Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
kapila
Explorer

Can't connect remote server from SNX

I'm trying to connect remote server (hosted on banking env)  from my laptop (fedora 34  64 bits) via VPN. It's getting below error and I'm not sure that I'm using correct method to connect.  However I can able to access from my windows 10 OS using (E81.40 End Point Client.msi) 

Here my details - 

[root@fedora Downloads]# uname -a
Linux fedora 5.15.11-100.fc34.x86_64 #1 SMP Wed Dec 22 15:44:37 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

 

[root@fedora Downloads]# snx
Check Point's Linux SNX
build 800008209

 

[root@fedora Downloads]# java -version
openjdk version "11.0.13" 2021-10-19
OpenJDK Runtime Environment 18.9 (build 11.0.13+8)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.13+8, mixed mode, sharing)

 

[root@fedora Downloads]# ldd /usr/bin/snx
linux-gate.so.1 (0xf7eda000)
libX11.so.6 => /lib/libX11.so.6 (0xf7d65000)
libpthread.so.0 => /lib/libpthread.so.0 (0xf7d43000)
libresolv.so.2 => /lib/libresolv.so.2 (0xf7d2a000)
libdl.so.2 => /lib/libdl.so.2 (0xf7d24000)
libpam.so.0 => /lib/libpam.so.0 (0xf7d11000)
libnsl.so.1 => /lib/libnsl.so.1 (0xf7cf4000)
libstdc++.so.5 => /lib/libstdc++.so.5 (0xf7c3b000)
libc.so.6 => /lib/libc.so.6 (0xf7a7b000)
libxcb.so.1 => /lib/libxcb.so.1 (0xf7a4d000)
/lib/ld-linux.so.2 (0xf7edc000)
libaudit.so.1 => /lib/libaudit.so.1 (0xf7a1f000)
libeconf.so.0 => /lib/libeconf.so.0 (0xf7a14000)
libm.so.6 => /lib/libm.so.6 (0xf7941000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0xf7923000)
libXau.so.6 => /lib/libXau.so.6 (0xf791d000)
libcap-ng.so.0 => /lib/libcap-ng.so.0 (0xf7914000)

[root@fedora Downloads]# file /usr/bin/snx
/usr/bin/snx: setuid ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.2.5, stripped

 

Try to connect 

 

[root@fedora ~]# snx -s 222.165.143.54 -u arimac_kapila -g
Check Point's Linux SNX
build 800008209
Please enter your password:

SNX: Authentication failed
[root@fedora ~]#

 

Log details 

[ 6916 -141465024]@fedora[1 Jan 10:59:43] snx: starting debug - Sat Jan 1 10:59:43 2022

