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: Signal, serial: 3853, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] } 2024-10-28T19:10:33.103262Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..) 2024-10-28T19:10:33.103269Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: Signal, serial: 3853, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] }) 2024-10-28T19:10:33.103277Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket.. 2024-10-28T19:10:33.103328Z TRACE new:{}{task_name="org.freedesktop.NetworkManager proxy caching"}:keep_updated: zbus::proxy: Property `org.freedesktop.NetworkManager.ActiveConnections` updated 2024-10-28T19:10:33.103352Z TRACE new:{}{task_name="org.freedesktop.NetworkManager proxy caching"}:keep_updated: zbus::proxy: Property `org.freedesktop.NetworkManager.ActiveConnections` updated 2024-10-28T19:10:33.103371Z TRACE new:{}{task_name="org.freedesktop.NetworkManager proxy caching"}:keep_updated: zbus::proxy: Property `org.freedesktop.NetworkManager.ActiveConnections` updated 2024-10-28T19:10:33.104135Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: Signal, serial: 3861, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] } 2024-10-28T19:10:33.104159Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..) 2024-10-28T19:10:33.104165Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: Signal, serial: 3861, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] }) 2024-10-28T19:10:33.104173Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket.. 2024-10-28T19:10:33.104226Z TRACE new:{}{task_name="org.freedesktop.NetworkManager proxy caching"}:keep_updated: zbus::proxy: Property `org.freedesktop.NetworkManager.ActiveConnections` updated 2024-10-28T19:10:33.145157Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: Signal, serial: 3915, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] } 2024-10-28T19:10:33.145315Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..) 2024-10-28T19:10:33.145325Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: Signal, serial: 3915, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] }) 2024-10-28T19:10:33.145334Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket.. 2024-10-28T19:10:33.145454Z TRACE new:{}{task_name="org.freedesktop.NetworkManager proxy caching"}:keep_updated: zbus::proxy: Property `org.freedesktop.NetworkManager.ActiveConnections` updated 2024-10-28T19:10:33.148733Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: Signal, serial: 3931, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] } 2024-10-28T19:10:33.148762Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..) 2024-10-28T19:10:33.148771Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: Signal, serial: 3931, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] }) 2024-10-28T19:10:33.148779Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket.. 2024-10-28T19:10:33.148836Z TRACE new:{}{task_name="org.freedesktop.NetworkManager proxy caching"}:keep_updated: zbus::proxy: Property `org.freedesktop.NetworkManager.ActiveConnections` updated 2024-10-28T19:10:33.150085Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 48 2024-10-28T19:10:33.150108Z DEBUG snxcore::tunnel::ssl::connector: Tunnel connected 2024-10-28T19:10:33.150208Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 52 2024-10-28T19:10:33.150282Z TRACE snxcore::tunnel::ssl::keepalive: Keepalive request: KeepaliveRequestData { id: "0" } 2024-10-28T19:10:33.150330Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 197 2024-10-28T19:10:33.325286Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 64 2024-10-28T19:10:33.372559Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 445 2024-10-28T19:10:33.445056Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 52 2024-10-28T19:10:33.486541Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 52 2024-10-28T19:10:50.347747Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 78 ... 2024-10-28T19:10:50.866655Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 74 2024-10-28T19:10:51.370639Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 66 2024-10-28T19:10:51.370691Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 69 2024-10-28T19:10:51.370703Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 68 2024-10-28T19:10:51.539615Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 748 2024-10-28T19:10:53.151571Z TRACE snxcore::tunnel::ssl::keepalive: Keepalive request: KeepaliveRequestData { id: "0" } 2024-10-28T19:10:53.374758Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 68 2024-10-28T19:10:53.375656Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 70 2024-10-28T19:10:54.109200Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 63 2024-10-28T19:11:00.876677Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 74 2024-10-28T19:11:01.268623Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 590 2024-10-28T19:11:01.381310Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 68 2024-10-28T19:11:01.779617Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 154 2024-10-28T19:11:09.388856Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 72 ... 2024-10-28T19:11:10.120640Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 70 2024-10-28T19:11:10.120645Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 70 2024-10-28T19:11:10.671669Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 78 2024-10-28T19:11:10.671707Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 78 2024-10-28T19:11:13.154352Z TRACE snxcore::tunnel::ssl::keepalive: Keepalive request: KeepaliveRequestData { id: "0" } 2024-10-28T19:11:13.415719Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 63 2024-10-28T19:11:14.129123Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 63 2024-10-28T19:11:14.129182Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 63 2024-10-28T19:11:14.393604Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 72 2024-10-28T19:11:14.393625Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 72 ... 2024-10-28T19:11:30.140645Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 70 2024-10-28T19:11:30.140673Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 70 2024-10-28T19:11:30.140685Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 70 2024-10-28T19:11:30.144769Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 40 2024-10-28T19:11:30.633507Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 64 2024-10-28T19:11:31.293559Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 78 2024-10-28T19:11:31.293577Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 78 2024-10-28T19:11:31.488929Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 40 2024-10-28T19:11:33.155608Z WARN snxcore::tunnel::ssl::keepalive: msg="No response for keepalive packets, tunnel appears stuck" 2024-10-28T19:11:33.155659Z WARN snxcore::tunnel::ssl: Keepalive failed, exiting 2024-10-28T19:11:33.155690Z TRACE snxcore::util: Exec: "ip" ["link", "del", "name", "snx-tun"] 2024-10-28T19:11:33.155727Z DEBUG snxcore::tunnel::ssl::connector: Tunnel disconnected 2024-10-28T19:11:33.171495Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: Signal, serial: 3938, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] } 2024-10-28T19:11:33.171566Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..) 2024-10-28T19:11:33.171575Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: Signal, serial: 3938, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] }) 2024-10-28T19:11:33.171587Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket.. 2024-10-28T19:11:33.171666Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: Signal, serial: 3940, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] } 2024-10-28T19:11:33.171682Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..) 2024-10-28T19:11:33.171689Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: Signal, serial: 3940, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] }) 2024-10-28T19:11:33.171699Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket.. 2024-10-28T19:11:33.171766Z TRACE new:{}{task_name="org.freedesktop.NetworkManager proxy caching"}:keep_updated: zbus::proxy: Property `org.freedesktop.NetworkManager.Devices` updated 2024-10-28T19:11:33.171798Z TRACE new:{}{task_name="org.freedesktop.NetworkManager proxy caching"}:keep_updated: zbus::proxy: Property `org.freedesktop.NetworkManager.AllDevices` updated 2024-10-28T19:11:33.174967Z WARN snxcore::server: Tunnel error: Keepalive failed ```

after that the tunnel becomes inoperable.

