Forum Discussion

Roberto_Fasciol's avatar
Roberto_Fasciol
Icon for Nimbostratus rankNimbostratus
Oct 13, 2017

Linux SSL VPN client error - SSL handshake failed

Hello,

 

We have recently update our SSL VPN infrastructure and after that I haven't been able to create a VPN tunnel from my laptop. I can successfully login to the web interface but when I try to create a tunnel a "Browser is waiting from status from Network Access Application" popup appears and after a short time it goes back to the popup that allows to download the client RPM or DEB.

 

I can see these entries in the ~/.F5Networks/vpn.log when I try (always the same entries):

 

==========================================================================
Kernel version: 1 SMP Debian 4.9.51-1 (2017-09-28)
System: Linux
Release: 4.9.0-4-amd64
Model: x86_64
Node name: robfas-lin
==========================================================================
2017-10-13,10:56:06:040, 19333,19333,, 0,,,,
2017-10-13,10:56:06:040, 19333,19333,, 0,,,,   =====================================
2017-10-13,10:56:06:040, 19333,19333,, 0,,,,   Location: /opt/f5/vpn/f5vpn
2017-10-13,10:56:06:040, 19333,19333,, 0,,,,   Version: 7140.2017.0414.1
2017-10-13,10:56:06:040, 19333,19333,, 0,,,,   Locale: C
2017-10-13,10:56:06:040, 19333,19333,, 0,,,,   Qt version: 5.7.1
2017-10-13,10:56:06:040, 19333,19333,, 0,,,,   =====================================
2017-10-13,10:56:06:040, 19333,19333,, 0,,,,
2017-10-13,10:56:06:040, 19333,19333,, 48,,,, current log level = 63
2017-10-13,10:56:06:042, 19333,19333,, 48, /Helpers.h, 96, void f5::qt::setupLogs(const std::string&, const std::string&), OpenSSL supported: true. Lib in use: OpenSSL 1.0.2l   25 May 2017. Build: OpenSSL 1.0.2k   26 Jan 2017
2017-10-13,10:56:06:085, 19333,19333,, 48, /LinuxService.h, 45, void f5::qt::DBusInterface::Open(QStringList, QMap), D-Bus Open() method called
2017-10-13,10:56:06:097, 19333,19333,, 48, /HttpNetworkManager.cpp, 211, void f5::qt::HttpNetworkManager::HttpGet(const QUrl&, uint32_t), starting GET request to, https://vpn.paf.com/my.report.na
2017-10-13,10:56:06:200, 19333,19333,, 1, /HttpNetworkManager.cpp, 124, void f5::qt::HttpNetworkManager::error(QNetworkReply::NetworkError), Error occured while processing request(code), 6
2017-10-13,10:56:06:200, 19333,19333,, 1, /HttpNetworkManager.cpp, 271, void f5::qt::HttpNetworkManager::Finished(QNetworkReply*), Finished (code, error), 6, SSL handshake failed
2017-10-13,10:56:06:200, 19333,19333,, 48, /HttpNetworkManager.cpp, 420, void f5::qt::HttpNetworkManager::RequestFinished(), Request finished (err code, HTTP code), 6, 0
2017-10-13,10:56:06:200, 19333,19333,, 1, /HttpNetworkManager.cpp, 424, void f5::qt::HttpNetworkManager::RequestFinished(), Error occured (error code, HTTP code), 6, 0
2017-10-13,10:56:06:201, 19333,19333,, 48, /Session.cpp, 87, void f5::qt::Session::ProfileDownload(), Profile download starting, https://vpn.paf.com/pre/config.php?version=2.0
2017-10-13,10:56:06:201, 19333,19333,, 48, /HttpNetworkManager.cpp, 211, void f5::qt::HttpNetworkManager::HttpGet(const QUrl&, uint32_t), starting GET request to, https://vpn.paf.com/pre/config.php?version=2.0
2017-10-13,10:56:06:298, 19333,19333,, 1, /HttpNetworkManager.cpp, 124, void f5::qt::HttpNetworkManager::error(QNetworkReply::NetworkError), Error occured while processing request(code), 6
2017-10-13,10:56:06:298, 19333,19333,, 1, /HttpNetworkManager.cpp, 271, void f5::qt::HttpNetworkManager::Finished(QNetworkReply*), Finished (code, error), 6, SSL handshake failed
2017-10-13,10:56:06:298, 19333,19333,, 48, /HttpNetworkManager.cpp, 420, void f5::qt::HttpNetworkManager::RequestFinished(), Request finished (err code, HTTP code), 6, 0
2017-10-13,10:56:06:298, 19333,19333,, 1, /HttpNetworkManager.cpp, 424, void f5::qt::HttpNetworkManager::RequestFinished(), Error occured (error code, HTTP code), 6, 0
2017-10-13,10:56:06:298, 19333,19333,, 48, /Session.cpp, 59, void f5::qt::Session::ProfileDownloadFailed(QString), Profile download failed, Network error
2017-10-13,10:56:06:298, 19333,19333,, 48, /SessionManager.cpp, 222, void f5::qt::SessionManager::SessionError(QString), ----Session 46112466 ends----. Error occured: Network error
2017-10-13,10:56:06:298, 19333,19333,, 48, /SessionManager.cpp, 214, void f5::qt::SessionManager::CheckSessions(), No live sessions, quitting application....

I'm running on Debian Stretch 64 bit. I tried everything I could think about without success (and at the same time I can login successfully from an Android Tablet). Any tip on what I could try?

 

Could this be related to this bug: ID382396 [Linux CLI] Certificate verification doesn't work for some Linux distributions?

 

Thanks in advance!

 

1 Reply

  • Hello, did you capture traffic with tcpdump ? The error look likes an SSL handshake failed, this could be due to TLS protocol or cipher incompatibilty, certificate verfication process problem etc.. TCPdump and wireshark can help to analyze the error.