[ 6916 -141465024]@fedora[1 Jan 10:59:56] snx_browser::snx_browser(): called
[ 6916 -141465024]@fedora[1 Jan 10:59:56] snx_browser::auth: entering
[ 6916 -141465024]@fedora[1 Jan 10:59:56] gwinfo:gwinfo: entered!0xa344560
[ 6916 -141465024]@fedora[1 Jan 10:59:56] creating the ssl layer
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::talkssl(): entered with chunk=512, opaque=f78d1010, link_established=80eba80, link_failure=80eba60, packet_receive=80eba30, verify_gw=80ebaa0
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::set_sslalg: setting ssl alg to 2
[ 6916 -141465024]@fedora[1 Jan 10:59:56] connecting
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSLctx_New: prefs = 1e
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSLctx_New: CKPSSL_ACCEPT_TLS1_2 is turned on + (CKPSSL_ACCEPT_TLSV1 | CKPSSL_ACCEPT_SSL3)
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSLctx_New: choose SSLv23_method == the highest TLS version available -> should provide TLS 1.2
[ 6916 -141465024]@fedora[1 Jan 10:59:56] is_initialized: new process or forked
[ 6916 -141465024]@fedora[1 Jan 10:59:56] CkpRegDir: Environment variable CPDIR is not set.
[ 6916 -141465024]@fedora[1 Jan 10:59:56] GenerateGlobalEntry: Unable to get registry path
[ 6916 -141465024]@fedora[1 Jan 10:59:56] CkpRegDir: Environment variable CPDIR is not set.
[ 6916 -141465024]@fedora[1 Jan 10:59:56] GenerateGlobalEntry: Unable to get registry path
[ 6916 -141465024]@fedora[1 Jan 10:59:56] The PRNG was not initialized properly
[ 6916 -141465024]@fedora[1 Jan 10:59:56] CkpRegDir: Environment variable CPDIR is not set.
[ 6916 -141465024]@fedora[1 Jan 10:59:56] GenerateGlobalEntry: Unable to get registry path
[ 6916 -141465024]@fedora[1 Jan 10:59:56] CkpRegDir: Environment variable CPDIR is not set.
[ 6916 -141465024]@fedora[1 Jan 10:59:56] GenerateGlobalEntry: Unable to get registry path
[ 6916 -141465024]@fedora[1 Jan 10:59:56] CkpRegDir: Environment variable CPDIR is not set.
[ 6916 -141465024]@fedora[1 Jan 10:59:56] GenerateGlobalEntry: Unable to get registry path
[ 6916 -141465024]@fedora[1 Jan 10:59:56] CkpRegDir: Environment variable CPDIR is not set.
[ 6916 -141465024]@fedora[1 Jan 10:59:56] GenerateGlobalEntry: Unable to get registry path
[ 6916 -141465024]@fedora[1 Jan 10:59:56] rand_add_seedfile: Failed to read seed from registry.: Operation not permitted
[ 6916 -141465024]@fedora[1 Jan 10:59:56] CkpRegDir: Environment variable CPDIR is not set.
[ 6916 -141465024]@fedora[1 Jan 10:59:56] GenerateGlobalEntry: Unable to get registry path
[ 6916 -141465024]@fedora[1 Jan 10:59:56] CkpRegDir: Environment variable CPDIR is not set.
[ 6916 -141465024]@fedora[1 Jan 10:59:56] GenerateGlobalEntry: Unable to get registry path
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwrand_write_seed: Failed to read seed from registry.: Operation not permitted
[ 6916 -141465024]@fedora[1 Jan 10:59:56] CkpRegDir: Environment variable CPDIR is not set.
[ 6916 -141465024]@fedora[1 Jan 10:59:56] GenerateGlobalEntry: Unable to get registry path
[ 6916 -141465024]@fedora[1 Jan 10:59:56] CkpRegDir: Environment variable CPDIR is not set.
[ 6916 -141465024]@fedora[1 Jan 10:59:56] GenerateGlobalEntry: Unable to get registry path
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwrand_write_seed: Failed to write seed.: Operation not permitted
[ 6916 -141465024]@fedora[1 Jan 10:59:56] CkpRegDir: Environment variable CPDIR is not set.
[ 6916 -141465024]@fedora[1 Jan 10:59:56] GenerateGlobalEntry: Unable to get registry path
[ 6916 -141465024]@fedora[1 Jan 10:59:56] isExist: ProxyEntity didn't initiated yet
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::start_async: Creating a new connection
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::start_async: Connecting to gw: 0x368fa5de, port: 443
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_make_connection: dea58f36/443: dowait is -1 sock is 6
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::start_async: Connection created successfully
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_conn_params: <c0a80870,46381> -> <dea58f36,443>
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: state: CONN_INIT - entering
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: start ssl negotaition
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: start openSSL negotaition
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_PrepareConnection: verify mode: 0
[ 6916 -141465024]@fedora[1 Jan 10:59:56] My SSL Ciphers:
[ 6916 -141465024]@fedora[1 Jan 10:59:56] Cipher List:
[ 6916 -141465024]@fedora[1 Jan 10:59:56] 0: AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1

[ 6916 -141465024]@fedora[1 Jan 10:59:56] 1: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1

[ 6916 -141465024]@fedora[1 Jan 10:59:56] 2: DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1

[ 6916 -141465024]@fedora[1 Jan 10:59:56] 3: RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

[ 6916 -141465024]@fedora[1 Jan 10:59:56] 4: DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1