When the tunnel is created after entering the password, these routes are created

Hide/Show ip a ``` 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host proto kernel_lo valid_lft forever preferred_lft forever 2: eno1: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether a8:a1:59:07:15:b3 brd ff:ff:ff:ff:ff:ff inet 192.168.0.106/24 brd 192.168.0.255 scope global dynamic noprefixroute eno1 valid_lft 161786sec preferred_lft 161786sec 3: virbr0: mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 52:54:00:dc:a7:39 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 4: br-cc2d7d2706fa: mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:5d:cb:54:3b brd ff:ff:ff:ff:ff:ff inet 172.23.0.1/16 brd 172.23.255.255 scope global br-cc2d7d2706fa valid_lft forever preferred_lft forever 5: br-1e622e7e1599: mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:4d:69:65:dd brd ff:ff:ff:ff:ff:ff inet 172.18.0.1/16 brd 172.18.255.255 scope global br-1e622e7e1599 valid_lft forever preferred_lft forever 6: br-2045bc6863ab: mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:cc:8a:89:5c brd ff:ff:ff:ff:ff:ff inet 172.20.0.1/16 brd 172.20.255.255 scope global br-2045bc6863ab valid_lft forever preferred_lft forever 7: br-7db1c03f4c30: mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:ad:fc:6a:86 brd ff:ff:ff:ff:ff:ff inet 172.19.0.1/16 brd 172.19.255.255 scope global br-7db1c03f4c30 valid_lft forever preferred_lft forever 8: br-8347d3b3ba17: mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:b4:57:85:40 brd ff:ff:ff:ff:ff:ff inet 172.25.0.1/16 brd 172.25.255.255 scope global br-8347d3b3ba17 valid_lft forever preferred_lft forever inet6 fe80::42:b4ff:fe57:8540/64 scope link proto kernel_ll valid_lft forever preferred_lft forever 9: br-896cc57c445a: mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:8f:7d:e2:58 brd ff:ff:ff:ff:ff:ff inet 172.22.0.1/16 brd 172.22.255.255 scope global br-896cc57c445a valid_lft forever preferred_lft forever 10: docker0: mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:de:5f:11:68 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever 11: br-4c9c9aaae848: mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:48:1e:d9:ed brd ff:ff:ff:ff:ff:ff inet 172.21.0.1/16 brd 172.21.255.255 scope global br-4c9c9aaae848 valid_lft forever preferred_lft forever 12: br-b1e37f2f9d34: mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:40:2d:85:36 brd ff:ff:ff:ff:ff:ff inet 172.24.0.1/16 brd 172.24.255.255 scope global br-b1e37f2f9d34 valid_lft forever preferred_lft forever 37: vnet12: mtu 1500 qdisc noqueue master virbr0 state UNKNOWN group default qlen 1000 link/ether fe:54:00:49:e8:be brd ff:ff:ff:ff:ff:ff inet6 fe80::fc54:ff:fe49:e8be/64 scope link proto kernel_ll valid_lft forever preferred_lft forever 45: snx-tun: mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500 link/none inet 192.168.26.16/24 scope global snx-tun valid_lft forever preferred_lft forever inet6 fe80::28b0:93c0:1d54:2a8d/64 scope link stable-privacy proto kernel_ll valid_lft forever preferred_lft forever ```
Hide/Show ip route ``` default dev snx-tun scope link default via 192.168.0.1 dev eno1 proto dhcp src 192.168.0.106 metric 100 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 172.18.0.0/16 dev br-1e622e7e1599 proto kernel scope link src 172.18.0.1 linkdown 172.19.0.0/16 dev br-7db1c03f4c30 proto kernel scope link src 172.19.0.1 linkdown 172.20.0.0/16 dev br-2045bc6863ab proto kernel scope link src 172.20.0.1 linkdown 172.21.0.0/16 dev br-4c9c9aaae848 proto kernel scope link src 172.21.0.1 linkdown 172.22.0.0/16 dev br-896cc57c445a proto kernel scope link src 172.22.0.1 linkdown 172.23.0.0/16 dev br-cc2d7d2706fa proto kernel scope link src 172.23.0.1 linkdown 172.24.0.0/16 dev br-b1e37f2f9d34 proto kernel scope link src 172.24.0.1 linkdown 172.25.0.0/16 dev br-8347d3b3ba17 proto kernel scope link src 172.25.0.1 linkdown 192.168.0.0/24 dev eno1 proto kernel scope link src 192.168.0.106 metric 100 192.168.26.0/24 dev snx-tun proto kernel scope link src 192.168.26.16 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 ```

Without default-route=true

Hide/Show config cat conf.conf (without default-route) ``` server-name= user-name= log-level=trace tunnel-type=ssl login-type=vpn cert-type=none no-cert-check=true ignore-server-cert=true ```
Hide/Show output ./snx-rs -m command -c conf.conf with ./snxctl connect -c conf.conf ``` 2024-10-28T21:02:58.606445Z DEBUG snxcore::platform::linux::net: NetworkManager state changed to ConnectedGlobal 2024-10-28T21:03:01.512898Z TRACE snxcore::server: Command received 2024-10-28T21:03:01.512940Z TRACE snxcore::server: Handling get status command 2024-10-28T21:03:01.512953Z TRACE snxcore::server: Response: ConnectionStatus(ConnectionStatus { connected_since: None, mfa: None }) 2024-10-28T21:03:01.678092Z TRACE snxcore::server: Command received 2024-10-28T21:03:01.678162Z TRACE snxcore::server: Handling connect command 2024-10-28T21:03:01.679064Z DEBUG snxcore::tunnel::ssl::connector: Authenticating to endpoint: 2024-10-28T21:03:01.683192Z WARN snxcore::ccc: Disabling all certificate checks!!! 2024-10-28T21:03:01.736622Z TRACE snxcore::ccc: Request to server: (CCCclientRequest :RequestData ( :client_logging_data ( :device_id ("{}") :os_name (Windows)) :client_type (TRAC) :password () :selectedLoginOption (vpn) :username ()) :RequestHeader ( :id (2) :type (UserPass))) 2024-10-28T21:03:01.738418Z TRACE hyper_util::client::legacy::pool: checkout waiting for idle connection: ("https", ) 2024-10-28T21:03:01.739660Z TRACE hyper_util::client::legacy::connect::http: Http::connect; scheme=Some("https"), host=Some(""), port=None 2024-10-28T21:03:01.739673Z DEBUG hyper_util::client::legacy::connect::http: connecting to :443 2024-10-28T21:03:01.751854Z DEBUG hyper_util::client::legacy::connect::http: connected to :443 2024-10-28T21:03:01.821674Z TRACE hyper_util::client::legacy::client: http1 handshake complete, spawning background dispatcher task 2024-10-28T21:03:01.821945Z TRACE hyper_util::client::legacy::pool: checkout dropped for ("https", ) 2024-10-28T21:03:01.840801Z TRACE snxcore::ccc: Reply from server: (CCCserverResponse :ResponseHeader ( :id (2) :type (UserPass) :session_id () :return_code (600) ) :ResponseData ( :authn_status (continue) :prompt () :prompt_id () :session_id () :auth_state (new_challenge) :error_message () :error_id () ) ) 2024-10-28T21:03:01.844065Z DEBUG snxcore::server: Pending multi-factor, awaiting for it 2024-10-28T21:03:01.844101Z TRACE snxcore::server: Response: Ok 2024-10-28T21:03:01.845527Z TRACE snxcore::server: Command received 2024-10-28T21:03:01.845552Z TRACE snxcore::server: Handling get status command 2024-10-28T21:03:01.845564Z TRACE snxcore::server: Response: ConnectionStatus(ConnectionStatus { connected_since: None, mfa: Some(MfaChallenge { mfa_type: PasswordInput, prompt: "password: " }) }) ```

