cancel
Showing results for 
Search instead for 
Did you mean: 

PulseSecure command line client disconnect immidiately when run in Docker container

New Contributor

PulseSecure command line client disconnect immidiately when run in Docker container

I'm trying to setup some automated process using docker container with Ubuntu 18.04 and PS command line client. When ran outside of the container, it works fine and connects as expected, hovewer when ran inside docker, it exits after a couple of seconds. Does anyone know what could be the reason here?

 

Thanks.

 

 

20181122124015.895585 pulsesvc[p16.t16] dsncuiapi.para DsNcUiApi:Smiley Very HappysNcUiApi (dsncuiapi.cpp:75)
20181122124015.895642 pulsesvc[p16.t16] pulsesvc.info New pulsesvc log level set to 3 (pulsecommon.cpp:76)
20181122124015.895649 pulsesvc[p16.t16] sysdeps.info restoring DNS settings... (sysdeps.cpp:975)
20181122124015.895693 pulsesvc[p16.t16] sysdeps.error rename /etc/jnpr-nc-resolv.conf => /etc/resolv.conf failed wirh error 2 (sysdeps.cpp:978)
20181122124015.895722 pulsesvc[p16.t16] sysdeps.error rename /etc/jnpr-nc-hosts.bak => /etc/hosts failed wirh error 2 (sysdeps.cpp:982)
20181122124017.305510 pulsesvc[p16.t16] pulsesvc.info Proxy is not provided. Reading from system proxy (pulsesvc.cpp:244)
20181122124017.305981 pulsesvc[p16.t16] pulseui.info libproxy load failed /usr/lib/libproxy.so.1: cannot open shared object file: No such file or directory
 (pulseProxy.cpp:183)
20181122124017.306015 pulsesvc[p16.t16] pulsesvc.info Proxy host : NULL (pulsesvc.cpp:256)
20181122124017.306034 pulsesvc[p16.t16] pulsesvc.info Proxy port : 80 (pulsesvc.cpp:257)
20181122124017.306050 pulsesvc[p16.t16] pulsesvc.info Proxy user : NULL (pulsesvc.cpp:258)
20181122124017.306066 pulsesvc[p16.t16] pulsesvc.info Proxy password : NULL (pulsesvc.cpp:259)
20181122124017.306082 pulsesvc[p16.t16] pulseui.info Proxy object is delete (pulseProxy.cpp:28)
20181122124017.803439 pulsesvc[p16.t16] DSInet.info IVE host <address> resolved to <ip address>, port 443 (dsinet.cpp:329)
20181122124017.804247 pulsesvc[p16.t16] dsssl.warn ssl_init : Failed to load CA certificates (DSSSLSock.cpp:1515)
20181122124017.876823 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124017.877559 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124017.878217 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124017.916421 pulsesvc[p16.t16] dsclient.info state: kStateSignin (dsclient.cpp:339)
20181122124017.916506 pulsesvc[p16.t16] dsclient.info --> GET / (authenticate.cpp:181)
20181122124017.948135 pulsesvc[p16.t16] dsclient.info <-- 302 https://<address>/dana-na/auth/url_91utx5ZDCr99Th4K/welcome.cgi (authenticate.cpp:213)
20181122124017.948217 pulsesvc[p16.t16] dsclient.info state: kStateWelcome (dsclient.cpp:347)
20181122124017.948249 pulsesvc[p16.t16] dsclient.info --> GET /dana-na/auth/url_91utx5ZDCr99Th4K/welcome.cgi (authenticate.cpp:181)
20181122124018.8710 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124018.8893 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124018.9065 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124018.80880 pulsesvc[p16.t16] dsclient.info <-- 200  (authenticate.cpp:213)
20181122124018.80970 pulsesvc[p16.t16] dsclient.info state: kStateLogin (dsclient.cpp:379)
20181122124018.81015 pulsesvc[p16.t16] dsclient.info --> POST /dana-na/auth/url_91utx5ZDCr99Th4K/login.cgi (authenticate.cpp:181)
20181122124018.142767 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124018.143437 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124018.144095 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124019.68872 pulsesvc[p16.t16] dsclient.info <-- 302 https://<address>/dana-na/auth/url_91utx5ZDCr99Th4K/welcome.cgi?p=preauth&id=state_39199dab6d66e28a25b757b695b1372b&signinRealmId=11 (authenticate.cpp:213)
20181122124019.68979 pulsesvc[p16.t16] dsclient.info state: kStatePostAuth (dsclient.cpp:427)
20181122124019.69011 pulsesvc[p16.t16] dsclient.info --> GET /dana-na/auth/url_91utx5ZDCr99Th4K/welcome.cgi?p=preauth&id=state_39199dab6d66e28a25b757b695b1372b&signinRealmId=11 (authenticate.cpp:181)
20181122124019.133876 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124019.134533 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124019.135226 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124019.212034 pulsesvc[p16.t16] dsclient.info <-- 200  (authenticate.cpp:213)
20181122124019.212132 pulsesvc[p16.t16] dsclient.info state: kStatePostCacheCleaner (dsclient.cpp:443)
20181122124019.212161 pulsesvc[p16.t16] dsclient.info --> POST /dana-na/cc/ccupdate.cgi (authenticate.cpp:181)
20181122124019.274046 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124019.274724 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124019.275381 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124019.353210 pulsesvc[p16.t16] dsclient.info <-- 200  (authenticate.cpp:213)