[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: Returning OK!!!
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_NegotiateStep: current state = before/connect initialization
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_NegotiateStep: should retry.
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_NegotiateStep: current state = SSLv2/v3 read server hello A
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_VerifyCallback: no params or params->key_holder
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_NegotiateStep: should retry.
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_NegotiateStep: current state = SSLv3 read finished A
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_NegotiateStep: conncected, used TLSv1/SSLv3 ,AES128-SHA (-1)
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_connected: peer authenticated
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_connected: current state: SSL negotiation finished successfully
[ 6916 -141465024]@fedora[1 Jan 10:59:56] Certificate is:
[ 6916 -141465024]@fedora[1 Jan 10:59:56] X509 Certificate Version 3
[ 6916 -141465024]@fedora[1 Jan 10:59:56] Serial Number: 62541
[ 6916 -141465024]@fedora[1 Jan 10:59:56] Issuer: O=SLTIDC-CP-MGMT..xtaofp
[ 6916 -141465024]@fedora[1 Jan 10:59:56] Subject: CN=SLTiDC-CP-Cluster VPN Certificate,O=SLTIDC-CP-MGMT..xtaofp
[ 6916 -141465024]@fedora[1 Jan 10:59:56] Not valid before: Mon Jan 25 14:23:01 2021 Local Time
[ 6916 -141465024]@fedora[1 Jan 10:59:56] Not valid after: Sun Jan 25 14:23:01 2026 Local Time
[ 6916 -141465024]@fedora[1 Jan 10:59:56] Extensions:
[ 6916 -141465024]@fedora[1 Jan 10:59:56] Key Usage:
[ 6916 -141465024]@fedora[1 Jan 10:59:56] digitalSignature
[ 6916 -141465024]@fedora[1 Jan 10:59:56] keyEncipherment
[ 6916 -141465024]@fedora[1 Jan 10:59:56] Subject Alternate names:
[ 6916 -141465024]@fedora[1 Jan 10:59:56] IP: 192.168.100.254
[ 6916 -141465024]@fedora[1 Jan 10:59:56] Basic Constraint:
[ 6916 -141465024]@fedora[1 Jan 10:59:56] not CA
[ 6916 -141465024]@fedora[1 Jan 10:59:56] CRL distribution Points:
[ 6916 -141465024]@fedora[1 Jan 10:59:56] URI: http://SLTIDC-CP-MGMT:18264/ICA_CRL1.crl
[ 6916 -141465024]@fedora[1 Jan 10:59:56] DN: CN=ICA_CRL1,O=SLTIDC-CP-MGMT..xtaofp
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_connbuf_realloc: reallocating 0 from 0 to 1025
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_in: 6: got 0 of 0 bytes == 0 bytes required
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_in: 6: managed to read 0 of 0 bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_in: 6: call: 80ee780 with 2
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: state: << SSL_NEGOTIATION >> - negotiation ended and succeeded
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_get_CN: chain index is 2
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_get_CN: returning SLTiDC-CP-Cluster VPN Certificate
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_get_CAHash: chain index is 2
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_get_CAHash: returning 20
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: server_fingerprint = YOU COCA SUNK ANDY RAIN TALK DAY PA IOTA SNAG OUT NOTE
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: server_cn = SLTiDC-CP-Cluster VPN Certificate, server_fingerprint = YOU COCA SUNK ANDY RAIN TALK DAY PA IOTA SNAG OUT NOTE
[ 6916 -141465024]@fedora[1 Jan 10:59:56] snx_browser::VG: called with SLTiDC-CP-Cluster VPN Certificate and YOU COCA SUNK ANDY RAIN TALK DAY PA IOTA SNAG OUT NOTE
[ 6916 -141465024]@fedora[1 Jan 10:59:56] snx_browser::VG: calling ext vg callback
[ 6916 -141465024]@fedora[1 Jan 10:59:56] SNX_UserDB_CreateHandle: start
[ 6916 -141465024]@fedora[1 Jan 10:59:56] SNX_UserDB_GetFileName: Start
[ 6916 -141465024]@fedora[1 Jan 10:59:56] SNX_UserDB_GetCurrentUserName: Start
[ 6916 -141465024]@fedora[1 Jan 10:59:56] SNX_UserDB_Parse: empty line, ignore
[ 6916 -141465024]@fedora[1 Jan 10:59:56] snx_vg: called with SLTiDC-CP-Cluster VPN Certificate and YOU COCA SUNK ANDY RAIN TALK DAY PA IOTA SNAG OUT NOTE
[ 6916 -141465024]@fedora[1 Jan 10:59:56] SNX_UserDB_GetCNHash: Got hash for 'SLTiDC-CP-Cluster VPN Certificate'
[ 6916 -141465024]@fedora[1 Jan 10:59:56] snx_vg: OK
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: calling the link_established cb
[ 6916 -141465024]@fedora[1 Jan 10:59:56] snx_browser::Established: entering - conn_count: 0
[ 6916 -141465024]@fedora[1 Jan 10:59:56] snx_browser::Established: state==DETECTION
[ 6916 -141465024]@fedora[1 Jan 10:59:56] generate_msg type: 9
[ 6916 -141465024]@fedora[1 Jan 10:59:56] msg is: GET /index.html HTTP/1.0
User-Agent:SNXClient
Host: 222.165.143.54


