Linux/pppd/Connection dropped

Hey,

 

 

Have you checked the client compatibility guide on tech.f5.com? I'm 99% sure that FirePass isn't supported on 64-bit Linux. I just checked now and it says that Fedora 8 running FireFox 2 is support (for 6.0.2) and Fedora 9 running FireFox 3 is supported but nothing about 64-bit. What version of FirePass are you using?

 

 

Cheers,

 

Mal

Thanks for the reply Mal.

 

 

I am not sure what version I am using. Is this it? I found it in logterminal.txt?

 

 

codebase="https://xxxx.xxxxxx.xxx/xxxxx/xxxxxxxx/urxvpn.cabversion=6020,2008,0717,1611")

 

 

 

Yes I had seen the 64 bit limitation but just wanted to cover all other bases.

 

i.e.

 

- Would it work with firefox 32bit?

 

- Is the "Waiting for 127.0.0.1" message because I need to ensure port 44444 is open? I dont have any firewall rule for that port.

 

- What is the "Waiting for 127.0.0.1" message all about?

 

 

After digging around a bit more I found these notes:

 

 

==================================

 

Configuring the starting of applications on Macintosh or Linux clients

 

 

The launch application feature specifies a client application that starts when the client begins a Network Access session. Use this feature when you have remote clients who will routinely use Network Access to connect to an application server like a mail server.

 

 

Note

 

Because starting an application requires operating system-specific parameters, you must configure it for a group that consists of only one type of computer operating system. For example, you might create a group of your remote Linux users called Linux-1.

 

==================================

 

 

Is that last section something I need to heave my Sys Admin setup?

 

 

 

Hey,

 

 

It sure does look like you're using an unsupported version. I'm pretty sure that 64-bit FireFox isn't supported (is there a 64-bit version of FireFox??). Are you using FireFox 2 or 3? I would try 32-bit FireFox 2 on FirePass 6.0.3...for Linux...that looks like your safest bet. I believe the waiting on 127.0.0.1 is because your client isn't binding to the PPP adapter properly (unsupported version).

 

 

Cheers,

 

Mal

 

> It sure does look like you're using an unsupported version.

 

> I'm pretty sure that 64-bit FireFox isn't supported (is there a 64-bit version of FireFox??).

 

> Are you using FireFox 2 or 3?

 

 

/usr/lib64/firefox-2.0.0.17/firefox

 

Says its:

 

/usr/lib64/firefox-2.0.0.17/firefox-bin: ELF 64-bit LSB executable, x86-64

 

 

> I would try 32-bit FireFox 2 on FirePass 6.0.3...for Linux...that looks like your safest bet.

 

 

Using FF32 I get:

 

 

"Status: Queued"

 

in the small "Network Access" screen.

 

 

The "Waiting for 127.0.0.1" is still there but doesnt stop.

 

 

messages says:

 

Oct 21 15:15:13 agander kernel: PPP generic driver version 2.4.2

 

Oct 21 15:15:13 agander pppd[9389]: pppd 2.4.4 started by gander, uid 500

 

Oct 21 15:15:13 agander pppd[9389]: Using interface ppp0

 

Oct 21 15:15:13 agander pppd[9389]: Connect: ppp0 <--> /dev/pts/4

 

Oct 21 15:15:13 agander pppd[9389]: not replacing existing default route via 192.168.0.1

 

Oct 21 15:15:13 agander pppd[9389]: local IP address 10.x.0.224

 

Oct 21 15:15:13 agander pppd[9389]: remote IP address 10.x.0.1

 

Oct 21 15:22:39 agander pppd[9389]: Terminating on signal 15

 

Oct 21 15:22:39 agander pppd[9389]: Connect time 7.5 minutes.

 

Oct 21 15:22:39 agander pppd[9389]: Sent 4 bytes, received 8 bytes.

 

Oct 21 15:22:45 agander pppd[9389]: Connection terminated.

 

Oct 21 15:22:45 agander pppd[9389]: Modem hangup

 

Oct 21 15:22:45 agander pppd[9389]: Exit.