20181122124019.353243 pulsesvc[p16.t16] dsclient.info state: kStatePostHostChecker (dsclient.cpp:435)
20181122124019.353252 pulsesvc[p16.t16] dsclient.info --> GET /dana-na/hc/hcupdate.cgi?policy=get&mode=postauth&signinRealm=<realm> (authenticate.cpp:181)
20181122124019.420061 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124019.420710 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124019.421366 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124019.497000 pulsesvc[p16.t16] dsclient.info <-- 200  (authenticate.cpp:213)
20181122124019.497108 pulsesvc[p16.t16] pulsesvc.info Entering HC sendMessage routine (HostCheckerLinuxTNCC.cpp:138)
20181122124019.497441 pulsesvc[p16.t16] pulsesvc.info Entering packageTncData (HostCheckerLinuxTNCC.cpp:225)
20181122124019.497492 pulsesvc[p16.t16] pulsesvc.info Base64 encoding the tnc payload (HostCheckerLinuxTNCC.cpp:235)
20181122124019.497546 pulsesvc[p16.t16] pulsesvc.info Leaving packageTncData (HostCheckerLinuxTNCC.cpp:251)
20181122124019.497575 pulsesvc[p16.t16] pulsesvc.info sending HC tnc update message to IVE (HostCheckerLinuxTNCC.cpp:336)
20181122124019.563778 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124019.564427 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124019.565083 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124019.638706 pulsesvc[p16.t16] pulsesvc.info extracting Tnc payload (HostCheckerLinuxTNCC.cpp:261)
20181122124019.638799 pulsesvc[p16.t16] pulsesvc.info ConnID: 0 (HostCheckerLinuxTNCC.cpp:272)
20181122124019.638875 pulsesvc[p16.t16] pulsesvc.error No messages to deliver (HostCheckerLinuxTNCC.cpp:379)
20181122124019.638902 pulsesvc[p16.t16] pulsesvc.info HC handshake complete (HostCheckerLinuxTNCC.cpp:122)
20181122124019.638957 pulsesvc[p16.t16] dsclient.info state: kStateLogin (dsclient.cpp:379)
20181122124019.638982 pulsesvc[p16.t16] dsclient.info --> GET /dana-na/auth/url_91utx5ZDCr99Th4K/login.cgi?loginmode=mode_postAuth&postauth=state_39199dab6d66e28a25b757b695b1372b (authenticate.cpp:181)
20181122124019.700461 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124019.701109 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124019.701797 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124019.811302 pulsesvc[p16.t16] dsclient.info <-- 302 https://<address>/dana/home/starter0.cgi?check=yes (authenticate.cpp:213)
20181122124019.811386 pulsesvc[p16.t16] dsclient.info --> GET /dana/home/starter0.cgi?check=yes (authenticate.cpp:181)
20181122124019.844066 pulsesvc[p16.t16] dsclient.info <-- 200  (authenticate.cpp:213)
20181122124019.844150 pulsesvc[p16.t16] authStateLogin.info starter0.cgi has asked for tz_offset parameter (authenticate.cpp:497)
20181122124019.844174 pulsesvc[p16.t16] authStateLogin.info starter0.cgi has asked for clienttime parameter (authenticate.cpp:504)
20181122124019.844211 pulsesvc[p16.t16] dsclient.info --> POST /dana/home/starter0.cgi?check=yes (authenticate.cpp:181)
20181122124019.906888 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124019.907571 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124019.908230 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124019.973716 pulsesvc[p16.t16] dsclient.info <-- 302 /dana/home/starter.cgi (authenticate.cpp:213)
20181122124019.973800 pulsesvc[p16.t16] dsclient.info --> GET /dana/home/starter.cgi (authenticate.cpp:181)
20181122124020.40356 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124020.40570 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124020.40736 pulsesvc[p16.t16] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181122124020.118094 pulsesvc[p16.t16] dsclient.info <-- 200  (authenticate.cpp:213)
20181122124020.118195 pulsesvc[p16.t16] dsclient.info state: kStateAuthenticated (dsclient.cpp:485)
20181122124020.120146 pulsesvc[p16.t16] IpcConn.info listening for IPC connections on port 4242 (ncipc.cpp:93)
20181122124020.120194 pulsesvc[p16.t16] IpcConn.info registering the IPC acceptor (0xDC464E30) IO handler (ncipc.cpp:104)
20181122124020.121260 pulsesvc[p16.t16] IpcConn.info client opening connection to service (ncipc.cpp:360)
20181122124020.121301 pulsesvc[p16.t16] session.info disconnectAll called (session.cpp:1994)
20181122124020.121323 pulsesvc[p16.t16] ipsec.info New tunnel being created (tunnel.cpp:62)
20181122124020.121390 pulsesvc[p16.t16] pulsesvc.info received onOpen (pulsesvc.cpp:701)
20181122124020.121460 pulsesvc[p16.t16] session.info ive_host = <address> (session.cpp:251)
20181122124020.121489 pulsesvc[p16.t16] session.error get nextValue failed, no friendly name (session.cpp:261)