[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::send_data: Entering for 72 bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_connbuf_realloc: reallocating 0 from 0 to 1096
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_in: 6: rc=1, next: 80ee780 with 3, req: 512r, 72w
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_out: 6: sent 0 of 72 bytes == 72 bytes to send
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_do_write: write 72 bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_out: 6: managed to send 72 of 72 bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_out: 6: call: 80ee780 with 3
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: after sending packet
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_out: 6: rc=1, next: 80ee780 with 3, req: 512r, 0w
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_in: 6: got 0 of 512 bytes == 512 bytes required
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_do_read: read 512 bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_in: 6: managed to read 512 of 512 bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_in: 6: call: 80ee780 with 3
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: state: SSL_RECV - entering
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: got 512 bytes, wanted 512 bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_conn_reset_read: 6
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: calling recv with dlen 512
[ 6916 -141465024]@fedora[1 Jan 10:59:56] snx_browser::Receive: got 512 bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] snx_browser::Receive: got data
HTTP/1.0 404 Not Found
Date: Sat, 01 Jan 2022 05:29:56 GMT
Server: Check Point SVN foundation
Content-Type: text/html
X-UA-Compatible: IE=EmulateIE7
Connection: close
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Mon, 27 Jan 2020 16:26:24 GMT
Content-Length: 204

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<TITLE> 404 File Not Found </TITLE>
</HEAD>

<BODY>

The URL you requested could not be found on thi
[ 6916 -141465024]@fedora[1 Jan 10:59:56] exists_in_buf: entering, type is 2
[ 6916 -141465024]@fedora[1 Jan 10:59:56] exists_in_buf: returning 0
[ 6916 -141465024]@fedora[1 Jan 10:59:56] exists_in_buf: entering, type is 5
[ 6916 -141465024]@fedora[1 Jan 10:59:56] exists_in_buf: returning 0
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_in: 6: rc=1, next: 80ee780 with 3, req: 512r, 0w
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_InputPending 1 pending bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_InputPending 1 pending bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_in: 6: got 0 of 512 bytes == 512 bytes required
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_do_read: read 27 bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_in: 6: managed to read 27 of 512 bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_in: 6: call: 80ee780 with 3
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: state: SSL_RECV - entering
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: got 27 bytes, wanted 512 bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_conn_reset_read: 6
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: calling recv with dlen 27
[ 6916 -141465024]@fedora[1 Jan 10:59:56] snx_browser::Receive: got 27 bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] snx_browser::Receive: got data
s server.

