search

schlatterbeck / snxvpn

Command-line utility to connect to a Checkpoint SSL VPN
Other
65 stars 58 forks source link

Error: Login failed (no MultiChallenge) #10

Open edvasqueza opened 6 years ago

edvasqueza commented 6 years ago

Hello, I'm getting this error:

snxconnect -H ... -U ... -D
sslvpn/Login/Login
https://.../sslvpn/Login/Login
sslvpn/Login/../Login/JS_RSA.js
{'modulus': '...', 'exponent': '...'}
sslvpn/Login/Login
https://.../sslvpn/Login/Login
Date: Fri, 26 Jan 2018 18:59:04 GMT
Server: CPWS
X-Frame-Options: SAMEORIGIN
Pragma: no-cache
Cache-Control: no-store
Vary: User-Agent
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

Login failed (expected MultiChallenge)
Login failed (no MultiChallenge): https://.....

Any ideas what is going on?

Thanks!

maxsalov commented 6 years ago

I got the same error. In my case, the problem was in the path to the pages. Firstly I used additional parameter "-F Login/Login". Secondly, I found that in the script hardcoded another file path "sslvpn/SNX/extender" in two places. I changed it to "SNX/extender", installed an edited script and got established connection! Note, I used a script from a git, not pypi.

Jancis commented 6 years ago

Good job, @maxsalov! Do a diff and create PR that fixes the issue!

Jancis commented 6 years ago

Sorry to hijack the issue, but for anyone having issue with MultiChallenge, I made a fork that makes it optional. https://github.com/Jancis/snxvpn/commit/3c8e83aa7748251b3070042ccaaee624891c20f3 But use it with caution as I also removed SSL validation there (newest python in my system now wants to use it's own cert storage instead of global). I have to rewrite that part, but in case you want to use VPN right away, my fork could help.

Jancis commented 6 years ago

Made PR (#11) that should fix this issue.

vpegado commented 6 years ago

@maxsalov Made the extender path configurable in https://github.com/schlatterbeck/snxvpn/pull/15

lpalgarvio commented 5 years ago

15 works for me!

erzads commented 5 years ago

I am struggling with this issue. I have been using vanilla snx for a while, but today someone updated the checkpoint TLS to 1.1 and that made every linux user unable to connect. I am trying to use snxvpn but I get the multichallenge error. We use a token system and normally we just concatenate the token to our password, but that doesn't seem to work with snxvpn.

~/.local/bin/snxconnect -H vpn.host.com -U USERNAME -p https -F Login/Login -D -P PASSWORDPLUSTOKEN
Login/Login
https://vpn.host.com/sslvpn/Login/Login
Login/../Login/JS_RSA.js
{u'modulus': u'c904cd14...', u'exponent': u'010001'}
sslvpn/Login/Login
https://vpn.host.com/sslvpn/Login/Login
Date: Fri, 12 Apr 2019 16:26:25 GMT
Server: CPWS
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' localhost:14186 www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; img-src https:; font-src 'self' data: fonts.gstatic.com
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Pragma: no-cache
Cache-Control: no-store
X-XSS-Protection: 1; mode=block
Vary: User-Agent
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

Login failed (expected MultiChallenge)
Login failed (no MultiChallenge): https://vpn.host.com/sslvpn/Login/Login
tuxflo commented 5 years ago

Same issue here also using hardware token + PIN combination.

bpottier commented 4 years ago

Same issue here also using hardware token + PIN combination.

Any update on this?