BigIP Linux command line client
Hi, Our company is using BigIP, but I use Linux. I found out, while Linux is supported, it requires a rather complicated (and maybe outdated) set of dependencies. I'm not even sure I want to use GUI on my machine (e.g. for testing stuff). My question is whether BigIP has a headless console variant? Alternatively is there a documentation how to get around using openVPN instead or maybe compile BigIP from source? Thanks, Balazs
Linux CLI VPN Client - "Server certificate verification failed."
Hi all, We've recently gone live with our VPN (on v13 HF2) and some of our users have reported their having issues accessing the VPN from their Linux command line. On RHEL/Fedora, the VPN connection doesn't work. On Ubuntu, I can see the errors in the logs but it lets me through anyhow. After installing the package, they run the command to connect to the VPN: f5fpc -s -t https://ourvpn.com When querying how the connection went, I can see: f5fpc -i Connection Status: logon failed Server certificate verification failed. The certificate we're using is a properly signed QuoVadis cert. The ~/.F5Networks/standalone.log shows: 2017-07-24,14:39:27:019, 2839,2849,standalone, 0, /LinuxEventHandler.cpp, 924, , LinuxEventHandler::loadCAStore()- Using default Trusted cert store at=/etc/ssl/certs, for CA cert validation 2017-07-24,14:39:27:019, 2839,2849,standalone, 2, /LinuxEventHandler.cpp, 1052, LinuxEventHandler::verify_context_chain(), Server Cert chain is empty 2017-07-24,14:39:27:021, 2839,2849,standalone, 0, /LinuxEventHandler.cpp, 1063, , LinuxEventHandler::verify_context_chain() - X509_verify_cert(): verification error=2, string=unable to get issuer certificate 2017-07-24,14:39:27:021, 2839,2849,standalone, 48, /LinuxEventHandler.cpp, 68, CLinuxEventHandler::HandleEvent(), exit with, 0 2017-07-24,14:39:27:022, 2839,2849,standalone, 2, /USSLChannel.cpp, 312, USSLChannel::Write, SSL_write failed (result: -1, error: SSL_ERROR_SSL) 2017-07-24,14:39:27:022, 2839,2849,standalone, 1, /UHTTP.cpp, 38, UHTTP::makeRequest(), EXCEPTION - send request error 2017-07-24,14:39:27:022, 2839,2849,standalone, 1, /UHTTP.cpp, 115, , EXCEPTION caught: UHTTP::makeRequest() - EXCEPTION 2017-07-24,14:39:27:022, 2839,2849,standalone, 48, /UFirepass.cpp, 679, UFirepass::doGetRequestWithoutRedirect, server returned HTTP code, return code, 0, -1 2017-07-24,14:39:27:022, 2839,2849,standalone, 1, /UFirepass.cpp, 688, UFirepass::doGetRequestWithoutRedirect, (0x27) EXCEPTION - Channel error, 39 2017-07-24,14:39:27:022, 2839,2849,standalone, 48, /UChannelChain.cpp, 34, UChannelChain::~UChannelChain(), destroying channel 2. Stats (0) - Recv=3283 Send=524 2017-07-24,14:39:27:022, 2839,2849,standalone, 48, /UChannelChain.cpp, 34, UChannelChain::~UChannelChain(), destroying channel 1. Stats (0) - Recv=3283 Send=524 2017-07-24,14:39:27:022, 2839,2849,standalone, 1, /UFirepass.cpp, 782, , EXCEPTION caught: UFirepass::getFirepassToken - EXCEPTION 2017-07-24,14:39:27:022, 2839,2849,standalone, 1, /UFirepass.cpp, 911, UFirepass::DoPrelogon, Failed to obtain logon token: prelogon is not enabled or Firepass server has version below 5.5 2017-07-24,14:39:27:022, 2839,2849,standalone, 48, /UChannelChain.cpp, 55, UChannelChain::BuildChannels(), enter, 0x7: U_ENABLE_SOCKET_CHANNEL U_ENABLE_SSL_CHANNEL U_ENABLE_PROXY_CHANNEL 2017-07-24,14:39:27:022, 2839,2849,standalone, 48,,,, USSLChannel::USSLChannel:RAND_status(1) I've tried uploading the root/intermediate certificates to /etc/ssl/certs but still not luck. The workaround is to use the ignore certificate switch (-x) but I don't really want to do this. f5fpc -s -t https://ourvpn.com/ -x Any ideas?? Thanks, Nick
Linux SSL VPN client error - SSL handshake failed