after entering the password

Hide/Show output ``` 2024-10-28T21:05:12.652890Z TRACE snxcore::server: Command received 2024-10-28T21:05:12.652920Z DEBUG snxcore::server: Handling challenge code command 2024-10-28T21:05:12.652926Z DEBUG snxcore::tunnel::ssl::connector: Authenticating with challenge code to endpoint: 2024-10-28T21:05:12.652947Z WARN snxcore::ccc: Disabling all certificate checks!!! 2024-10-28T21:05:12.666234Z TRACE snxcore::ccc: Request to server: (CCCclientRequest :RequestData ( :auth_session_id () :client_type (TRAC) :user_input ()) :RequestHeader ( :id (3) :session_id () :type (MultiChallange))) 2024-10-28T21:05:12.666320Z TRACE hyper_util::client::legacy::pool: checkout waiting for idle connection: ("https", ) 2024-10-28T21:05:12.666342Z TRACE hyper_util::client::legacy::connect::http: Http::connect; scheme=Some("https"), host=Some(""), port=None 2024-10-28T21:05:12.666351Z DEBUG hyper_util::client::legacy::connect::http: connecting to :443 2024-10-28T21:05:12.678706Z DEBUG hyper_util::client::legacy::connect::http: connected to :443 2024-10-28T21:05:12.745234Z TRACE hyper_util::client::legacy::client: http1 handshake complete, spawning background dispatcher task 2024-10-28T21:05:12.746808Z TRACE hyper_util::client::legacy::pool: checkout dropped for ("https", ) 2024-10-28T21:05:14.049343Z TRACE snxcore::ccc: Reply from server: (CCCserverResponse :ResponseHeader ( :id (3) :type (MultiChallange) :session_id () :return_code (600) ) :ResponseData ( :authn_status (done) :is_authenticated (true) :active_key () :server_fingerprint () :server_cn () :session_id () :active_key_timeout (28800) ) ) 2024-10-28T21:05:14.051674Z DEBUG snxcore::tunnel::ssl::connector: Authentication OK, session id: 2024-10-28T21:05:14.066865Z WARN snxcore::tunnel::ssl: Disabling all certificate checks!!! 2024-10-28T21:05:14.167612Z DEBUG snxcore::tunnel::ssl: Tunnel connected 2024-10-28T21:05:14.167744Z TRACE snxcore::server: Response: Ok 2024-10-28T21:05:14.167755Z DEBUG snxcore::tunnel::ssl: Running SSL tunnel for session 2024-10-28T21:05:14.168386Z TRACE snxcore::server: Command received 2024-10-28T21:05:14.168426Z TRACE snxcore::server: Handling get status command 2024-10-28T21:05:14.168444Z TRACE snxcore::server: Response: ConnectionStatus(ConnectionStatus { connected_since: Some(2024-10-29T00:05:14.167655195+03:00), mfa: None }) 2024-10-28T21:05:14.167785Z TRACE snxcore::tunnel::ssl: Hello request: ClientHelloData { client_version: 1, protocol_version: 1, protocol_minor_version: 1, office_mode: OfficeMode { ipaddr: "0.0.0.0", keep_address: Some(false), dns_servers: None, dns_suffix: None }, optional: Some(OptionalRequest { client_type: "4" }), cookie: "" } 2024-10-28T21:05:14.190652Z TRACE snxcore::tunnel::ssl: Hello reply: Object(Some("hello_reply"), {"OM": Object(None, {"dns_servers": Array([Value("192.168.25.5")]), "dns_suffix": Value(""), "ipaddr": Value("192.168.26.17")}), "optional": Object(None, {"subnet": Value("255.255.255.0")}), "protocol_version": Value("1"), "range": Array([Object(None, {"from": Value(""), "to": Value("")}), Object(None, {"from": Value(""), "to": Value("")}), Object(None, {"from": Value("192.168.1.1"), "to": Value("192.168.1.1")}), Object(None, {"from": Value("192.168.20.1"), "to": Value("192.168.20.1")}), Object(None, {"from": Value("192.168.21.1"), "to": Value("192.168.21.1")}), Object(None, {"from": Value("192.168.22.1"), "to": Value("192.168.22.1")}), Object(None, {"from": Value("192.168.23.1"), "to": Value("192.168.23.1")}), Object(None, {"from": Value("192.168.24.1"), "to": Value("192.168.24.1")}), Object(None, {"from": Value("192.168.25.1"), "to": Value("192.168.25.1")}), Object(None, {"from": Value("192.168.26.0"), "to": Value("192.168.26.255")}), Object(None, {"from": Value("192.168.27.1"), "to": Value("192.168.27.1")}), Object(None, {"from": Value("192.168.28.1"), "to": Value("192.168.28.1")}), Object(None, {"from": Value("192.168.29.1"), "to": Value("192.168.29.1")}), Object(None, {"from": Value("192.168.30.1"), "to": Value("192.168.30.1")}), Object(None, {"from": Value("192.168.31.1"), "to": Value("192.168.31.1")}), Object(None, {"from": Value("192.168.63.1"), "to": Value("192.168.63.1")})]), "timeouts": Object(None, {"authentication": Value("28793"), "keepalive": Value("20")}), "version": Value("1")}) 2024-10-28T21:05:14.190817Z TRACE snxcore::tunnel::ssl: Hello reply: HelloReplyData { version: 1, protocol_version: 1, office_mode: OfficeMode { ipaddr: "192.168.26.17", keep_address: None, dns_servers: Some(["192.168.25.5"]), dns_suffix: Some([""]) }, range: [NetworkRange { from: , to: }, NetworkRange { from: , to: }, NetworkRange { from: 192.168.1.1, to: 192.168.1.1 }, NetworkRange { from: 192.168.20.1, to: 192.168.20.1 }, NetworkRange { from: 192.168.21.1, to: 192.168.21.1 }, NetworkRange { from: 192.168.22.1, to: 192.168.22.1 }, NetworkRange { from: 192.168.23.1, to: 192.168.23.1 }, NetworkRange { from: 192.168.24.1, to: 192.168.24.1 }, NetworkRange { from: 192.168.25.1, to: 192.168.25.1 }, NetworkRange { from: 192.168.26.0, to: 192.168.26.255 }, NetworkRange { from: 192.168.27.1, to: 192.168.27.1 }, NetworkRange { from: 192.168.28.1, to: 192.168.28.1 }, NetworkRange { from: 192.168.29.1, to: 