20181122124020.121507 pulsesvc[p16.t16] session.error get nextValue failed, no friendly ID (session.cpp:268)
20181122124020.121524 pulsesvc[p16.t16] session.error get nextValue failed, no Ive Ip (session.cpp:275)
20181122124020.121540 pulsesvc[p16.t16] session.error get nextValue failed, no Host Url (session.cpp:282)
20181122124020.121558 pulsesvc[p16.t16] session.info Will not use a proxy to connect to the IVE (session.cpp:321)
20181122124020.121574 pulsesvc[p16.t16] session.info Network Connect operates in non-FIPS compliant mode (session.cpp:354)
20181122124020.121591 pulsesvc[p16.t16] session.error proxy not found (session.cpp:423)
20181122124020.623409 pulsesvc[p16.t16] session.info IVE host <address> resolved to <ip address> (session.cpp:440)
20181122124020.623526 pulsesvc[p16.t16] rmon.info got system route 0.0.0.0/0.0.0.0 gw 172.17.0.1 metric 0 via 0x00007FDD (routemon.cpp:729)
20181122124020.623537 pulsesvc[p16.t16] rmon.info got system route 172.17.0.0/255.255.0.0 gw 0.0.0.0 metric 0 via 0x00000000 (routemon.cpp:729)
20181122124020.623544 pulsesvc[p16.t16] rmon.info  Collecting latest routes from the system (routemon.cpp:1474)
20181122124020.623582 pulsesvc[p16.t16] rmon.info Found best route via ifc eth0 (routemon.cpp:1843)
20181122124020.623590 pulsesvc[p16.t16] rmon.info best route to <ip address> is 0.0.0.0/0.0.0.0 via 0x00007FDD metric: 0 (routemon.cpp:1495)
20181122124020.623596 pulsesvc[p16.t16] rmon.info Found best route via ifc eth0 (routemon.cpp:1843)
20181122124020.623600 pulsesvc[p16.t16] rmon.info Found best route via ifc eth0 (routemon.cpp:1843)
20181122124020.623604 pulsesvc[p16.t16] rmon.info best route to gateway: 172.17.0.0/255.255.0.0 gw 0.0.0.0 via 0x00000000 metric 0 (routemon.cpp:2010)
20181122124020.623609 pulsesvc[p16.t16] rmon.info attempting to add route to next hop gateway (routemon.cpp:2014)
20181122124020.623614 pulsesvc[p16.t16] rmon.info adding route to 172.17.0.1/255.255.255.255 with gw 0.0.0.0, metric 1, if_id 0 (routemon.cpp:887)
20181122124020.623622 pulsesvc[p16.t16] rmon.error Failed to add route: dest 172.17.0.1 mask 255.255.255.255, gw 0.0.0.0 dev eth0. Error 1, fd = 7 (routemon.cpp:981)
20181122124020.623628 pulsesvc[p16.t16] rmon.error Failed to add a route to the IVE's next hop gateway (routemon.cpp:2041)
20181122124020.623632 pulsesvc[p16.t16] session.error add IVE route failed (session.cpp:466)
20181122124020.623638 pulsesvc[p16.t16] session.info disconnecting from ive <address> with reason 6 (session.cpp:627)
20181122124020.623643 pulsesvc[p16.t16] adapter.info closing tun adapter FFFFFFFF (adapter.cpp:1137)
20181122124020.623648 pulsesvc[p16.t16] dsxp.info isRegistered returned false for 0x5572dc5423c0 -1 (dsio.cpp:992)
20181122124020.623653 pulsesvc[p16.t16] dsxp.info isRegistered returned false for 0x5572dc542ce0 -1 (dsio.cpp:992)
20181122124020.623658 pulsesvc[p16.t16] sysdeps.info restoring DNS settings... (sysdeps.cpp:975)
20181122124020.623664 pulsesvc[p16.t16] sysdeps.error rename /etc/jnpr-nc-resolv.conf => /etc/resolv.conf failed wirh error 2 (sysdeps.cpp:978)
20181122124020.623671 pulsesvc[p16.t16] sysdeps.error rename /etc/jnpr-nc-hosts.bak => /etc/hosts failed wirh error 2 (sysdeps.cpp:982)
20181122124020.623676 pulsesvc[p16.t16] session.info  Session Terminated. Removing ip6tables entries  (session.cpp:665)
20181122124020.623686 pulsesvc[p16.t16] session.info Executing '/sbin/ip6tables -D INPUT -j DROP -m comment --comment nc_client >/dev/null 2>/dev/null'  (syscmd.cpp:445)
20181122124020.623736 pulsesvc[p16.t16] session.error Execute check failed for /sbin/ip6tables - No such file or directory (syscmd.cpp:306)
20181122124020.623743 pulsesvc[p16.t16] session.info /sbin/ip6tables status 0xffffffff (syscmd.cpp:542)
20181122124020.623751 pulsesvc[p16.t16] session.info Executing '/sbin/ip6tables -D OUTPUT -j DROP -m comment --comment nc_client >/dev/null 2>/dev/null'  (syscmd.cpp:445)
20181122124020.623757 pulsesvc[p16.t16] session.error Execute check failed for /sbin/ip6tables - No such file or directory (syscmd.cpp:306)
20181122124020.623761 pulsesvc[p16.t16] session.info /sbin/ip6tables status 0xffffffff (syscmd.cpp:542)
20181122124020.623769 pulsesvc[p16.t16] session.info Executing '/sbin/ip6tables -D FORWARD -j DROP -m comment --comment nc_client >/dev/null 2>/dev/null'  (syscmd.cpp:445)
20181122124020.623775 pulsesvc[p16.t16] session.error Execute check failed for /sbin/ip6tables - No such file or directory (syscmd.cpp:306)
20181122124020.623780 pulsesvc[p16.t16] session.info /sbin/ip6tables status 0xffffffff (syscmd.cpp:542)
20181122124020.623788 pulsesvc[p16.t16] session.info disconnected from ive <address> with reason 6 (session.cpp:711)
20181122124020.623880 pulsesvc[p16.t16] ncui.info received onDisconnect with reason = 6 (pulsesvc.cpp:783)
6 REPLIES
Contributor