</BODY>
</HTML>

[ 6916 -141465024]@fedora[1 Jan 10:59:56] exists_in_buf: entering, type is 2
[ 6916 -141465024]@fedora[1 Jan 10:59:56] exists_in_buf: returning 1
[ 6916 -141465024]@fedora[1 Jan 10:59:56] snx_browser::Receive: state==DETECTION
[ 6916 -141465024]@fedora[1 Jan 10:59:56] snx_browser::Receive: gw type was set to 0
[ 6916 -141465024]@fedora[1 Jan 10:59:56] exists_in_buf: entering, type is 1
[ 6916 -141465024]@fedora[1 Jan 10:59:56] exists_in_buf: returning 1
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::disconnect: called
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::end_handler: ending connection
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::end_handler: Entered with SHUTDOWN, normal.
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSLctx_New: prefs = 1e
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSLctx_New: CKPSSL_ACCEPT_TLS1_2 is turned on + (CKPSSL_ACCEPT_TLSV1 | CKPSSL_ACCEPT_SSL3)
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSLctx_New: choose SSLv23_method == the highest TLS version available -> should provide TLS 1.2
[ 6916 -141465024]@fedora[1 Jan 10:59:56] isExist: ProxyEntity didn't initiated yet
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::start_async: Creating a new connection
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::start_async: Connecting to gw: 0x368fa5de, port: 443
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_make_connection: dea58f36/443: dowait is -1 sock is 7
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::start_async: Connection created successfully
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_in: 6: rc=1, next: 80ee780 with 6, req: 512r, 0w
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_in: 6: got 0 of 512 bytes == 512 bytes required
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_in: 6: peer closed connection
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_end_conn: scheduling the end of connection 6
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_do_end_conn: closing connection 6 (conn=a353ed0)
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_fwasync_close: start shutdown
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_StartShutdown: fd=6, peer already closed
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_ShutdownHandler: state is ckpSSL_St_PeerClosed
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_Destroy: closed fd 6
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_do_end_conn: end closing connection a353ed0 6
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_conn_params: <c0a80870,48757> -> <dea58f36,443>
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: state: CONN_INIT - entering
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: start ssl negotaition
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: start openSSL negotaition
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_PrepareConnection: verify mode: 0
[ 6916 -141465024]@fedora[1 Jan 10:59:56] My SSL Ciphers:
[ 6916 -141465024]@fedora[1 Jan 10:59:56] Cipher List:
[ 6916 -141465024]@fedora[1 Jan 10:59:56] 0: AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1

[ 6916 -141465024]@fedora[1 Jan 10:59:56] 1: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1

[ 6916 -141465024]@fedora[1 Jan 10:59:56] 2: DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1

[ 6916 -141465024]@fedora[1 Jan 10:59:56] 3: RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

[ 6916 -141465024]@fedora[1 Jan 10:59:56] 4: DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1