192.168.29.1 }, NetworkRange { from: 192.168.30.1, to: 192.168.30.1 }, NetworkRange { from: 192.168.31.1, to: 192.168.31.1 }, NetworkRange { from: 192.168.63.1, to: 192.168.63.1 }], timeouts: Timeouts { authentication: 28793, keepalive: 20 }, optional: Some(OptionalResponse { subnet: "255.255.255.0" }) } 2024-10-28T21:05:14.192161Z DEBUG snxcore::tunnel::ssl::device: Created tun device: snx-tun 2024-10-28T21:05:14.192217Z DEBUG snxcore::platform::linux::net: Routes to add: {192.168.28.1/32, 192.168.22.1/32, 192.168.24.1/32, 192.168.31.1/32, 192.168.25.1/32, /32, 192.168.29.1/32, 192.168.63.1/32, 192.168.1.1/32, 192.168.27.1/32, 192.168.30.1/32, 192.168.23.1/32, 192.168.21.1/32, 192.168.26.0/24, 192.168.20.1/32} 2024-10-28T21:05:14.192245Z DEBUG snxcore::platform::linux::net: Adding route: 192.168.28.1/32 via snx-tun 2024-10-28T21:05:14.192259Z TRACE snxcore::util: Exec: "ip" ["route", "add", "192.168.28.1/32", "dev", "snx-tun"] 2024-10-28T21:05:14.202774Z DEBUG snxcore::platform::linux::net: Adding route: 192.168.22.1/32 via snx-tun 2024-10-28T21:05:14.202822Z TRACE snxcore::util: Exec: "ip" ["route", "add", "192.168.22.1/32", "dev", "snx-tun"] 2024-10-28T21:05:14.204268Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: Signal, serial: 4251, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] } 2024-10-28T21:05:14.204343Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..) 2024-10-28T21:05:14.204374Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: Signal, serial: 4251, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] }) 2024-10-28T21:05:14.204402Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket.. 2024-10-28T21:05:14.204607Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: Signal, serial: 4255, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] } 2024-10-28T21:05:14.204646Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..) 2024-10-28T21:05:14.204674Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: Signal, serial: 4255, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] }) 2024-10-28T21:05:14.204907Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket.. 2024-10-28T21:05:14.205094Z TRACE new:{}{task_name="org.freedesktop.NetworkManager proxy caching"}:keep_updated: zbus::proxy: Property `org.freedesktop.NetworkManager.AllDevices` updated 2024-10-28T21:05:14.205187Z TRACE new:{}{task_name="org.freedesktop.NetworkManager proxy caching"}:keep_updated: zbus::proxy: Property `org.freedesktop.NetworkManager.Devices` updated 2024-10-28T21:05:14.208430Z DEBUG snxcore::platform::linux::net: Adding route: 192.168.24.1/32 via snx-tun 2024-10-28T21:05:14.208466Z TRACE snxcore::util: Exec: "ip" ["route", "add", "192.168.24.1/32", "dev", "snx-tun"] 2024-10-28T21:05:14.213183Z DEBUG snxcore::platform::linux::net: Adding route: 192.168.31.1/32 via snx-tun 2024-10-28T21:05:14.213749Z TRACE snxcore::util: Exec: "ip" ["route", "add", "192.168.31.1/32", "dev", "snx-tun"] 2024-10-28T21:05:14.215389Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: Signal, serial: 4267, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] } 2024-10-28T21:05:14.215445Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..) 2024-10-28T21:05:14.215488Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: Signal, serial: 4267, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] }) 2024-10-28T21:05:14.215514Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket.. 2024-10-28T21:05:14.215626Z TRACE new:{}{task_name="org.freedesktop.NetworkManager proxy caching"}:keep_updated: zbus::proxy: Property `org.freedesktop.NetworkManager.ActiveConnections` updated 2024-10-28T21:05:14.216331Z DEBUG snxcore::platform::linux::net: Adding route: 192.168.25.1/32 via snx-tun 2024-10-28T21:05:14.216372Z TRACE snxcore::util: Exec: "ip" ["route", "add", "192.168.25.1/32", "dev", "snx-tun"] 2024-10-28T21:05:14.217588Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: Signal, serial: 4276, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] } 2024-10-28T21:05:14.217618Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..) 2024-10-28T21:05:14.217632Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: Signal, serial: 4276, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] }) 2024-10-28T21:05:14.217643Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket.. 2024-10-28T21:05:14.217708Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: Signal, serial: 4278, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] } 2024-10-28T21:05:14.217721Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..) 2024-10-28T21:05:14.217730Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: Signal, serial: 4278, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] }) 2024-10-28T21:05:14.217740Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket.. 2024-10-28T21:05:14.217796Z TRACE new:{}{task_name="org.freedesktop.NetworkManager proxy caching"}:keep_updated: zbus::proxy: Property `org.freedesktop.NetworkManager.ActiveConnections` updated 2024-10-28T21:05:14.217825Z TRACE new:{}{task_name="org.freedesktop.NetworkManager proxy caching"}:keep_updated: zbus::proxy: Property `org.freedesktop.NetworkManager.ActiveConnections` updated 2024-10-28T21:05:14.218690Z DEBUG snxcore::platform::linux::net: Adding route: /32 via snx-tun 2024-10-28T21:05:14.218708Z TRACE snxcore::util: Exec: "ip" ["route", "add", "/32", "dev", "snx-tun"] 2024-10-28T21:05:14.220090Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: Signal, serial: 4289, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] } 2024-10-28T21:05:14.220122Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..) 