cancel
Showing results for 
Search instead for 
Did you mean: 

Problem in accessing F5 VPN with Linux Fedora 36

vcaselli
Altostratus
Altostratus

I regularly use F5 VPN on Windows in order to connect to a customer network.
Here the steps are:

  1. open Chrome and go the the customer link <site>
  2. a certificate confirmation dialog pops up; confim with Yes
  3. a form with user and password shows up; type the credentials and press Logon button
  4. a form named "Network access" shows up; click on button "VPN DevSecOps"
  5. connection OK!

On Linux Fedora 36 I did the following:

  • from customer site, downloaded and installed
    https://<site>/public/download/linux_f5epi.x86_64.rpm
    https://<site>/public/download/linux_f5vpn.x86_64.rpm
  • on Chrome I imported the .p12 certificate file received by the customer

but when I try to follow the same steps as in Windows, going to (step 1) https://<site> I get the certificate popup, confirm it (step 2), but instead of seeing the username and password fields for the login (step 3), the page keeps saying "Checking for security software..." for quite a while. Then I get the following error "Your session could not be established."

The log file ~/.F5Networks/epi.log shows the content below;

what should I do in order to get to the step 3 properly?
Thank you very much

 

2022-06-25,17:22:48:909, 9922,9922,, 0,,,,   
2022-06-25,17:22:48:909, 9922,9922,, 0,,,,  =====================================
2022-06-25,17:22:48:909, 9922,9922,, 0,,,,  Location: /opt/f5/epi/f5epi
2022-06-25,17:22:48:909, 9922,9922,, 0,,,,  Version: 7183.2020.0108.1
2022-06-25,17:22:48:909, 9922,9922,, 0,,,,  Locale: en_US.UTF-8
2022-06-25,17:22:48:909, 9922,9922,, 0,,,,  Qt version: 5.5.1
2022-06-25,17:22:48:909, 9922,9922,, 0,,,,  =====================================
2022-06-25,17:22:48:909, 9922,9922,, 0,,,,   
2022-06-25,17:22:48:909, 9922,9922,, 48,,,, current log level = 63
2022-06-25,17:22:48:914, 9922,9922,, 48, /Helpers.h, 117, void f5::qt::setupLogs(const string&, const string&), QT - OpenSSL supported: true. Lib in use: OpenSSL 1.0.2p  14 Aug 2018. Build: OpenSSL 1.0.0-fips 29 Mar 2010
2022-06-25,17:22:48:915, 9922,9922,, 48, /Helpers.h, 118, void f5::qt::setupLogs(const string&, const string&), F5 - OpenSSL build version: OpenSSL 1.0.2p  14 Aug 2018
2022-06-25,17:22:48:950, 9922,9922,, 48, /Session.cpp, 108, void f5::qt::Session::ProfileDownload(), Profile download starting, https://externalgw.xyz.it/pre/config.php?version=2.0
2022-06-25,17:22:48:950, 9922,9922,, 48, /HttpNetworkManager.cpp, 205, void f5::qt::HttpNetworkManager::HttpGet(const QUrl&, uint32_t), starting GET request to, https://externalgw.xyz.it/pre/config.php?version=2.0
2022-06-25,17:22:48:950, 9922,9922,, 48, /SessionManager.cpp, 204, bool f5::qt::SessionManager::CreateAndLaunchSessionInternal(const QUrl&), ----Session 0c1af8fc starts----
2022-06-25,17:22:52:444, 9922,9922,, 2, /HttpNetworkManager.cpp, 254, bool f5::qt::HttpNetworkManager::AcceptInvalidServerCert(QNetworkReply*, QString), Invalid cert accepted, ignoring errors
2022-06-25,17:22:52:503, 9922,9922,, 48, /HttpNetworkManager.cpp, 395, void f5::qt::HttpNetworkManager::RequestFinished(), Request finished (err code, HTTP code), 0, 200
2022-06-25,17:22:52:504, 9922,9922,, 48, /FileDownloader.cpp, 19, void f5::qt::FileDownloader::StartDownload(), Starting to download, /public/download/linux_policyserver.tar.ver
2022-06-25,17:22:52:504, 9922,9922,, 48, /HttpNetworkManager.cpp, 205, void f5::qt::HttpNetworkManager::HttpGet(const QUrl&, uint32_t), starting GET request to, https://externalgw.xyz.it/public/download/linux_policyserver.tar.ver
2022-06-25,17:22:52:758, 9922,9922,, 48, /HttpNetworkManager.cpp, 297, bool f5::qt::HttpNetworkManager::OpenTempFile(QNetworkReply*), Saving content to file. Content-Type, application/x-tar
2022-06-25,17:22:52:758, 9922,9922,, 48, /HttpNetworkManager.cpp, 395, void f5::qt::HttpNetworkManager::RequestFinished(), Request finished (err code, HTTP code), 0, 200
2022-06-25,17:22:52:758, 9922,9922,, 48, /AutoUpdater.cpp, 26, virtual void f5::qt::AutoUpdater::FileDownloadSuccess(std::string), File downloaded: , /tmp/launcherDownloaded.TJ9922
2022-06-25,17:22:52:758, 9922,9922,, 0,,,, Starting Policyserver...
2022-06-25,17:22:52:775, 9922,9922,, 48, /UnixAutoUpdater.cpp, 71, bool f5::qt::UnixAutoUpdater<T>::ShouldUpdateComponent(const QString&) [with T = f5::qt::MacPackage], PolicyServer version installed (server, our), 7090.2020.221.1, 7090
.2020.221.1
2022-06-25,17:22:52:775, 9922,9922,, 48, /UnixAutoUpdater.cpp, 93, void f5::qt::UnixAutoUpdater<T>::FileDownloadSuccess(std::string) [with T = f5::qt::MacPackage; std::string = std::basic_string<char>], PolicyServer is up-to-date
2022-06-25,17:22:52:775, 9922,9922,, 48, /UnixAutoUpdater.cpp, 185, bool f5::qt::UnixAutoUpdater<T>::ShouldUpdateSelf() [with T = f5::qt::MacPackage], Version: our,their,min, 7183.2020.108.1, 7183.2020.108.1,  
2022-06-25,17:22:52:775, 9922,9922,, 48, /UnixAutoUpdater.cpp, 188, bool f5::qt::UnixAutoUpdater<T>::ShouldUpdateSelf() [with T = f5::qt::MacPackage], Application is up-to-date
2022-06-25,17:22:52:775, 9922,9922,, 48, /Session.cpp, 63, void f5::qt::Session::AutoUpdateSuccess(), Application is up-to-date
2022-06-25,17:22:52:776, 9922,9922,, 48, /HttpNetworkManager.cpp, 225, void f5::qt::HttpNetworkManager::HttpPost(const QUrl&, const QString&), starting POST request to, https://externalgw.xyz.it/my.policy_host
2022-06-25,17:22:53:019, 9922,9922,, 48, /HttpNetworkManager.cpp, 395, void f5::qt::HttpNetworkManager::RequestFinished(), Request finished (err code, HTTP code), 0, 200
2022-06-25,17:22:53:019, 9922,9922,, 1, /EPChecker.cpp, 286, bool f5::qt::EPChecker::RunCheck(), Unknown inspector ID =,  
2022-06-25,17:22:53:019, 9922,9922,, 48, /SessionManager.cpp, 246, void f5::qt::SessionManager::SessionError(QString), ----Session 0c1af8fc ends----. Error occurred: Stopping EP session, unknown endpoint check requested
2022-06-25,17:22:53:020, 9922,9922,, 48, /SessionManager.cpp, 238, void f5::qt::SessionManager::CheckSessions(), No live sessions, quitting application....

