Forum Discussion
CirrusCould not login with a VS on F5
Questions.
The webserver is listening on port 8181, it this HTTPS??
Do you need the stream profile for the Reverse_proxy_irule?
Please post the irule here (you can use the Code Snippet button to make it more readable.
Cheers,
Kees
Cirrus
when HTTP_REQUEST {
STREAM::disable
SSL::disable serverside
interconnectuat.9mobile.com.ng {
log local0. "[HTTP::host] detected. Going to send to Pool interconnectuat.9mobile.com.ng"
SSL::enable serverside
pool interconnectuat.9mobile.com.ng
}
Ok, during the login, are there any error's in /var/log/ltm related to this irule?
- FAJUMO
I tried to get a capure but did not see any hit
1. Create a new decryption irule:
when CLIENTSSL_HANDSHAKE {
log local0. "Client IP: [IP::client_addr] TCP source port: [TCP::remote_port] client"
log local0. "RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]"
log local0.debug "CLIENT_RANDOM [SSL::clientrandom] [SSL::sessionsecret]"
}
when SERVERSSL_HANDSHAKE {
log local0. "Client IP: [IP::client_addr] TCP local port: [TCP::local_port] server"
log local0. "RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]"
log local0.debug "CLIENT_RANDOM [SSL::clientrandom] [SSL::sessionsecret]"
}
2. Add this irule to your VS which is handling the affected traffic.
3. Run tcpdump:
tcpdump -envi 0.0:nnnp -s0 -w /var/tmp/"$HOSTNAME"_"$(date +%d-%m-%y)".pcap host <Your-client-IP>
4. Generate traffic and catch the problem.
5. Stop tcpdump
6. Disable decryption irule
7. Run below commands to create the files with session keys:
sed -e 's/^.*\(RSA Session-ID\)/\1/;tx;d;:x' /var/log/ltm > /shared/tmp/sessionsecrets.pms
grep -h -o 'CLIENT_RANDOM.*' /var/log/ltm > /shared/tmp/sessionsecrets_random.pms
