Hi there.
We are struggling with Pulse Secure client connections via CLI (PulseClient_x86_64).
So far, we have installed Pulse Secure Client for Debian/Ubuntu (16 LTS to be more specific) following the so many guides on the internet. As suggested by the PulseClient_x86_64, we have installed the pfx certificates from a GNOME Desktop session. So far, so good.
We have tried connecting with the VPN server via GUI client and everything went Ok. We have been able to work with the VPN as soon as we have kept the Desktop session on.
Later, we tried connecting the VPN via PulseClient_x86_64 from the CLI. The idea is allowing shell scripts to start and stop the VPN for automating processes that required the VPN to be on. But it has not been possible.
The command:
/usr/local/pulse/PulseClient_x86_64.sh -h vssl.host.domain -u user -p password -r PulseCert -U https://vssl.host.domain/PulseCert -L 0
The log:
pulsesvc[pX.tY] pulseui.info Protocol :direct Credential : (pulseProxy.cpp:60)
pulsesvc[pX.tY] pulsesvc.info Proxy host : NULL (pulsesvc.cpp:256)
pulsesvc[pX.tY] pulsesvc.info Proxy port : 80 (pulsesvc.cpp:257)
pulsesvc[pX.tY] pulsesvc.info Proxy user : NULL (pulsesvc.cpp:258)
pulsesvc[pX.tY] pulsesvc.info Proxy password : NULL (pulsesvc.cpp:259)
pulsesvc[pX.tY] pulseui.info Proxy object is delete (pulseProxy.cpp:28)
pulsesvc[pX.tY] dsclient.para DSClient::authenticate(): user:****, password:..., cert:565554, realm
ulseCert (dsclient.cpp:306)
pulsesvc[pX.tY] DSInet.info IVE host vssl.bcn.cat resolved to 212.XX.XXX.XX, port 443 (dsinet.cpp:329)
pulsesvc[pX.tY] dsssl.warn ssl_init : Failed to load CA certificates (DSSSLSock.cpp:1515)
pulsesvc[pX.tY] http_connection.para Starting a timed connect with SSL session 0x15d5270, proxy (null):0, and timeout 30 (http_connection.cpp:236)
pulsesvc[pX.tY] http_connection.para Entering state_start_connection (http_connection.cpp:351)
pulsesvc[pX.tY] http_connection.para Remote Address: ip=212.XX.XXX.XX, port=443, familiy=2 (http_connection.cpp:799)
pulsesvc[pX.tY] http_connection.para Remote Server=vssl.bcn.cat (http_connection.cpp:801)
pulsesvc[pX.tY] http_connection.para Local Address: ip=0.0.0.0, port=0, familiy=2 (http_connection.cpp:806)
pulsesvc[pX.tY] http_connection.para Proxy Address: ip=(null), port=0, familiy=0 (http_connection.cpp:811)
pulsesvc[pX.tY] http_connection.para Entering state_continue_connection (http_connection.cpp:368)
pulsesvc[pX.tY] http_connection.para Entering state_ssl_connect (http_connection.cpp:538)
pulsesvc[pX.tY] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
pulsesvc[pX.tY] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
pulsesvc[pX.tY] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
pulsesvc[pX.tY] dsssl.para SSL connect ssl=0x1697e50/sd=5 connection using cipher AES128-GCM-SHA256 (DSSSLSock.cpp:1886)
pulsesvc[pX.tY] http_connection.para Returning DSHTTP_COMPLETE from state_ssl_connect (http_connection.cpp:546)
pulsesvc[pX.tY] dsclient.info state: kStateSignin (dsclient.cpp:339)
pulsesvc[pX.tY] dsclient.info --> GET /PulseCert (authenticate.cpp:181)
pulsesvc[pX.tY] http.para content_len = 0 (http_requester.cpp:781)
pulsesvc[pX.tY] dsclient.info <-- 302 /dana-na/auth/url_7/welcome.cgi (authenticate.cpp:213)
pulsesvc[pX.tY] dsclient.info state: kStateWelcome (dsclient.cpp:347)
pulsesvc[pX.tY] dsclient.info --> GET /dana-na/auth/url_7/welcome.cgi (authenticate.cpp:181)
pulsesvc[pX.tY] http_connection.para is_connected failed: state 6 (http_connection.cpp:305)
pulsesvc[pX.tY] http_connection.para Entering state_start_connection (http_connection.cpp:351)
pulsesvc[pX.tY] http_connection.para Remote Address: ip=212.XX.XXX.XX, port=443, familiy=2 (http_connection.cpp:799)
pulsesvc[pX.tY] http_connection.para Remote Server=vssl.bcn.cat (http_connection.cpp:801)
pulsesvc[pX.tY] http_connection.para Local Address: ip=0.0.0.0, port=0, familiy=2 (http_connection.cpp:806)
pulsesvc[pX.tY] http_connection.para Proxy Address: ip=(null), port=0, familiy=0 (http_connection.cpp:811)
pulsesvc[pX.tY] http_connection.para Entering state_continue_connection (http_connection.cpp:368)
pulsesvc[pX.tY] http_connection.para Entering state_ssl_connect (http_connection.cpp:538)
pulsesvc[pX.tY] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
pulsesvc[pX.tY] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
pulsesvc[pX.tY] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
pulsesvc[pX.tY] dsssl.para SSL connect ssl=0x16d5110/sd=5 connection using cipher AES128-GCM-SHA256 (DSSSLSock.cpp:1886)