[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: Returning OK!!!
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_NegotiateStep: current state = before/connect initialization
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_NegotiateStep: should retry.
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_NegotiateStep: current state = SSLv2/v3 read server hello A
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_VerifyCallback: no params or params->key_holder
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_NegotiateStep: should retry.
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_NegotiateStep: current state = SSLv3 read finished A
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_NegotiateStep: conncected, used TLSv1/SSLv3 ,AES128-SHA (-1)
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_connected: peer authenticated
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_connected: current state: SSL negotiation finished successfully
[ 6916 -141465024]@fedora[1 Jan 10:59:56] Certificate is:
[ 6916 -141465024]@fedora[1 Jan 10:59:56] X509 Certificate Version 3
[ 6916 -141465024]@fedora[1 Jan 10:59:56] Serial Number: 62541
[ 6916 -141465024]@fedora[1 Jan 10:59:56] Issuer: O=SLTIDC-CP-MGMT..xtaofp
[ 6916 -141465024]@fedora[1 Jan 10:59:56] Subject: CN=SLTiDC-CP-Cluster VPN Certificate,O=SLTIDC-CP-MGMT..xtaofp
[ 6916 -141465024]@fedora[1 Jan 10:59:56] Not valid before: Mon Jan 25 14:23:01 2021 Local Time
[ 6916 -141465024]@fedora[1 Jan 10:59:56] Not valid after: Sun Jan 25 14:23:01 2026 Local Time
[ 6916 -141465024]@fedora[1 Jan 10:59:56] Extensions:
[ 6916 -141465024]@fedora[1 Jan 10:59:56] Key Usage:
[ 6916 -141465024]@fedora[1 Jan 10:59:56] digitalSignature
[ 6916 -141465024]@fedora[1 Jan 10:59:56] keyEncipherment
[ 6916 -141465024]@fedora[1 Jan 10:59:56] Subject Alternate names:
[ 6916 -141465024]@fedora[1 Jan 10:59:56] IP: 192.168.100.254
[ 6916 -141465024]@fedora[1 Jan 10:59:56] Basic Constraint:
[ 6916 -141465024]@fedora[1 Jan 10:59:56] not CA
[ 6916 -141465024]@fedora[1 Jan 10:59:56] CRL distribution Points:
[ 6916 -141465024]@fedora[1 Jan 10:59:56] URI: http://SLTIDC-CP-MGMT:18264/ICA_CRL1.crl
[ 6916 -141465024]@fedora[1 Jan 10:59:56] DN: CN=ICA_CRL1,O=SLTIDC-CP-MGMT..xtaofp
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_connbuf_realloc: reallocating 0 from 0 to 1025
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_in: 7: got 0 of 0 bytes == 0 bytes required
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_in: 7: managed to read 0 of 0 bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_in: 7: call: 80ee780 with 2
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: state: << SSL_NEGOTIATION >> - negotiation ended and succeeded
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_get_CN: chain index is 2
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_get_CN: returning SLTiDC-CP-Cluster VPN Certificate
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_get_CAHash: chain index is 2
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_get_CAHash: returning 20
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: server_fingerprint = YOU COCA SUNK ANDY RAIN TALK DAY PA IOTA SNAG OUT NOTE
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: server_cn = SLTiDC-CP-Cluster VPN Certificate, server_fingerprint = YOU COCA SUNK ANDY RAIN TALK DAY PA IOTA SNAG OUT NOTE
[ 6916 -141465024]@fedora[1 Jan 10:59:56] snx_browser::VG: fingerprint was already verifed
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: calling the link_established cb
[ 6916 -141465024]@fedora[1 Jan 10:59:56] snx_browser::Established: entering - conn_count: 1
[ 6916 -141465024]@fedora[1 Jan 10:59:56] snx_browser::Established: state==FIRST_REQ
[ 6916 -141465024]@fedora[1 Jan 10:59:56] generate_msg type: 1
[ 6916 -141465024]@fedora[1 Jan 10:59:56] msg is: GET /extender.html HTTP/1.0
User-Agent:SNXClient
Host: 222.165.143.54


[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::send_data: Entering for 75 bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_connbuf_realloc: reallocating 0 from 0 to 1099
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_in: 7: rc=1, next: 80ee780 with 3, req: 512r, 75w
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_out: 7: sent 0 of 75 bytes == 75 bytes to send
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_do_write: write 75 bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_out: 7: managed to send 75 of 75 bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_out: 7: call: 80ee780 with 3
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: after sending packet
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_out: 7: rc=1, next: 80ee780 with 3, req: 512r, 0w
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_in: 7: got 0 of 512 bytes == 512 bytes required
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_do_read: read 512 bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_in: 7: managed to read 512 of 512 bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_in: 7: call: 80ee780 with 3
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: state: SSL_RECV - entering
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: got 512 bytes, wanted 512 bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_conn_reset_read: 7
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: calling recv with dlen 512
[ 6916 -141465024]@fedora[1 Jan 10:59:56] snx_browser::Receive: got 512 bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] snx_browser::Receive: got data
HTTP/1.0 404 Not Found
Date: Sat, 01 Jan 2022 05:29:56 GMT
Server: Check Point SVN foundation
Content-Type: text/html
X-UA-Compatible: IE=EmulateIE7
Connection: close
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
Last-Modified: Mon, 27 Jan 2020 16:26:24 GMT
Content-Length: 204

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<TITLE> 404 File Not Found </TITLE>
</HEAD>