Re: PulseSecure command line client disconnect immidiately when run in Docker container

Hi abcdefgh,

 

 

Tried reproing your issue over here. Looks like the issue is with tun module not being present inside the container. I guess the following would possibly resolve the issue (not tried though):

 

  1. Install build-essential, openvpn and makedev in the container
  2. Compile tun.ko as detailed here inside the container
  3. Do a modprobe tun
  4. Try connecting after that

Alternatively starting the container with --network host works over here. Below are the steps followed:

 

 

host # docker run --network host -t -i ubuntu:18.04 /bin/bash
container # apt-get install kmod iproute2 net-tools lsb-release ca-certificates sudo uml-utilities 
container # dpkg -i pulse-version.deb
container # Execute the dependencies installation script
container # /usr/local/pulse/PulseClient_x86_64.sh ...

 

After running the above command, the tun adapter is created on host machine

 

host # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:50:56:bf:7f:60 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.42/24 brd 192.168.0.255 scope global dynamic noprefixroute ens160
       valid_lft 19967sec preferred_lft 19967sec
    inet6 fe80::4cb6:c89f:98a7:a763/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:15:c9:fb:88 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:15ff:fec9:fb88/64 scope link 
       valid_lft forever preferred_lft forever
12: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1400 qdisc fq_codel state UNKNOWN group default qlen 500
    link/none 
    inet 10.96.17.9/32 scope global tun0
       valid_lft forever preferred_lft forever
Contributor

Re: PulseSecure command line client disconnect immidiately when run in Docker container

Sorry for the mis-understanding. Docker does not seem to allow loading modules inside the container. Hence compiling would not work. Tried this option too, but did not work for me

New Contributor

Re: PulseSecure command line client disconnect immidiately when run in Docker container

I tried doing it too but it also didn't work for me. Using with --network host didn't work either.

