cancel
Showing results for 
Search instead for 
Did you mean: 

pulsesvc on 64bit Fedora24 (v82-5#120)

kconroy
Not applicable

pulsesvc on 64bit Fedora24 (v82-5#120)

I'm trying to get Linux VPN working on our Fedora 64bit boxes. I'm a linux sysadmin, not the VPN admin - so this is very much a user-type question. Our VPN admin has created a Linux Users Realm for us, so all I have to do is get it to work.

I've managed to get some semblance of operation by installing a ton of 32 bit libs and copying libpulseui.so to /usr/libs. This means I can fire up the pulseui client and attempt a connection. It just hangs as the host-checker, continually refreshing and getting nowhere. I have a similar experience using Firefox going to our vpn URL.

So now I try the pulsesvc CLI. (Typical Linux user, always feel more comfortable with CLI)

pulsesvc -L 5 -h vpnemea.MYCO.com -u MYNAME -r External Linux Users Realm -U https://vpnemea.MYCO.com

This fails really quickly, with the logs indicating the following errors (see below).

So - in your experience, could this be down to the inability to set up the juniper resolve.conf, or the cert failings on our VPN portal, or.... something else? Like, try a different linux or somesuch

Kind regards

-KC

---->> ERROR LOGS --->>>


sysdeps.error rename /etc/jnpr-nc-resolv.conf => /etc/resolv.conf failed wirh error 2 (sysdeps.cpp:978)
sysdeps.error rename /etc/jnpr-nc-hosts.bak => /etc/hosts failed wirh error 2 (sysdeps.cpp:982)

which is par for the course as far as google searches turn up.

Next errors are a pile of certificate errors, probably due to our companies ropey understanding of CA's and certs.

dsclient.para DSClient::authenticate(): user:MYNAME, password:..., cert:81a4ac1, realm:External Linux Users Realm (dsclient.cpp:306)
DSInet.info IVE host vpnemea.MYCO.com resolved to 88.88.77.222, port 443 (dsinet.cpp:329)
dsssl.warn ssl_init : Failed to load CA certificates (DSSSLSock.cpp:1515)
http_connection.para Starting a timed connect with SSL session 0x99e6448, proxy (null):0, and timeout 30 (http_connection.cpp:236)
http_connection.para Entering state_start_connection (http_connection.cpp:351)
http_connection.para Remote Address: ip=80.77.70.252, port=443, familiy=2 (http_connection.cpp:799)
http_connection.para Remote Server=vpnemea.MYCO.com (http_connection.cpp:801)
http_connection.para Local Address: ip=0.0.0.0, port=0, familiy=2 (http_connection.cpp:806)
http_connection.para Proxy Address: ip=(null), port=0, familiy=0 (http_connection.cpp:811)
http_connection.para Entering state_continue_connection (http_connection.cpp:368)
http_connection.para Entering state_ssl_connect (http_connection.cpp:538)
dsssl.error verify_server_cert_callback : Certificate Verification Failed : error:unable to get local issuer certificate depth:0 errorno:20 (DSSSLSock.cpp:1588)
dsssl.info log_cert_info : Subject : C = US, ST = SOMESTATE, L = SOMEAREA, O = "MYCO, Inc.", CN = *.MYCO.com (DSSSLSock.cpp:1555)
dsssl.error SSL_connect failed. Error 1 (DSSSLSock.cpp:1834)
http_connection.para Returning DSHTTP_ERROR from state_ssl_connect (http_connection.cpp:553)
http_connection.para do_connect error: state 5, err 5 (http_connection.cpp:341)
DSInet.error failed to connect to (vpnemea.MYCO.com) error 1 (dsinet.cpp:412)
dsclient.error unable to open URL: (https://vpnemea.MYCO.com) with error -7 (dsclient.cpp:321)
ncapp.error Failed to authenticate with IVE. Error 2 (pulsesvc.cpp:281)
dsncuiapi.para DsNcUiApi::~DsNcUiApi (dsncuiapi.cpp:83)
1 REPLY 1
zanyterp
Moderator

Re: pulsesvc on 64bit Fedora24 (v82-5#120)

Which version are you using (as it impacts the string used to start)?
Can your VPN admin disable Host Checker to see if it connects successfully without Host Checker? (speaking of which, Host Checker is not supported with the CLI command)