pulsesvc[pX.tY] http_connection.para Returning DSHTTP_COMPLETE from state_ssl_connect (http_connection.cpp:546)
pulsesvc[pX.tY] DSHttp.debug state_reading_response_body - copying 0 buffered bytes (http_requester.cpp:808)
pulsesvc[pX.tY] DSHttp.debug state_reading_response_body - recv'd 0 bytes data (http_requester.cpp:841)
pulsesvc[pX.tY] DSHttp.debug state_reading_response_body - copying 0 buffered bytes (http_requester.cpp:808)
pulsesvc[pX.tY] DSHttp.debug state_reading_response_body - recv'd 0 bytes data (http_requester.cpp:841)
pulsesvc[pX.tY] DSHttp.debug state_reading_response_body - copying 0 buffered bytes (http_requester.cpp:808)
pulsesvc[pX.tY] DSHttp.debug state_reading_response_body - recv'd 0 bytes data (http_requester.cpp:841)
pulsesvc[pX.tY] DSHttp.debug state_reading_response_body - copying 0 buffered bytes (http_requester.cpp:808)
pulsesvc[pX.tY] DSHttp.debug state_reading_response_body - recv'd 4096 bytes data (http_requester.cpp:841)
pulsesvc[pX.tY] DSHttp.debug state_reading_response_body - copying 4096 buffered bytes (http_requester.cpp:808)
pulsesvc[pX.tY] DSHttp.debug state_reading_response_body - recv'd 0 bytes data (http_requester.cpp:841)
pulsesvc[pX.tY] DSHttp.debug state_reading_response_body - copying 0 buffered bytes (http_requester.cpp:808)
pulsesvc[pX.tY] DSHttp.debug state_reading_response_body - recv'd 1564 bytes data (http_requester.cpp:841)
pulsesvc[pX.tY] DSHttp.debug state_reading_response_body - copying 1564 buffered bytes (http_requester.cpp:808)
pulsesvc[pX.tY] DSHttp.debug state_reading_response_body - recv'd 0 bytes data (http_requester.cpp:841)
pulsesvc[pX.tY] dsclient.info <-- 200 (authenticate.cpp:213)
pulsesvc[pX.tY] dsclient.info state: kStateLogin (dsclient.cpp:379)
pulsesvc[pX.tY] dsclient.info --> POST /dana-na/auth/url_7/login.cgi (authenticate.cpp:181)
pulsesvc[pX.tY] http_connection.para is_connected failed: state 6 (http_connection.cpp:305)
pulsesvc[pX.tY] http_connection.para Entering state_start_connection (http_connection.cpp:351)
pulsesvc[pX.tY] http_connection.para Remote Address: ip=212.XX.XXX.XX, port=443, familiy=2 (http_connection.cpp:799)
pulsesvc[pX.tY] http_connection.para Remote Server=vssl.bcn.cat (http_connection.cpp:801)
pulsesvc[pX.tY] http_connection.para Local Address: ip=0.0.0.0, port=0, familiy=2 (http_connection.cpp:806)
pulsesvc[pX.tY] http_connection.para Proxy Address: ip=(null), port=0, familiy=0 (http_connection.cpp:811)
pulsesvc[pX.tY] http_connection.para Entering state_continue_connection (http_connection.cpp:368)
pulsesvc[pX.tY] http_connection.para Entering state_ssl_connect (http_connection.cpp:538)
pulsesvc[pX.tY] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
pulsesvc[pX.tY] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
pulsesvc[pX.tY] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
pulsesvc[pX.tY] dsssl.para SSL connect ssl=0x16d4a50/sd=5 connection using cipher AES128-GCM-SHA256 (DSSSLSock.cpp:1886)
pulsesvc[pX.tY] http_connection.para Returning DSHTTP_COMPLETE from state_ssl_connect (http_connection.cpp:546)
pulsesvc[pX.tY] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
pulsesvc[pX.tY] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
pulsesvc[pX.tY] dsssl.info verify_server_cert_callback : Certificate verification - Successful (DSSSLSock.cpp:1577)
pulsesvc[pX.tY] DSHttp.debug state_reading_response_body - copying 0 buffered bytes (http_requester.cpp:808)
pulsesvc[pX.tY] DSHttp.debug state_reading_response_body - recv'd 0 bytes data (http_requester.cpp:841)
pulsesvc[pX.tY] dsclient.info <-- 302 /dana-na/auth/url_7/welcome.cgi?p=no-cert (authenticate.cpp:213)
pulsesvc[pX.tY] dsclient.para Auth error: no-cert (authenticate.cpp:19)
pulsesvc[pX.tY] dsclient.error state login failed, error 5 (dsclient.cpp:381)
pulsesvc[pX.tY] ncapp.error Failed to authenticate with IVE. Error 5 (pulsesvc.cpp:284)
pulsesvc[pX.tY] dsncuiapi.para DsNcUiApi::~DsNcUiApi (dsncuiapi.cpp:83)
The most concerning trace (for us) has been
pulsesvc[pX.tY] dsssl.warn ssl_init : Failed to load CA certificates (DSSSLSock.cpp:1515)
We struggled with certificates and the CA Trusted Store. We managed to have installed all the hierarchy of CA certificates in ca-certificates.crt but it didn't work anyways.
What are we doing wrong?
What does mean the following error message?
pulsesvc[pX.tY] ncapp.error Failed to authenticate with IVE. Error 5 (pulsesvc.cpp:284)
Thank you in advance for the support.