Although now after doing this modeprobe thing, it gives me slightly different error:

 

<cut the beginning because charecter limit>
20181123140309.605304 pulsesvc[p27.t27] pulsesvc.info Entering HC sendMessage routine (HostCheckerLinuxTNCC.cpp:138)
20181123140309.605615 pulsesvc[p27.t27] pulsesvc.info Entering packageTncData (HostCheckerLinuxTNCC.cpp:225)
20181123140309.605656 pulsesvc[p27.t27] pulsesvc.info Base64 encoding the tnc payload (HostCheckerLinuxTNCC.cpp:235)
20181123140309.605719 pulsesvc[p27.t27] pulsesvc.info Leaving packageTncData (HostCheckerLinuxTNCC.cpp:251)
20181123140309.605744 pulsesvc[p27.t27] pulsesvc.info sending HC tnc update message to IVE (HostCheckerLinuxTNCC.cpp:336)
20181123140309.685883 pulsesvc[p27.t27] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181123140309.686524 pulsesvc[p27.t27] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181123140309.687204 pulsesvc[p27.t27] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181123140309.773373 pulsesvc[p27.t27] pulsesvc.info extracting Tnc payload (HostCheckerLinuxTNCC.cpp:261)
20181123140309.773457 pulsesvc[p27.t27] pulsesvc.info ConnID: 0 (HostCheckerLinuxTNCC.cpp:272)
20181123140309.773532 pulsesvc[p27.t27] pulsesvc.error No messages to deliver (HostCheckerLinuxTNCC.cpp:379)
20181123140309.773555 pulsesvc[p27.t27] pulsesvc.info HC handshake complete (HostCheckerLinuxTNCC.cpp:122)
20181123140309.773635 pulsesvc[p27.t27] dsclient.info state: kStateLogin (dsclient.cpp:379)
20181123140309.773661 pulsesvc[p27.t27] dsclient.info --> GET /dana-na/auth/url_91utx5ZDCr99Th4K/login.cgi?loginmode=mode_postAuth&postauth=state_81bff6f9674d4616352fa4d7c6312254 (authenticate.cpp:181)
20181123140309.849983 pulsesvc[p27.t27] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181123140309.850624 pulsesvc[p27.t27] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181123140309.851301 pulsesvc[p27.t27] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181123140309.973351 pulsesvc[p27.t27] dsclient.info <-- 302 https://<address>/dana/home/starter0.cgi?check=yes (authenticate.cpp:213)
20181123140309.973427 pulsesvc[p27.t27] dsclient.info --> GET /dana/home/starter0.cgi?check=yes (authenticate.cpp:181)
20181123140310.12989 pulsesvc[p27.t27] dsclient.info <-- 200  (authenticate.cpp:213)
20181123140310.13074 pulsesvc[p27.t27] authStateLogin.info starter0.cgi has asked for tz_offset parameter (authenticate.cpp:497)
20181123140310.13095 pulsesvc[p27.t27] authStateLogin.info starter0.cgi has asked for clienttime parameter (authenticate.cpp:504)
20181123140310.13130 pulsesvc[p27.t27] dsclient.info --> POST /dana/home/starter0.cgi?check=yes (authenticate.cpp:181)
20181123140310.87869 pulsesvc[p27.t27] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181123140310.88504 pulsesvc[p27.t27] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181123140310.89152 pulsesvc[p27.t27] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181123140310.170977 pulsesvc[p27.t27] dsclient.info <-- 302 /dana/home/starter.cgi (authenticate.cpp:213)
20181123140310.171062 pulsesvc[p27.t27] dsclient.info --> GET /dana/home/starter.cgi (authenticate.cpp:181)
20181123140310.245864 pulsesvc[p27.t27] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181123140310.246538 pulsesvc[p27.t27] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181123140310.247230 pulsesvc[p27.t27] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181123140310.329853 pulsesvc[p27.t27] dsclient.info <-- 200  (authenticate.cpp:213)
20181123140310.329951 pulsesvc[p27.t27] dsclient.info state: kStateAuthenticated (dsclient.cpp:485)
20181123140310.331791 pulsesvc[p27.t27] IpcConn.info listening for IPC connections on port 4242 (ncipc.cpp:93)
20181123140310.331831 pulsesvc[p27.t27] IpcConn.info registering the IPC acceptor (0x0D302000) IO handler (ncipc.cpp:104)