<BODY>

The URL you requested could not be found on thi
[ 6916 -141465024]@fedora[1 Jan 10:59:56] exists_in_buf: entering, type is 2
[ 6916 -141465024]@fedora[1 Jan 10:59:56] exists_in_buf: returning 0
[ 6916 -141465024]@fedora[1 Jan 10:59:56] exists_in_buf: entering, type is 5
[ 6916 -141465024]@fedora[1 Jan 10:59:56] exists_in_buf: returning 0
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_in: 7: rc=1, next: 80ee780 with 3, req: 512r, 0w
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_InputPending 1 pending bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_InputPending 1 pending bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_in: 7: got 0 of 512 bytes == 512 bytes required
[ 6916 -141465024]@fedora[1 Jan 10:59:56] ckpSSL_do_read: read 27 bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_in: 7: managed to read 27 of 512 bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_mux_in: 7: call: 80ee780 with 3
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: state: SSL_RECV - entering
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: got 27 bytes, wanted 512 bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] fwasync_conn_reset_read: 7
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::client_handler: calling recv with dlen 27
[ 6916 -141465024]@fedora[1 Jan 10:59:56] snx_browser::Receive: got 27 bytes
[ 6916 -141465024]@fedora[1 Jan 10:59:56] snx_browser::Receive: got data
s server.

</BODY>
</HTML>

[ 6916 -141465024]@fedora[1 Jan 10:59:56] exists_in_buf: entering, type is 2
[ 6916 -141465024]@fedora[1 Jan 10:59:56] exists_in_buf: returning 1
[ 6916 -141465024]@fedora[1 Jan 10:59:56] snx_browser::Receive: state==FIRST_REQ
[ 6916 -141465024]@fedora[1 Jan 10:59:56] search_for: searching for timestamp.value = " and ";
[ 6916 -141465024]@fedora[1 Jan 10:59:56] search_for: prefix not found!
[ 6916 -141465024]@fedora[1 Jan 10:59:56] parse_page_for_timestamp: timestamp not found!
[ 6916 -141465024]@fedora[1 Jan 10:59:56] snx: quit.
[ 6916 -141465024]@fedora[1 Jan 10:59:56] snx_browser::~snx_browser: called
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::~talkssl: delete link
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::end_handler: ending connection
[ 6916 -141465024]@fedora[1 Jan 10:59:56] snx_browser::Failure: entering with code: 2
[ 6916 -141465024]@fedora[1 Jan 10:59:56] got link down!- exit
[ 6916 -141465024]@fedora[1 Jan 10:59:56] talkssl::~talkssl: end
[ 6916 -141465024]@fedora[1 Jan 10:59:56] done

 

Let me know where I'm wrong ? Thanks you

 

 

 

0 Kudos
12 Replies
PhoneBoy
Admin
Admin

SNX support has to be enabled by your gateway admin.
It may not be (suggested by the output you provided) and you will need to check with them if it is.

kapila
Explorer

you mean, Is it required to set SNX enabling configuration from server side ?  In fact it's not workaround for me because it has more policy root to get approval.   Let me know is there any similar software like windows one?  

0 Kudos
Chris_Atkinson
Employee Employee
Employee

strongSwan client is supported in recent gateway releases.

 

CCSM R77/R80/ELITE
0 Kudos
PhoneBoy
Admin
Admin

Pretty sure explicit setup is required on the server side for this as well, different from SNX.
Regardless you’ll need to work with your IT staff on this.

0 Kudos
kapila
Explorer

Oh,   Just weird why Linux does not support any option to meet above.   Let me know how about strongswan / L2pt Ipsec VPN ? that also required any specific configuration to be setup in server side  as well?

In addition, is there any commercial tool you recommended ? 

0 Kudos
PhoneBoy
Admin
Admin

All of these options require explicit setup on the server end.
We do not offer an Endpoint Security VPN client for Linux.

0 Kudos
kapila
Explorer

OK, thanks I think you saved my time.  I have to back again windows 🙂

0 Kudos
kapila
Explorer

Thanks looking into that as well.

