Forum Discussion

KarimElsayad247's avatar
KarimElsayad247
Icon for Altostratus rankAltostratus
Feb 21, 2023

Problem with connecting using f5 vpn on Ubuntu/Linux; stuck on "Connecting..."

This issue happens only on the machine I'm using, I treid the same account on multiple other machines, on the same network and other networks. The gist of it is that f5vpn gets stuck in the connectin...
application delivery
KarimElsayad247's avatar
KarimElsayad247
Icon for Altostratus rankAltostratus

I can't think of anyway to reproduce it. I probably somehow modified something on my system, because it works on every other device I tried. In fact, it event works inside a docker container running on my system. I just found out this weird thing:

- If I attach the container to host network, f5vpn won't connect

- If I DON'T attach the container to host network, f5vpn WILL connect

So, in the case where it connects from within the container, I again modified the routes table to point the specific ips configured by f5vpn to the container itself, but even though my traffic goes through and I can actually reach those few websites, I still can't receive callbacks from a particular remote server like I can if I connected. 

Does f5vpn/Big IP somehow check if the source ip is something it has registered? I don't have any idea what happens on the provider side.  

I can't think of any solution short of nuking my ubunut and re-installing it. I haven't tried reinstalling dbus, I'm afraid of breaking something else in my system, since it seems like a sensitive service.

As for Qt, I haven't tried reinstalling it yet, but the few errors it prints are identical to those printed in systems where it worked. 

Oh, and apologies, I forgot to mention that I'm running vpn version 7220.2022.0308.1, thought it seems like the most recent version anyway. 

 

Are there any configuration, software versions, firewall rules, etc... you wish to take a look at?

KarimElsayad247's avatar
KarimElsayad247
Icon for Altostratus rankAltostratus
Feb 23, 2023

Oh, and f5vpn brings its own Qt libraries along as it seems. They are stored in /opt/f5/vpn/lib

 

$ ls /opt/f5/vpn/lib
libcrypto.so.1.0.0 libicui18n.so.55 libQt5Core.so.5 libQt5Gui.so.5 libQt5OpenGL.so.5 libQt5Sql.so.5 libQt5WebKitWidgets.so.5 libQt5XcbQpa.so.5
libicudata.so.55 libicuuc.so.55 libQt5DBus.so.5 libQt5Network.so.5 libQt5PrintSupport.so.5 libQt5WebKit.so.5 libQt5Widgets.so.5 libssl.so.1.0.0

 

  • Lucas_Thompson's avatar
    Lucas_Thompson
    Icon for Employee rankEmployee
    Feb 23, 2023

    I wonder if this does have to do with routing, and maybe once the VPN is connected it interrupts the routing table: Can you try to create another VPN resource on the BIG-IP server that is set for split-tunnel but use a different small IP address range, like 10.0.0.0/24 and a lease-pool within that network. Maybe the connection will behave differently on a different routing subnet and/or not a full-routing tunnel.

    • KarimElsayad247's avatar
      KarimElsayad247
      Icon for Altostratus rankAltostratus
      Feb 24, 2023

      Unfortunately the Big IP server is managed by another company, we are only granted access to the vpn to access their resources. f5vpn is started from the browser, and the log in workflow is protected by 2FA. 

      Just as a reminder, my account works on other similar machines on the same netwroks. I just thought about contacting one of their network adminstrators, do you think their server might be refusing to accept my machine? is there such a thing in Big IP, where a server refuses/drops/ignores attempted client connection because of some configuration client side?