 

 

FF32 reports:

 

 

SIOCADDRT: No such process

 

SIOCDELRT: No such process

 

SIOCADDRT: No such device

 

Unknown host

 

 

>I believe the waiting on 127.0.0.1 is because your client isn't binding to the PPP adapter properly (unsupported version).

 

 

Ok

 

 

Thanks again

 

Giles

Hi Giles,

 

 

Correct me if i'm wrong but you're still trying to do this on a 64-bit Linux kernel correct? If so, can you try it using FireFox 2 on a 32-bit Linux kernel.

 

 

The waiting for 127.0.0.1 generally means waiting for pppd...generally means incompatible version.

 

 

Cheers,

 

Mal

> Correct me if i'm wrong but you're still trying to do this on a 64-bit Linux kernel correct?

 

> If so, can you try it using FireFox 2 on a 32-bit Linux kernel.

 

 

Indeed. Good point.

 

 

I will have to track one down.

 

 

Thanks Mal

I work for the same company and Giles and have tried, unsuccessfully to access via Firepass on Linux.

 

 

After following the instructions and logging on and selecting network access I get a dialog open with the comment "Status: You have successfully connected." however I am unable to access any network resources. The terminal window I start Firefox from displays these messages.

 

 

SIOCADDRT: No such process

 

SIOCDELRT: No such process

 

SIOCADDRT: No such device

 

 

Any ideas what the problem is? I'm on Ubuntu 7 and using 32-bit Linux.

 

 

Jon.

Hey Jon,

 

 

Really? I use Ubuntu 7 (32-bit) with FireFox 2 all the time on my FirePass without issue. In 6.0.3, FirePass added support for split tunnelling on Linux also which is also working fine. All other things aside, can you not simply use your FireFox 2 browser to authenticate to FirePass and start a Network Access connection?

 

 

Cheers,

 

Mal

Mal,

 

 

To your last statement that is exactly what I am doing. I open Firefox 2, go to the Firepass Link I have and successfully login. I select the network access option and I get a pop-up window saying I have successfully connected but I cant' actually connect to anything!

 

 

Jon

Hey Jon,

 

 

You can enable debug on your box and review the logs to see what's going on here:

 

 

1. From the Linux client, disconnect the FirePass Network Access connection, if connected.

 

2. Access the command line.

 

3. Start a root (superuser) session by typing the following command:

 

 

su

 

 

Note: For some Linux distributions, you may need to type the following command to start a root session:

 

 

sudo su

 

4. When prompted, enter the root password.

 

 

Note: If you entered the sudo su command in the previous step, enter your Linux account password instead of the root password.

 

5. Type the following command to create a file named svpn.conf in the /usr/local/lib/F5Networks/SSLVPN/etc/ directory and enable level 2 debugging:

 

 

echo debug=2 > /usr/local/lib/F5Networks/SSLVPN/etc/svpn.conf

 

6. Connect or reconnect the FirePass Network Access connection.

 

 

Debugging information will be written to the following locations:

 

 

/usr/local/lib/F5Networks/SSLVPN/var/log/svpn.dbg

 

/usr/local/lib/F5Networks/SSLVPN/var/log/ppp.dbg

 

 

If you still have no joy i would then remove all the client side components:

 

 

1. Log into the Linux system command line using an account with root privileges, or using the su command.

 

 

Note: For some Linux distributions, you may need to use the sudo su command instead of the su command to start a root session.

 

2. Change directories to the /usr/local/lib/ directory by typing the following command:

 

 

cd /usr/local/lib/

 

3. Remove the main SSL VPN components by typing the following command:

 

 

rm -r F5Networks

 

 

Then log back into the FirePass and allow the client software to re-install.

 

 

Also, does this happen to all Linux uses in your environment? I've seen that if the option "Present the user with a message box after successfully connecting Network Access client" is enabled in the Network Access resource settings Customization tab AND browser is configured to block pop ups, then SSL VPN connections never start.

 

 

Hope this helps. By the way I pulled much of this information from AskF5 (tech.f5.com). Can't recommend this knowledgebase high enough.

 

 

Cheers,

 

Mal