20181123140310.332763 pulsesvc[p27.t27] IpcConn.info client opening connection to service (ncipc.cpp:360)
20181123140310.332800 pulsesvc[p27.t27] session.info disconnectAll called (session.cpp:1994)
20181123140310.332819 pulsesvc[p27.t27] ipsec.info New tunnel being created (tunnel.cpp:62)
20181123140310.332880 pulsesvc[p27.t27] pulsesvc.info received onOpen (pulsesvc.cpp:701)
20181123140310.332945 pulsesvc[p27.t27] session.info ive_host = <address> (session.cpp:251)
20181123140310.332970 pulsesvc[p27.t27] session.error get nextValue failed, no friendly name (session.cpp:261)
20181123140310.332986 pulsesvc[p27.t27] session.error get nextValue failed, no friendly ID (session.cpp:268)
20181123140310.333000 pulsesvc[p27.t27] session.error get nextValue failed, no Ive Ip (session.cpp:275)
20181123140310.333014 pulsesvc[p27.t27] session.error get nextValue failed, no Host Url (session.cpp:282)
20181123140310.333030 pulsesvc[p27.t27] session.info Will not use a proxy to connect to the IVE (session.cpp:321)
20181123140310.333045 pulsesvc[p27.t27] session.info Network Connect operates in non-FIPS compliant mode (session.cpp:354)
20181123140310.333059 pulsesvc[p27.t27] session.error proxy not found (session.cpp:423)
20181123140310.340062 pulsesvc[p27.t27] session.info IVE host <address> resolved to <ip address> (session.cpp:440)
20181123140310.340331 pulsesvc[p27.t27] rmon.info got system route 0.0.0.0/0.0.0.0 gw 172.17.0.1 metric 0 via 0x00007F94 (routemon.cpp:729)
20181123140310.340369 pulsesvc[p27.t27] rmon.info got system route 172.17.0.0/255.255.0.0 gw 0.0.0.0 metric 0 via 0x00000000 (routemon.cpp:729)
20181123140310.340390 pulsesvc[p27.t27] rmon.info  Collecting latest routes from the system (routemon.cpp:1474)
20181123140310.340487 pulsesvc[p27.t27] rmon.info Found best route via ifc eth0 (routemon.cpp:1843)
20181123140310.340509 pulsesvc[p27.t27] rmon.info best route to <ip address> is 0.0.0.0/0.0.0.0 via 0x00007F94 metric: 0 (routemon.cpp:1495)
20181123140310.340528 pulsesvc[p27.t27] rmon.info Found best route via ifc eth0 (routemon.cpp:1843)
20181123140310.340542 pulsesvc[p27.t27] rmon.info Found best route via ifc eth0 (routemon.cpp:1843)
20181123140310.340556 pulsesvc[p27.t27] rmon.info best route to gateway: 172.17.0.0/255.255.0.0 gw 0.0.0.0 via 0x00000000 metric 0 (routemon.cpp:2010)
20181123140310.340573 pulsesvc[p27.t27] rmon.info attempting to add route to next hop gateway (routemon.cpp:2014)
20181123140310.340588 pulsesvc[p27.t27] rmon.info adding route to 172.17.0.1/255.255.255.255 with gw 0.0.0.0, metric 1, if_id 0 (routemon.cpp:887)
20181123140310.340642 pulsesvc[p27.t27] rmon.info adding server route to the IVE: dest = <ip address>, gw = 172.17.0.1, if_id = 32660, dev = eth0 (routemon.cpp:1573)
20181123140310.340675 pulsesvc[p27.t27] rmon.error Setting Best route 0 10011ac 0 7f94 eth0 (routemon.cpp:1585)
20181123140310.340693 pulsesvc[p27.t27] session.info connecting to ive <address> best route ifid 7f94 (session.cpp:478)
20181123140310.340751 pulsesvc[p27.t27] ncp.error ncpEstablish for IVE <address> with context 0x55c40d3056b8 (ncp.cpp:550)
20181123140310.340932 pulsesvc[p27.t28] main.info Setting DSSSL to use Default ciphers (ncp.cpp:1925)
20181123140310.341403 pulsesvc[p27.t28] dsssl.warn ssl_init : Failed to load CA certificates (DSSSLSock.cpp:1515)
20181123140310.364042 pulsesvc[p27.t28] main.info Setting NCP certificate hash for DSSSL certificate verification (ncp.cpp:1934)
20181123140310.364127 pulsesvc[p27.t28] main.info Using DSSSL to connect to IVE (ncp.cpp:2023)
20181123140310.364150 pulsesvc[p27.t28] connect.info creating a new HTTP connection... (ncp_dsssl.cpp:187)