 

6 REPLIES 6

PSilva
Community Manager
Community Manager

No idea if this'll help but it's the Manual Chapter : Clients for Linux -  https://techdocs.f5.com/en-us/edge-client-7-2-1/big-ip-access-policy-manager-edge-client-and-applica...

Has all the commands and error codes if those help? 

ps

Thank you for the manual chapter, but already followed it.
The error I get:

Error occurred: Stopping EP session, unknown endpoint check requested 

is not there.

It seems that in Linux is not running an F5 daemon that should serve the communication from the browser.
In Windows, in fact, even before reaching the page with credentials, a couple of processes with F5 in their name are running. Whereas in Linux if I inspect all processes (ps -ef) I cannot find any or them related with F5 and in fact the browser keeps saying "Checking for security software..." as if waiting for some process to answer.

Any hint on how to manually launch the needed process?
Thank you

AubreyKingF5
Community Manager
Community Manager

Do you have access to the APM instance?  The APM session logs might be useful.

Unfortunately not.
What I see is thisvcaselli_0-1657298896539.png

and after several minutes


vcaselli_1-1657299136446.png

Any ideas about what is not responding?

 

AubreyKingF5
Community Manager
Community Manager

That's helpful, actually. To me, that looks like your concentrator is doing an endpoint check and there's a timeout. APM endpoint inspection could include something like a mandatory Windows Registry Key value. If the administrators have not done an OS check prior to that mandatory value and booted your session out, you would likely be stuck where you are.. or if the OS check only included Windows / Mac and included no fail option. Your best bet is to talk to the people that run the APM. If you need help finding those people, your f5 sales team may know. DM me if you would like me to try to help.

vcaselli
Altostratus
Altostratus

Thank you for you suggestion, but I already tried to contact people that run the APM: they just decided not to support Linux, just Windows and Mac. 

So I installed User-Agent Switcher extension for Chrome and got around the OS check.
In fact I'm visiting the site with
User-Agent string = Mozilla/5.0 (MSIE 10.0; Windows NT 6.1; Trident/5.0)

Now I wonder what other check is acting which is detecting I'm using Linux...
Frankly I wonder why Linux is so mistreated .. I just would like to work for them, but with Linux