2024-10-28T21:05:14.220134Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: Signal, serial: 4289, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] }) 2024-10-28T21:05:14.220144Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket.. 2024-10-28T21:05:14.220215Z TRACE new:{}{task_name="org.freedesktop.NetworkManager proxy caching"}:keep_updated: zbus::proxy: Property `org.freedesktop.NetworkManager.ActiveConnections` updated 2024-10-28T21:05:14.222348Z DEBUG snxcore::platform::linux::net: Adding route: 192.168.29.1/32 via snx-tun 2024-10-28T21:05:14.222366Z TRACE snxcore::util: Exec: "ip" ["route", "add", "192.168.29.1/32", "dev", "snx-tun"] 2024-10-28T21:05:14.224151Z DEBUG snxcore::platform::linux::net: Adding route: 192.168.63.1/32 via snx-tun 2024-10-28T21:05:14.224216Z TRACE snxcore::util: Exec: "ip" ["route", "add", "192.168.63.1/32", "dev", "snx-tun"] 2024-10-28T21:05:14.226192Z DEBUG snxcore::platform::linux::net: Adding route: 192.168.1.1/32 via snx-tun 2024-10-28T21:05:14.226209Z TRACE snxcore::util: Exec: "ip" ["route", "add", "192.168.1.1/32", "dev", "snx-tun"] 2024-10-28T21:05:14.227897Z DEBUG snxcore::platform::linux::net: Adding route: 192.168.27.1/32 via snx-tun 2024-10-28T21:05:14.227916Z TRACE snxcore::util: Exec: "ip" ["route", "add", "192.168.27.1/32", "dev", "snx-tun"] 2024-10-28T21:05:14.229812Z DEBUG snxcore::platform::linux::net: Adding route: 192.168.30.1/32 via snx-tun 2024-10-28T21:05:14.229831Z TRACE snxcore::util: Exec: "ip" ["route", "add", "192.168.30.1/32", "dev", "snx-tun"] 2024-10-28T21:05:14.231993Z DEBUG snxcore::platform::linux::net: Adding route: 192.168.23.1/32 via snx-tun 2024-10-28T21:05:14.232013Z TRACE snxcore::util: Exec: "ip" ["route", "add", "192.168.23.1/32", "dev", "snx-tun"] 2024-10-28T21:05:14.234092Z DEBUG snxcore::platform::linux::net: Adding route: 192.168.21.1/32 via snx-tun 2024-10-28T21:05:14.234111Z TRACE snxcore::util: Exec: "ip" ["route", "add", "192.168.21.1/32", "dev", "snx-tun"] 2024-10-28T21:05:14.235917Z DEBUG snxcore::platform::linux::net: Adding route: 192.168.26.0/24 via snx-tun 2024-10-28T21:05:14.236090Z TRACE snxcore::util: Exec: "ip" ["route", "add", "192.168.26.0/24", "dev", "snx-tun"] 2024-10-28T21:05:14.238217Z DEBUG snxcore::platform::linux::net: Adding route: 192.168.20.1/32 via snx-tun 2024-10-28T21:05:14.238235Z TRACE snxcore::util: Exec: "ip" ["route", "add", "192.168.20.1/32", "dev", "snx-tun"] 2024-10-28T21:05:14.240098Z DEBUG snxcore::tunnel::ssl::device: Adding acquired DNS suffixes: [""] 2024-10-28T21:05:14.240124Z DEBUG snxcore::tunnel::ssl::device: Adding provided DNS suffixes: [] 2024-10-28T21:05:14.240136Z TRACE snxcore::util: Exec: "resolvectl" ["domain", "snx-tun"] 2024-10-28T21:05:14.240786Z DEBUG snxcore::tunnel::ssl::device: Adding DNS servers: ["192.168.25.5"] 2024-10-28T21:05:14.240800Z TRACE snxcore::util: Exec: "resolvectl" ["dns", "snx-tun", "192.168.25.5"] 2024-10-28T21:05:14.241345Z TRACE snxcore::util: Exec: "nmcli" ["device", "set", "snx-tun", "managed", "no"] 2024-10-28T21:05:14.270383Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: Signal, serial: 4342, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] } 2024-10-28T21:05:14.270414Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..) 2024-10-28T21:05:14.270423Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: Signal, serial: 4342, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] }) 2024-10-28T21:05:14.270512Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket.. 2024-10-28T21:05:14.270613Z TRACE new:{}{task_name="org.freedesktop.NetworkManager proxy caching"}:keep_updated: zbus::proxy: Property `org.freedesktop.NetworkManager.ActiveConnections` updated 2024-10-28T21:05:14.272278Z TRACE socket reader: zbus::connection::socket_reader: Message received on the socket: Msg { type: Signal, serial: 4358, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] } 2024-10-28T21:05:14.272344Z TRACE socket reader: zbus::connection::socket_reader: Error broadcasting message to stream for `None`: SendError(..) 2024-10-28T21:05:14.272354Z TRACE socket reader: zbus::connection::socket_reader: Broadcasted to all streams: Ok(Msg { type: Signal, serial: 4358, sender: UniqueName(":1.8"), path: ObjectPath("/org/freedesktop/NetworkManager"), iface: InterfaceName("org.freedesktop.DBus.Properties"), member: MemberName("PropertiesChanged"), body: Signature("sa{sv}as"), fds: [] }) 2024-10-28T21:05:14.272362Z TRACE socket reader: zbus::connection::socket_reader: Waiting for message on the socket.. 