20181123140310.443453 pulsesvc[p27.t28] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181123140310.444174 pulsesvc[p27.t28] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181123140310.444852 pulsesvc[p27.t28] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181123140310.529707 pulsesvc[p27.t28] connect.info IVE ncp_version = 3 (ncp_dsssl.cpp:467)
20181123140310.530491 pulsesvc[p27.t28] conn.info cleanup 0 (ncp.cpp:1599)
20181123140310.530537 pulsesvc[p27.t28] ncp.error NCP_ESTABLISH_DONE for IVE <address> (ncp.cpp:2064)
20181123140310.530667 pulsesvc[p27.t27] ncphandler.info establish done (ncphandler.cpp:283)
20181123140310.530735 pulsesvc[p27.t27] ncp.info connect to 2afee615e5a6:443 svc 4 (ncp.cpp:935)
20181123140310.530783 pulsesvc[p27.t27] connect.info creating a new HTTP connection... (ncp_dsssl.cpp:187)
20181123140310.605033 pulsesvc[p27.t28] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181123140310.605685 pulsesvc[p27.t28] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181123140310.606350 pulsesvc[p27.t28] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
20181123140310.684655 pulsesvc[p27.t28] connect.info IVE ncp_version = 3 (ncp_dsssl.cpp:467)
20181123140310.745634 pulsesvc[p27.t27] ncphandler.info connect done (ncphandler.cpp:288)
20181123140310.745732 pulsesvc[p27.t27] session.info Connected to ive <address> (session.cpp:542)
20181123140310.746230 pulsesvc[p27.t27] adapter.info opened tun adapter 0000000B (adapter.cpp:562)
20181123140310.746277 pulsesvc[p27.t27] session.info Executing '/sbin/sysctl net.ipv6.conf.tun0.disable_ipv6=1 >/dev/null 2>/dev/null'  (syscmd.cpp:445)
20181123140310.748849 pulsesvc[p27.t27] session.info /sbin/sysctl status 0x100 (syscmd.cpp:542)
20181123140310.748924 pulsesvc[p27.t27] session.error Failed to execute command /sbin/sysctl net.ipv6.conf.tun0.disable_ipv6=1 >/dev/null 2>/dev/null. DSSysCmd::executeAndWait returned 256. (session.cpp:1390)
20181123140310.749025 pulsesvc[p27.t27] ipsec.info received kmp message 301 size 414 (tunnel.cpp:248)
20181123140310.749087 pulsesvc[p27.t27] ProxyConfigManager.info No modification of the proxy settings is required (sysdeps.cpp:384)
20181123140310.749108 pulsesvc[p27.t27] session.info IVE sent DNS server 131.97.140.4 (session.cpp:1790)
20181123140310.749134 pulsesvc[p27.t27] session.info IVE sent DNS server 131.97.143.4 (session.cpp:1790)
20181123140310.749153 pulsesvc[p27.t27] session.info IVE sent DNS suffix volvo.net (session.cpp:1823)
20181123140310.749169 pulsesvc[p27.t27] session.info IVE sent DNS suffix volvo.se (session.cpp:1823)
20181123140310.749183 pulsesvc[p27.t27] session.info Client DNS has priority over IVE DNS (session.cpp:1849)
20181123140310.749510 pulsesvc[p27.t27] sysdeps.error Failed to rename /etc/jnpr-nc-hosts.new to /etc/hosts: Device or resource busy (sysdeps.cpp:1170)
20181123140310.749662 pulsesvc[p27.t27] session.error Error in handling config! (session.cpp:1285)
20181123140310.749683 pulsesvc[p27.t27] session.info disconnecting from ive <address> with reason 4 (session.cpp:627)
20181123140310.749699 pulsesvc[p27.t27] adapter.info closing tun adapter 0000000B (adapter.cpp:1137)
20181123140310.749717 pulsesvc[p27.t27] dsxp.info isRegistered returned false for 0x55c40d3016c0 -1 (dsio.cpp:992)
20181123140310.771200 pulsesvc[p27.t27] dsxp.info isRegistered returned false for 0x55c40d210cb0 -1 (dsio.cpp:992)
20181123140310.771278 pulsesvc[p27.t27] sysdeps.info restoring DNS settings... (sysdeps.cpp:975)
20181123140310.771305 pulsesvc[p27.t27] sysdeps.error rename /etc/jnpr-nc-resolv.conf => /etc/resolv.conf failed wirh error 2 (sysdeps.cpp:978)
20181123140310.771369 pulsesvc[p27.t27] sysdeps.error rename /etc/jnpr-nc-hosts.bak => /etc/hosts failed wirh error 2 (sysdeps.cpp:982)
20181123140310.771390 pulsesvc[p27.t27] session.info  Session Terminated. Removing ip6tables entries  (session.cpp:665)
