私の最終目標は、SSHを介してのみアクセスできるUbuntu 16.04を実行しているサーバーのCheckPoint VPNの背後にあるFTPサーバーからファイルをダウンロードすることです。
私は次の手順に従いました。この回答、具体的に:
snx
バージョン 800007075 のインストール
wget https://starkers.keybase.pub/snx_install_linux30.sh?dl=1 -O snx_install.sh
- 依存関係をインストールします。
sudo apt-get install libstdc++5:i386 libx11-6:i386 libpam0g:i386
- 走る
chmod a+rx snx_install.sh
sudo ./snx_install.sh
- ファイルを生成します
~/.snxrc
。
server <server_ip>
username <vpn_user>
reauth yes
それ以降(そしてステップ4より前)に試みるたびに、次のような結果がsnx -s <server_ip> -u <vpn_user>
得られます。
Check Point's Linux SNX
build 800007075
Please enter your password:
SNX: Connection aborted.
ここでの出力はsudo ldd /usr/bin/snx
次のとおりです。
linux-gate.so.1 => (0xf7795000)
libX11.so.6 => /usr/lib/i386-linux-gnu/libX11.so.6 (0xf7639000)
libpthread.so.0 => /lib/i386-linux-gnu/libpthread.so.0 (0xf761c000)
libresolv.so.2 => /lib/i386-linux-gnu/libresolv.so.2 (0xf7603000)
libdl.so.2 => /lib/i386-linux-gnu/libdl.so.2 (0xf75fe000)
libpam.so.0 => /lib/i386-linux-gnu/libpam.so.0 (0xf75ee000)
libnsl.so.1 => /lib/i386-linux-gnu/libnsl.so.1 (0xf75d2000)
libstdc++.so.5 => /usr/lib/i386-linux-gnu/libstdc++.so.5 (0xf7518000)
libc.so.6 => /lib/i386-linux-gnu/libc.so.6 (0xf7362000)
libxcb.so.1 => /usr/lib/i386-linux-gnu/libxcb.so.1 (0xf733c000)
/lib/ld-linux.so.2 (0xf7796000)
libaudit.so.1 => /lib/i386-linux-gnu/libaudit.so.1 (0xf7314000)
libm.so.6 => /lib/i386-linux-gnu/libm.so.6 (0xf72be000)
libgcc_s.so.1 => /lib/i386-linux-gnu/libgcc_s.so.1 (0xf72a1000)
libXau.so.6 => /usr/lib/i386-linux-gnu/libXau.so.6 (0xf729d000)
libXdmcp.so.6 => /usr/lib/i386-linux-gnu/libXdmcp.so.6 (0xf7296000)
私は何を逃したことがありませんか?
デバッグログ
[19 Sep 6:14:34] snx: starting debug - Thu Sep 19 06:14:34 2019
[19 Sep 6:14:36] browser::browser(): called
[19 Sep 6:14:36] snx_CCC_browser::snx_CCC_browser: called
[19 Sep 6:14:36] snx_browser::auth: entering
[19 Sep 6:14:36] gwinfo:gwinfo: entered!0x9f674e8
[19 Sep 6:14:36] creating the ssl layer
[19 Sep 6:14:36] talkssl::talkssl(): entered with chunk=512, opaque=9f657e0, link_established=80d66a0, link_failure=80d6680, packet_receive=80d6650, verify_gw=80d66c0
[19 Sep 6:14:36] talkssl::set_sslalg: setting ssl alg to 2
[19 Sep 6:14:36] talkssl:: init_ssl_neg: using 3DES
[19 Sep 6:14:36] ckpSSLctx_New: prefs = 1a
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] isExist: ProxyEntity didn't initiated yet
[19 Sep 6:14:36] talkssl::start_async: Creating a new connection
[19 Sep 6:14:36] talkssl::start_async: Connecting to gw: 0x84af80b1, port: 443
[19 Sep 6:14:36] fwasync_make_connection: b180af84/443: dowait is -1 sock is 5
[19 Sep 6:14:36] talkssl::start_async: Connection created successfully
[19 Sep 6:14:36] fwasync_conn_params: <c0a80f05,44316> -> <b180af84,443>
[19 Sep 6:14:36] talkssl::client_handler: state: CONN_INIT - entering
[19 Sep 6:14:36] talkssl::client_handler: start ssl negotaition
[19 Sep 6:14:36] talkssl::client_handler: start openSSL negotaition
[19 Sep 6:14:36] ckpSSL_PrepareConnection: verify mode: 0
[19 Sep 6:14:36] My SSL Ciphers:
[19 Sep 6:14:36] Cipher List:
[19 Sep 6:14:36] 0: DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
[19 Sep 6:14:36] 1: RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
[19 Sep 6:14:36] 2: RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
[19 Sep 6:14:36] 3: DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
[19 Sep 6:14:36] talkssl::client_handler: Returning OK!!!
[19 Sep 6:14:36] ckpSSL_NegotiateStep: current state = before/connect initialization
[19 Sep 6:14:36] is_initialized: new process or forked
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] rand_add_seedfile: Failed to read seed from registry.: Operation not permitted
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] fwrand_write_seed: Failed to read seed from registry.: Operation not permitted
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] fwrand_write_seed: Failed to write seed.: Operation not permitted
[19 Sep 6:14:36] ckpSSL_NegotiateStep: should retry.
[19 Sep 6:14:36] ckpSSL_NegotiateStep: current state = SSLv3 read server hello A
[19 Sep 6:14:36] SSL e stack
[19 Sep 6:14:36] 9594:error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version:s3_pkt.c:1033
[19 Sep 6:14:36] ckpSSL_NegotiateStep: Current step failed. Error is: 336151598
[19 Sep 6:14:36] ckpSSL_fwasync_connected: no connections err -3
[19 Sep 6:14:36] fwasync_end_conn: scheduling the end of connection 5
[19 Sep 6:14:36] fwasync_do_end_conn: closing connection 5 (conn=9f6eb68)
[19 Sep 6:14:36] talkssl::end_handler: ending connection
[19 Sep 6:14:36] snx_browser::Failure: entering with code: 1
[19 Sep 6:14:36] got link down!- exit
[19 Sep 6:14:36] snx: quit.
[19 Sep 6:14:36] snx_CCC_browser::~snx_CCC_browser: called
[19 Sep 6:14:36] browser::~browser: called
[19 Sep 6:14:36] talkssl::~talkssl: delete link
[19 Sep 6:14:36] talkssl::~talkssl: end
[19 Sep 6:14:36] done
答え1
同じ問題と同じエラーログがあります。
SNXクライアントを次にアップグレードします。ビルド 800010003私の問題を解決しました(チェックポイントアカウントが必要で無料です)。
答え2
私は同じ問題があり、ポートを誤って適用したことがわかりました。繰り返しますが、これはあなたにとって問題ではないかもしれません。ただ私が見つけた内容を投稿したかっただけです。
頭文字:
sudo snx -s <server>:<port> -u
問題を解決してください:
sudo snx -s <server> -p <port> -u <user>