0 Kudos
kapila
Explorer

Try with strongswan client but it also getting fail 

 

-- Journal begins at Sun 2021-12-26 00:12:15 +0530. --
Jan 04 10:09:19 fedora NetworkManager[753]: <info> [1641271159.8313] vpn-connection[0x556a583f4750,927559a2-d3a9-4e4c-8737-710632fa440c,"VPN 1",0]: Saw the service appear; activating connection
Jan 04 10:09:20 fedora NetworkManager[753]: <info> [1641271160.0061] vpn-connection[0x556a583f4750,927559a2-d3a9-4e4c-8737-710632fa440c,"VPN 1",0]: VPN connection: (ConnectInteractive) reply received
Jan 04 10:09:20 fedora charon-nm[3493]: 04[CFG] received initiate for NetworkManager connection VPN 1
Jan 04 10:09:20 fedora charon-nm[3493]: 04[CFG] using gateway identity '222.165.143.54'
Jan 04 10:09:20 fedora charon-nm[3493]: 04[IKE] initiating IKE_SA VPN 1[2] to 222.165.143.54
Jan 04 10:09:20 fedora charon-nm[3493]: 04[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Jan 04 10:09:20 fedora charon-nm[3493]: 04[NET] sending packet: from 192.168.8.113[35861] to 222.165.143.54[500] (1096 bytes)
Jan 04 10:09:20 fedora NetworkManager[753]: <info> [1641271160.0109] vpn-connection[0x556a583f4750,927559a2-d3a9-4e4c-8737-710632fa440c,"VPN 1",0]: VPN plugin: state changed: starting (3)
Jan 04 10:09:24 fedora charon-nm[3493]: 16[IKE] retransmit 1 of request with message ID 0
Jan 04 10:09:24 fedora charon-nm[3493]: 16[NET] sending packet: from 192.168.8.113[35861] to 222.165.143.54[500] (1096 bytes)
Jan 04 10:09:31 fedora charon-nm[3493]: 03[IKE] retransmit 2 of request with message ID 0
Jan 04 10:09:31 fedora charon-nm[3493]: 03[NET] sending packet: from 192.168.8.113[35861] to 222.165.143.54[500] (1096 bytes)
Jan 04 10:09:44 fedora charon-nm[3493]: 09[IKE] retransmit 3 of request with message ID 0
Jan 04 10:09:44 fedora charon-nm[3493]: 09[NET] sending packet: from 192.168.8.113[35861] to 222.165.143.54[500] (1096 bytes)
Jan 04 10:10:07 fedora charon-nm[3493]: 10[IKE] retransmit 4 of request with message ID 0
Jan 04 10:10:07 fedora charon-nm[3493]: 10[NET] sending packet: from 192.168.8.113[35861] to 222.165.143.54[500] (1096 bytes)
Jan 04 10:10:20 fedora NetworkManager[753]: <warn> [1641271220.0167] vpn-connection[0x556a583f4750,927559a2-d3a9-4e4c-8737-710632fa440c,"VPN 1",0]: VPN connection: connect timeout exceeded.
Jan 04 10:10:20 fedora charon-nm[3493]: Connect timer expired, disconnecting.
Jan 04 10:10:20 fedora charon-nm[3493]: 11[IKE] destroying IKE_SA in state CONNECTING without notification
Jan 04 10:10:20 fedora NetworkManager[753]: <warn> [1641271220.0245] vpn-connection[0x556a583f4750,927559a2-d3a9-4e4c-8737-710632fa440c,"VPN 1",0]: VPN plugin: failed: connect-failed (1)
Jan 04 10:10:20 fedora NetworkManager[753]: <info> [1641271220.0249] vpn-connection[0x556a583f4750,927559a2-d3a9-4e4c-8737-710632fa440c,"VPN 1",0]: VPN plugin: state changed: stopping (5)
Jan 04 10:10:20 fedora NetworkManager[753]: <info> [1641271220.0252] vpn-connection[0x556a583f4750,927559a2-d3a9-4e4c-8737-710632fa440c,"VPN 1",0]: VPN plugin: state changed: stopped (6)

0 Kudos
Chris_Atkinson
Employee Employee
Employee

What versions is the gateway? As indicated above you'll need help from your admins to either perform the necessary setup / upgrades or both prior.

CCSM R77/R80/ELITE
0 Kudos
kapila
Explorer

I have used windows checkpoint with E81.40, it's working 

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Ok please note that version is quite old latest is E86.x

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events