20181123140310.771432 pulsesvc[p27.t27] session.info Executing '/sbin/ip6tables -D INPUT -j DROP -m comment --comment nc_client >/dev/null 2>/dev/null'  (syscmd.cpp:445)
20181123140310.774364 pulsesvc[p27.t27] session.info /sbin/ip6tables status 0x100 (syscmd.cpp:542)
20181123140310.774433 pulsesvc[p27.t27] session.error Failed to execute command /sbin/ip6tables -D INPUT -j DROP -m comment --comment nc_client >/dev/null 2>/dev/null. DSSysCmd::executeAndWait returned 256. (session.cpp:1406)
20181123140310.774474 pulsesvc[p27.t27] session.info Executing '/sbin/ip6tables -D OUTPUT -j DROP -m comment --comment nc_client >/dev/null 2>/dev/null'  (syscmd.cpp:445)
20181123140310.777318 pulsesvc[p27.t27] session.info /sbin/ip6tables status 0x100 (syscmd.cpp:542)
20181123140310.777386 pulsesvc[p27.t27] session.error Failed to execute command /sbin/ip6tables -D OUTPUT -j DROP -m comment --comment nc_client >/dev/null 2>/dev/null. DSSysCmd::executeAndWait returned 256. (session.cpp:1413)
20181123140310.777426 pulsesvc[p27.t27] session.info Executing '/sbin/ip6tables -D FORWARD -j DROP -m comment --comment nc_client >/dev/null 2>/dev/null'  (syscmd.cpp:445)
20181123140310.780383 pulsesvc[p27.t27] session.info /sbin/ip6tables status 0x100 (syscmd.cpp:542)
20181123140310.780458 pulsesvc[p27.t27] session.error Failed to execute command /sbin/ip6tables -D FORWARD -j DROP -m comment --comment nc_client >/dev/null 2>/dev/null. DSSysCmd::executeAndWait returned 256. (session.cpp:1420)
20181123140310.780538 pulsesvc[p27.t27] ipsec.error handleConfig failed (tunnel.cpp:551)
20181123140310.781327 pulsesvc[p27.t27] ncphandler.info disconnect done - tearing down (ncphandler.cpp:330)
20181123140310.781376 pulsesvc[p27.t27] ncp.error ncpTearDown for IVE <address> (ncp.cpp:624)
20181123140310.781466 pulsesvc[p27.t28] worker.error NCP worker has been requested to stop (ncp_dsssl.cpp:724)
20181123140310.781526 pulsesvc[p27.t28] conn.info cleanup 0 (ncp.cpp:1599)
20181123140310.781561 pulsesvc[p27.t28] conn.info cleanup 0 (ncp.cpp:1599)
20181123140310.781614 pulsesvc[p27.t28] writer.error thread exit (ncp.cpp:2131)
20181123140310.781696 pulsesvc[p27.t27] ncphandler.info teardown done (ncphandler.cpp:354)
20181123140310.784063 pulsesvc[p27.t27] ncp.error ncpCleanup for IVE <address> (ncp.cpp:766)
20181123140310.784166 pulsesvc[p27.t27] session.info disconnected from ive <address> with reason 4 (session.cpp:711)
20181123140310.784532 pulsesvc[p27.t27] ncui.info received onDisconnect with reason = 4 (pulsesvc.cpp:783)
Contributor

Re: PulseSecure command line client disconnect immidiately when run in Docker container

Hi abcdefgh,

 

Can you please try to start the container as root user (admin), and give the option --network host and see if the tunnel is established

 

 

If not, then I guess this is not supported in the client version that you are using. Here, I tried with 9.0 R3, and the tunnel was created with --network host option when starting docker container as root

New Contributor

Re: PulseSecure command line client disconnect immidiately when run in Docker container

I have a

ps-pulse-linux-9.0r2.1-b819-ubuntu-debian-64-bit-installer.deb

but running it with  --privileged --network host doesn't work for me.

 

But I don't want to be running it with --network host anyway because it blocks the system from accessing other websites beside the once that are in the network and that is not desirable since I want it to run on the Jenkins as a part of the automated script.

 

Is there anything you could suggest?

Contributor

Re: PulseSecure command line client disconnect immidiately when run in Docker container

Hi abcdefgh,

 

I am not aware of any other ways of doing it. Lets see if someone else has an idea