2024-10-28T21:05:14.272423Z TRACE new:{}{task_name="org.freedesktop.NetworkManager proxy caching"}:keep_updated: zbus::proxy: Property `org.freedesktop.NetworkManager.ActiveConnections` updated 2024-10-28T21:05:14.273971Z DEBUG snxcore::tunnel::ssl::connector: Tunnel connected 2024-10-28T21:05:14.273970Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 48 2024-10-28T21:05:14.274092Z TRACE snxcore::tunnel::ssl::keepalive: Keepalive request: KeepaliveRequestData { id: "0" } 2024-10-28T21:05:14.286935Z DEBUG snxcore::tunnel::ssl: Control packet received 2024-10-28T21:05:18.163641Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 48 2024-10-28T21:05:26.675673Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 48 2024-10-28T21:05:34.275426Z TRACE snxcore::tunnel::ssl::keepalive: Keepalive request: KeepaliveRequestData { id: "0" } 2024-10-28T21:05:34.287741Z DEBUG snxcore::tunnel::ssl: Control packet received 2024-10-28T21:05:43.059648Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 48 2024-10-28T21:05:54.276612Z TRACE snxcore::tunnel::ssl::keepalive: Keepalive request: KeepaliveRequestData { id: "0" } 2024-10-28T21:05:54.288340Z DEBUG snxcore::tunnel::ssl: Control packet received ```
Hide/Show output ip a ``` 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host proto kernel_lo valid_lft forever preferred_lft forever 2: eno1: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether a8:a1:59:07:15:b3 brd ff:ff:ff:ff:ff:ff inet 192.168.0.106/24 brd 192.168.0.255 scope global dynamic noprefixroute eno1 valid_lft 154943sec preferred_lft 154943sec 3: virbr0: mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 52:54:00:dc:a7:39 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 4: br-cc2d7d2706fa: mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:5d:cb:54:3b brd ff:ff:ff:ff:ff:ff inet 172.23.0.1/16 brd 172.23.255.255 scope global br-cc2d7d2706fa valid_lft forever preferred_lft forever 5: br-1e622e7e1599: mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:4d:69:65:dd brd ff:ff:ff:ff:ff:ff inet 172.18.0.1/16 brd 172.18.255.255 scope global br-1e622e7e1599 valid_lft forever preferred_lft forever 6: br-2045bc6863ab: mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:cc:8a:89:5c brd ff:ff:ff:ff:ff:ff inet 172.20.0.1/16 brd 172.20.255.255 scope global br-2045bc6863ab valid_lft forever preferred_lft forever 7: br-7db1c03f4c30: mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:ad:fc:6a:86 brd ff:ff:ff:ff:ff:ff inet 172.19.0.1/16 brd 172.19.255.255 scope global br-7db1c03f4c30 valid_lft forever preferred_lft forever 8: br-8347d3b3ba17: mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:b4:57:85:40 brd ff:ff:ff:ff:ff:ff inet 172.25.0.1/16 brd 172.25.255.255 scope global br-8347d3b3ba17 valid_lft forever preferred_lft forever inet6 fe80::42:b4ff:fe57:8540/64 scope link proto kernel_ll valid_lft forever preferred_lft forever 9: br-896cc57c445a: mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:8f:7d:e2:58 brd ff:ff:ff:ff:ff:ff inet 172.22.0.1/16 brd 172.22.255.255 scope global br-896cc57c445a valid_lft forever preferred_lft forever 10: docker0: mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:de:5f:11:68 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever 11: br-4c9c9aaae848: mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:48:1e:d9:ed brd ff:ff:ff:ff:ff:ff inet 172.21.0.1/16 brd 172.21.255.255 scope global br-4c9c9aaae848 valid_lft forever preferred_lft forever 12: br-b1e37f2f9d34: mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:40:2d:85:36 brd ff:ff:ff:ff:ff:ff inet 172.24.0.1/16 brd 172.24.255.255 scope global br-b1e37f2f9d34 valid_lft forever preferred_lft forever 46: snx-tun: mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500 link/none inet 192.168.26.17/24 scope global snx-tun valid_lft forever preferred_lft forever inet6 fe80::fa15:6630:33fa:638f/64 scope link stable-privacy proto kernel_ll valid_lft forever preferred_lft forever ```
Hide/Show output ip route ``` default via 192.168.0.1 dev eno1 proto dhcp src 192.168.0.106 metric 100 dev snx-tun scope link 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 172.18.0.0/16 dev br-1e622e7e1599 proto kernel scope link src 172.18.0.1 linkdown 172.19.0.0/16 dev br-7db1c03f4c30 proto kernel scope link src 172.19.0.1 linkdown 172.20.0.0/16 dev br-2045bc6863ab proto kernel scope link src 172.20.0.1 linkdown 172.21.0.0/16 dev br-4c9c9aaae848 proto kernel scope link src 172.21.0.1 linkdown 172.22.0.0/16 dev br-896cc57c445a proto kernel scope link src 172.22.0.1 linkdown 172.23.0.0/16 dev br-cc2d7d2706fa proto kernel scope link src 172.23.0.1 linkdown 172.24.0.0/16 dev br-b1e37f2f9d34 proto kernel scope link src 172.24.0.1 linkdown 172.25.0.0/16 dev br-8347d3b3ba17 proto kernel scope link src 172.25.0.1 linkdown 192.168.0.0/24 dev eno1 proto kernel scope link src 192.168.0.106 metric 100 192.168.1.1 dev snx-tun scope link 192.168.20.1 dev snx-tun scope link 192.168.21.1 dev snx-tun scope link 192.168.22.1 dev snx-tun scope link 192.168.23.1 dev snx-tun scope link 192.168.24.1 dev snx-tun scope link 192.168.25.1 dev snx-tun scope link 192.168.26.0/24 dev snx-tun proto kernel scope link src 192.168.26.17 192.168.27.1 dev snx-tun scope link 192.168.28.1 dev snx-tun scope link 192.168.29.1 dev snx-tun scope link 192.168.30.1 dev snx-tun scope link 192.168.31.1 dev snx-tun scope link 192.168.63.1 dev snx-tun scope link 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown ```

