SNX:接続が中断されました。

SNX:接続が中断されました。

私の最終目標は、SSHを介してのみアクセスできるUbuntu 16.04を実行しているサーバーのCheckPoint VPNの背後にあるFTPサーバーからファイルをダウンロードすることです。

私は次の手順に従いました。この回答、具体的に:

  1. snxバージョン 800007075 のインストール
wget https://starkers.keybase.pub/snx_install_linux30.sh?dl=1 -O snx_install.sh
  1. 依存関係をインストールします。
sudo apt-get install libstdc++5:i386 libx11-6:i386 libpam0g:i386
  1. 走る
chmod a+rx snx_install.sh
sudo ./snx_install.sh
  1. ファイルを生成します~/.snxrc
server <server_ip>
username <vpn_user>
reauth yes

それ以降(そしてステップ4より前)に試みるたびに、次のような結果がsnx -s <server_ip> -u <vpn_user>得られます。

Check Point's Linux SNX
build 800007075
Please enter your password:

SNX: Connection aborted.

ここでの出力はsudo ldd /usr/bin/snx次のとおりです。

    linux-gate.so.1 =>  (0xf7795000)
    libX11.so.6 => /usr/lib/i386-linux-gnu/libX11.so.6 (0xf7639000)
    libpthread.so.0 => /lib/i386-linux-gnu/libpthread.so.0 (0xf761c000)
    libresolv.so.2 => /lib/i386-linux-gnu/libresolv.so.2 (0xf7603000)
    libdl.so.2 => /lib/i386-linux-gnu/libdl.so.2 (0xf75fe000)
    libpam.so.0 => /lib/i386-linux-gnu/libpam.so.0 (0xf75ee000)
    libnsl.so.1 => /lib/i386-linux-gnu/libnsl.so.1 (0xf75d2000)
    libstdc++.so.5 => /usr/lib/i386-linux-gnu/libstdc++.so.5 (0xf7518000)
    libc.so.6 => /lib/i386-linux-gnu/libc.so.6 (0xf7362000)
    libxcb.so.1 => /usr/lib/i386-linux-gnu/libxcb.so.1 (0xf733c000)
    /lib/ld-linux.so.2 (0xf7796000)
    libaudit.so.1 => /lib/i386-linux-gnu/libaudit.so.1 (0xf7314000)
    libm.so.6 => /lib/i386-linux-gnu/libm.so.6 (0xf72be000)
    libgcc_s.so.1 => /lib/i386-linux-gnu/libgcc_s.so.1 (0xf72a1000)
    libXau.so.6 => /usr/lib/i386-linux-gnu/libXau.so.6 (0xf729d000)
    libXdmcp.so.6 => /usr/lib/i386-linux-gnu/libXdmcp.so.6 (0xf7296000)

私は何を逃したことがありませんか?

デバッグログ

[19 Sep  6:14:34] snx: starting debug - Thu Sep 19 06:14:34 2019

[19 Sep  6:14:36] browser::browser(): called
[19 Sep  6:14:36] snx_CCC_browser::snx_CCC_browser: called
[19 Sep  6:14:36] snx_browser::auth: entering
[19 Sep  6:14:36] gwinfo:gwinfo: entered!0x9f674e8
[19 Sep  6:14:36] creating the ssl layer
[19 Sep  6:14:36] talkssl::talkssl(): entered with chunk=512, opaque=9f657e0, link_established=80d66a0, link_failure=80d6680, packet_receive=80d6650, verify_gw=80d66c0
[19 Sep  6:14:36] talkssl::set_sslalg:  setting ssl alg to 2
[19 Sep  6:14:36] talkssl:: init_ssl_neg: using 3DES
[19 Sep  6:14:36] ckpSSLctx_New: prefs = 1a
[19 Sep  6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep  6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep  6:14:36] isExist: ProxyEntity didn't initiated yet
[19 Sep  6:14:36] talkssl::start_async: Creating a new connection
[19 Sep  6:14:36] talkssl::start_async: Connecting to gw: 0x84af80b1, port: 443
[19 Sep  6:14:36] fwasync_make_connection: b180af84/443: dowait is -1 sock is 5
[19 Sep  6:14:36] talkssl::start_async: Connection created successfully
[19 Sep  6:14:36] fwasync_conn_params: <c0a80f05,44316> -> <b180af84,443>
[19 Sep  6:14:36] talkssl::client_handler: state: CONN_INIT - entering
[19 Sep  6:14:36] talkssl::client_handler: start ssl negotaition
[19 Sep  6:14:36] talkssl::client_handler: start openSSL negotaition
[19 Sep  6:14:36] ckpSSL_PrepareConnection: verify mode: 0
[19 Sep  6:14:36] My SSL Ciphers:
[19 Sep  6:14:36] Cipher List:
[19 Sep  6:14:36] 0: DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1

[19 Sep  6:14:36] 1: RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1

[19 Sep  6:14:36] 2: RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 

[19 Sep  6:14:36] 3: DES-CBC-SHA             SSLv3 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=SHA1

[19 Sep  6:14:36] talkssl::client_handler: Returning OK!!!
[19 Sep  6:14:36] ckpSSL_NegotiateStep: current state = before/connect initialization
[19 Sep  6:14:36] is_initialized: new process or forked
[19 Sep  6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep  6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep  6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep  6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep  6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep  6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep  6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep  6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep  6:14:36] rand_add_seedfile: Failed to read seed from registry.: Operation not permitted
[19 Sep  6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep  6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep  6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep  6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep  6:14:36] fwrand_write_seed: Failed to read seed from registry.: Operation not permitted
[19 Sep  6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep  6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep  6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep  6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep  6:14:36] fwrand_write_seed: Failed to write seed.: Operation not permitted
[19 Sep  6:14:36] ckpSSL_NegotiateStep: should retry.
[19 Sep  6:14:36] ckpSSL_NegotiateStep: current state = SSLv3 read server hello A
[19 Sep  6:14:36] SSL e stack
[19 Sep  6:14:36] 9594:error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version:s3_pkt.c:1033

[19 Sep  6:14:36] ckpSSL_NegotiateStep: Current step failed. Error is: 336151598
[19 Sep  6:14:36] ckpSSL_fwasync_connected: no connections err -3
[19 Sep  6:14:36] fwasync_end_conn: scheduling the end of connection 5
[19 Sep  6:14:36] fwasync_do_end_conn: closing connection 5 (conn=9f6eb68)
[19 Sep  6:14:36] talkssl::end_handler: ending connection 
[19 Sep  6:14:36] snx_browser::Failure: entering with code: 1
[19 Sep  6:14:36] got link down!- exit
[19 Sep  6:14:36] snx: quit.
[19 Sep  6:14:36] snx_CCC_browser::~snx_CCC_browser: called
[19 Sep  6:14:36] browser::~browser: called
[19 Sep  6:14:36] talkssl::~talkssl: delete link
[19 Sep  6:14:36] talkssl::~talkssl: end
[19 Sep  6:14:36] done

答え1

同じ問題と同じエラーログがあります。

SNXクライアントを次にアップグレードします。ビルド 800010003私の問題を解決しました(チェックポイントアカウントが必要で無料です)。

答え2

私は同じ問題があり、ポートを誤って適用したことがわかりました。繰り返しますが、これはあなたにとって問題ではないかもしれません。ただ私が見つけた内容を投稿したかっただけです。

頭文字:

sudo snx -s <server>:<port> -u

問題を解決してください:

sudo snx -s <server> -p <port> -u <user>

関連情報