I can do curl queries by ip through the tunnel interface. For example: curl --interface snx-tun http://192.168.29.197

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

but unfortunately can't by name

# curl --interface snx-tun http://abc.defgh.klm
curl: (6) Could not resolve host: abc.defgh.klm

This is probably because I don't have systemd-resolved configured as a global DNS resolver on void linux. My /etc/resolv.conf

# cat /etc/resolv.conf
# Generated by resolvconf
nameserver 1.1.1.1
nameserver 1.0.0.1

Could you please tell me if I can redirect traffic on my own without using the not working default-route=true and how I can do it?


my system Void Linux

# uname -a
Linux host 6.6.52_1 #1 SMP PREEMPT_DYNAMIC Sat Sep 21 15:47:36 UTC 2024 x86_64 GNU/Linux

D-Bus enabled as a runit service

and it would be nice to add a feature to mask sensitive data in the logs 🙂

ancwrd1 commented 1 month ago

Hello, for DNS resolution or custom routes you don't need to change a default route. I will check anyway if I can fix this default-route issue for the SSL tunnel. For custom routes there are several parameters available, for example add-routes=<routes>.

You can configure DNS manually on your system (It's 192.168.25.5 I believe), I think on Void it's /etc/resolvconf.conf or similar, but I am not much familiar with it. You can tell snx-rs to not modify DNS settings via no-dns=true.

Alternatively, I guess multiple DNS resolver backends could be added to the project, including NetworkManager and resolvconf, but it will require some time.

dpqkdqkj commented 1 month ago

default-route=true redirects all system traffic to the created tunnel? Do I understand the default-route parameter correctly? I want to be able to redirect all my network requests through the VPN.

Setting the address 192.168.25.5 in the /etc/resolv.conf file was not successful. I think this is because the DNS request is not going through the tunnel but to 192.168.0.1.

All I need to do is turn on the VPN for a while to take/send data on work maybe in a browser or git. I thought that default-route=true did exactly that. Maybe I'm wrong?

ancwrd1 commented 1 month ago

default-route redirects all traffic via the VPN interface (including all global Internet IPs), in most cases this is not needed. I think there is a bug in there in the SSL tunnel implementation, because there must be an exception defined which skips it for the VPN server itself (traffic to the VPN server should be routed through your internet connection). This was fixed few releases ago for the IPSec tunnel, but not for SSL.

By default, only traffic meant for addresses behind the VPN is redirected through the tunnel. We are getting those routes from the CheckPoint VPN server.

I see that in your case your DNS server is not in this list: DNS server: 192.168.25.5 Routes:

192.168.1.1 dev snx-tun scope link 
192.168.20.1 dev snx-tun scope link 
192.168.21.1 dev snx-tun scope link 
192.168.22.1 dev snx-tun scope link 
192.168.23.1 dev snx-tun scope link 
192.168.24.1 dev snx-tun scope link 
192.168.25.1 dev snx-tun scope link 
192.168.26.0/24 dev snx-tun proto kernel scope link src 192.168.26.17 
192.168.27.1 dev snx-tun scope link 
192.168.28.1 dev snx-tun scope link 
192.168.29.1 dev snx-tun scope link 
192.168.30.1 dev snx-tun scope link 
192.168.31.1 dev snx-tun scope link 
192.168.63.1 dev snx-tun scope link 

What you can try is add an option in the config file: add-route = 192.168.25.5/32

dpqkdqkj commented 1 month ago

I added to the config add-routes=192.168.25.5/32 and put nameserver 192.168.25.5 in /etc/resolv.conf and now DNS is working!

Hide/Show config cat conf.conf (with add-routes=192.168.25.5/32) ``` # cat conf.conf server-name= user-name= log-level=trace tunnel-type=ssl login-type=vpn cert-type=none no-cert-check=true ignore-server-cert=true add-routes=192.168.25.5/32 ```
Hide/Show output ip route ``` default via 192.168.0.1 dev eno1 proto dhcp src 192.168.0.106 metric 100 dev snx-tun scope link 192.168.0.0/24 dev eno1 proto kernel scope link src 192.168.0.106 metric 100 192.168.1.1 dev snx-tun scope link 192.168.20.1 dev snx-tun scope link 192.168.21.1 dev snx-tun scope link 192.168.22.1 dev snx-tun scope link 192.168.23.1 dev snx-tun scope link 192.168.24.1 dev snx-tun scope link 192.168.25.1 dev snx-tun scope link 192.168.25.5 dev snx-tun scope link 192.168.26.0/24 dev snx-tun proto kernel scope link src 192.168.26.1 192.168.27.1 dev snx-tun scope link 192.168.28.1 dev snx-tun scope link 192.168.29.1 dev snx-tun scope link 192.168.30.1 dev snx-tun scope link 192.168.31.1 dev snx-tun scope link 192.168.63.1 dev snx-tun scope link ```
Hide/Show output cat /etc/resolv.conf ``` # Generated by resolvconf nameserver 192.168.25.5 #nameserver 1.1.1.1 #nameserver 1.0.0.1 ```
Hide/Show output curl -v --interface snx-tun http://abc.defgh.klm ``` curl -v --interface snx-tun http://abc.defgh.klm * Host abc.defgh.klm:80 was resolved. * IPv6: (none) * IPv4: 192.168.29.197 * Trying 192.168.29.197:80... * socket successfully bound to interface 'snx-tun' * Connected to abc.defgh.klm (192.168.29.197) port 80 * using HTTP/1.x > GET / HTTP/1.1 > Host: abc.defgh.klm > User-Agent: curl/8.10.1 > Accept: */* > * Request completely sent off < HTTP/1.1 301 Moved Permanently < Server: nginx < Date: Tue, 29 Oct 2024 10:18:23 GMT < Content-Type: text/html < Content-Length: 162 < Connection: keep-alive < Location: https://abc.defgh.klm:443/ < 301 Moved Permanently

301 Moved Permanently


nginx
* Connection #0 to host abc.defgh.klm left intact ```

Can I redirect e.g. browser or git traffic through the tunnel myself (without using default-route=true)?

ancwrd1 commented 1 month ago

You can add more manual routes if you have a fixed destination for your browser or for git server (e.g. x.x.x.x/32, with an IP address of the host). But for generic "catch-all" traffic a routing table trick is required:

ip route add table 18234 default dev snx-tun
ip rule add not to VPN_SERVER_IP table 18234

Where VPN_SERVER_IP is the IP address of CheckPoint server. I will fix it in the code.

dpqkdqkj commented 1 month ago

"Сatch-all" traffic a routing table trick works. I can now view the page in a browser. And the logs now look like this.

Hide/Show output ./snx-rs -m command -c conf.conf ``` 2024-10-29T10:50:34.521246Z TRACE snxcore::tunnel::ssl::keepalive: Keepalive request: KeepaliveRequestData { id: "0" } 2024-10-29T10:50:34.533914Z DEBUG snxcore::tunnel::ssl: Control packet received 2024-10-29T10:50:34.868666Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 52 2024-10-29T10:50:34.883817Z TRACE snxcore::tunnel::ssl: snx => snx-tun: 52 2024-10-29T10:50:34.996673Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 52 2024-10-29T10:50:34.997787Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 60 2024-10-29T10:50:35.137811Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 63 2024-10-29T10:50:35.137854Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 63 2024-10-29T10:50:35.196167Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 64 2024-10-29T10:50:35.436231Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 64 2024-10-29T10:50:35.488044Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:50:35.488089Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:50:35.884931Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 64 2024-10-29T10:50:35.892629Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 105 2024-10-29T10:50:35.916248Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 64 2024-10-29T10:50:36.916689Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 1127 2024-10-29T10:50:36.924449Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 64 2024-10-29T10:50:37.044772Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 60 2024-10-29T10:50:37.151556Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 65 2024-10-29T10:50:37.151601Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 65 2024-10-29T10:50:37.154195Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 64 2024-10-29T10:50:38.530891Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 59 2024-10-29T10:50:38.530935Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 59 2024-10-29T10:50:38.737625Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:50:38.737671Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:50:38.844328Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 64 2024-10-29T10:50:39.024188Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 72 2024-10-29T10:50:39.024233Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 72 2024-10-29T10:50:39.353064Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 70 2024-10-29T10:50:39.353109Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 70 2024-10-29T10:50:39.444768Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 83 2024-10-29T10:50:39.444812Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 83 2024-10-29T10:50:40.143020Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 63 2024-10-29T10:50:40.143064Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 63 2024-10-29T10:50:41.076702Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 60 2024-10-29T10:50:41.263717Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 449 2024-10-29T10:50:41.263765Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 351 2024-10-29T10:50:41.299825Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:50:41.299859Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:50:41.322647Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 351 2024-10-29T10:50:41.556675Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 748 2024-10-29T10:50:42.020665Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 748 2024-10-29T10:50:42.548671Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 257 2024-10-29T10:50:42.685257Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 64 2024-10-29T10:50:42.996663Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 748 2024-10-29T10:50:43.537571Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 59 2024-10-29T10:50:43.537617Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 59 2024-10-29T10:50:43.742774Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:50:43.742819Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:50:44.029399Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 72 2024-10-29T10:50:44.029443Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 72 2024-10-29T10:50:44.450904Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 83 2024-10-29T10:50:44.450948Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 83 2024-10-29T10:50:44.770559Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 64 2024-10-29T10:50:44.852631Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 748 2024-10-29T10:50:45.108638Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 52 2024-10-29T10:50:45.121765Z TRACE snxcore::tunnel::ssl: snx => snx-tun: 52 2024-10-29T10:50:45.148151Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 63 2024-10-29T10:50:45.148196Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 63 2024-10-29T10:50:45.705813Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 52 2024-10-29T10:50:45.706205Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 61 2024-10-29T10:50:45.706244Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 61 2024-10-29T10:50:45.940668Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 52 2024-10-29T10:50:46.172667Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 52 2024-10-29T10:50:46.304773Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:50:46.304818Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:50:46.636663Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 52 2024-10-29T10:50:46.892949Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 64 2024-10-29T10:50:47.157649Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 105 2024-10-29T10:50:47.604659Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 52 2024-10-29T10:50:48.542756Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 59 2024-10-29T10:50:48.542800Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 59 2024-10-29T10:50:48.564663Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 748 2024-10-29T10:50:49.034570Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 72 2024-10-29T10:50:49.034615Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 72 2024-10-29T10:50:49.158515Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:50:49.158563Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:50:49.204821Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 60 2024-10-29T10:50:49.204869Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 60 2024-10-29T10:50:49.204886Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 60 2024-10-29T10:50:49.204901Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 60 2024-10-29T10:50:49.204916Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 60 2024-10-29T10:50:49.204936Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 60 2024-10-29T10:50:49.204953Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 60 2024-10-29T10:50:49.456094Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 83 2024-10-29T10:50:49.456139Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 83 2024-10-29T10:50:49.460654Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 52 2024-10-29T10:50:49.716789Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 60 2024-10-29T10:50:49.716834Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 60 2024-10-29T10:50:50.153279Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 63 2024-10-29T10:50:50.153322Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 63 2024-10-29T10:50:50.228807Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 60 2024-10-29T10:50:50.365183Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 64 2024-10-29T10:50:50.711399Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 61 2024-10-29T10:50:50.711443Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 61 2024-10-29T10:50:51.309945Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:50:51.309991Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:50:53.172675Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 52 2024-10-29T10:50:53.547889Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 59 2024-10-29T10:50:53.547934Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 59 2024-10-29T10:50:54.038694Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 72 2024-10-29T10:50:54.038737Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 72 2024-10-29T10:50:54.163728Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:50:54.163772Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:50:54.461234Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 83 2024-10-29T10:50:54.461279Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 83 2024-10-29T10:50:54.522623Z TRACE snxcore::tunnel::ssl::keepalive: Keepalive request: KeepaliveRequestData { id: "0" } 2024-10-29T10:50:54.534947Z DEBUG snxcore::tunnel::ssl: Control packet received 2024-10-29T10:50:55.348688Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 52 2024-10-29T10:50:55.361992Z TRACE snxcore::tunnel::ssl: snx => snx-tun: 52 2024-10-29T10:50:55.715693Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 61 2024-10-29T10:50:55.715736Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 61 2024-10-29T10:50:56.314697Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:50:56.314742Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:50:56.372665Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 748 2024-10-29T10:50:58.552635Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 59 2024-10-29T10:50:58.552665Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 59 2024-10-29T10:50:58.708050Z TRACE snxcore::tunnel::ssl: snx => snx-tun: 52 2024-10-29T10:50:58.708299Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 52 2024-10-29T10:50:58.721275Z TRACE snxcore::tunnel::ssl: snx => snx-tun: 52 2024-10-29T10:50:59.168678Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:50:59.168725Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:50:59.465711Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 83 2024-10-29T10:50:59.465756Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 83 2024-10-29T10:50:59.619172Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 64 2024-10-29T10:51:00.720720Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 61 2024-10-29T10:51:00.720766Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 61 2024-10-29T10:51:00.981555Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 52 2024-10-29T10:51:01.153846Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 72 2024-10-29T10:51:01.153898Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 72 2024-10-29T10:51:01.273080Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 52 2024-10-29T10:51:02.250331Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:51:02.250380Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:51:03.559225Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 59 2024-10-29T10:51:03.559275Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 59 2024-10-29T10:51:04.173830Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:51:04.173878Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:51:04.471886Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 83 2024-10-29T10:51:04.471933Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 83 2024-10-29T10:51:05.588861Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 60 2024-10-29T10:51:05.725065Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 64 2024-10-29T10:51:06.159074Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 72 2024-10-29T10:51:06.159118Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 72 2024-10-29T10:51:07.254775Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:51:07.254818Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 62 2024-10-29T10:51:08.564436Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 59 2024-10-29T10:51:08.564515Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 59 2024-10-29T10:51:09.172659Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 105 2024-10-29T10:51:09.476756Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 83 2024-10-29T10:51:09.476801Z TRACE snxcore::tunnel::ssl: snx-tun => snx: 83 ```

Thank you very much, Dmitry! 😊

ancwrd1 commented 1 month ago

Should be fixed now in the code.