Hello, We have recently update our SSL VPN infrastructure and after that I haven't been able to create a VPN tunnel from my laptop. I can successfully login to the web interface but when I try to create a tunnel a "Browser is waiting from status from Network Access Application" popup appears and after a short time it goes back to the popup that allows to download the client RPM or DEB. I can see these entries in the ~/.F5Networks/vpn.log when I try (always the same entries): ========================================================================== Kernel version: 1 SMP Debian 4.9.51-1 (2017-09-28) System: Linux Release: 4.9.0-4-amd64 Model: x86_64 Node name: robfas-lin ========================================================================== 2017-10-13,10:56:06:040, 19333,19333,, 0,,,, 2017-10-13,10:56:06:040, 19333,19333,, 0,,,, ===================================== 2017-10-13,10:56:06:040, 19333,19333,, 0,,,, Location: /opt/f5/vpn/f5vpn 2017-10-13,10:56:06:040, 19333,19333,, 0,,,, Version: 7140.2017.0414.1 2017-10-13,10:56:06:040, 19333,19333,, 0,,,, Locale: C 2017-10-13,10:56:06:040, 19333,19333,, 0,,,, Qt version: 5.7.1 2017-10-13,10:56:06:040, 19333,19333,, 0,,,, ===================================== 2017-10-13,10:56:06:040, 19333,19333,, 0,,,, 2017-10-13,10:56:06:040, 19333,19333,, 48,,,, current log level = 63 2017-10-13,10:56:06:042, 19333,19333,, 48, /Helpers.h, 96, void f5::qt::setupLogs(const std::string&, const std::string&), OpenSSL supported: true. Lib in use: OpenSSL 1.0.2l 25 May 2017. Build: OpenSSL 1.0.2k 26 Jan 2017 2017-10-13,10:56:06:085, 19333,19333,, 48, /LinuxService.h, 45, void f5::qt::DBusInterface::Open(QStringList, QMap), D-Bus Open() method called 2017-10-13,10:56:06:097, 19333,19333,, 48, /HttpNetworkManager.cpp, 211, void f5::qt::HttpNetworkManager::HttpGet(const QUrl&, uint32_t), starting GET request to, https://vpn.paf.com/my.report.na 2017-10-13,10:56:06:200, 19333,19333,, 1, /HttpNetworkManager.cpp, 124, void f5::qt::HttpNetworkManager::error(QNetworkReply::NetworkError), Error occured while processing request(code), 6 2017-10-13,10:56:06:200, 19333,19333,, 1, /HttpNetworkManager.cpp, 271, void f5::qt::HttpNetworkManager::Finished(QNetworkReply*), Finished (code, error), 6, SSL handshake failed 2017-10-13,10:56:06:200, 19333,19333,, 48, /HttpNetworkManager.cpp, 420, void f5::qt::HttpNetworkManager::RequestFinished(), Request finished (err code, HTTP code), 6, 0 2017-10-13,10:56:06:200, 19333,19333,, 1, /HttpNetworkManager.cpp, 424, void f5::qt::HttpNetworkManager::RequestFinished(), Error occured (error code, HTTP code), 6, 0 2017-10-13,10:56:06:201, 19333,19333,, 48, /Session.cpp, 87, void f5::qt::Session::ProfileDownload(), Profile download starting, https://vpn.paf.com/pre/config.php?version=2.0 2017-10-13,10:56:06:201, 19333,19333,, 48, /HttpNetworkManager.cpp, 211, void f5::qt::HttpNetworkManager::HttpGet(const QUrl&, uint32_t), starting GET request to, https://vpn.paf.com/pre/config.php?version=2.0 2017-10-13,10:56:06:298, 19333,19333,, 1, /HttpNetworkManager.cpp, 124, void f5::qt::HttpNetworkManager::error(QNetworkReply::NetworkError), Error occured while processing request(code), 6 2017-10-13,10:56:06:298, 19333,19333,, 1, /HttpNetworkManager.cpp, 271, void f5::qt::HttpNetworkManager::Finished(QNetworkReply*), Finished (code, error), 6, SSL handshake failed 2017-10-13,10:56:06:298, 19333,19333,, 48, /HttpNetworkManager.cpp, 420, void f5::qt::HttpNetworkManager::RequestFinished(), Request finished (err code, HTTP code), 6, 0 2017-10-13,10:56:06:298, 19333,19333,, 1, /HttpNetworkManager.cpp, 424, void f5::qt::HttpNetworkManager::RequestFinished(), Error occured (error code, HTTP code), 6, 0 2017-10-13,10:56:06:298, 19333,19333,, 48, /Session.cpp, 59, void f5::qt::Session::ProfileDownloadFailed(QString), Profile download failed, Network error 2017-10-13,10:56:06:298, 19333,19333,, 48, /SessionManager.cpp, 222, void f5::qt::SessionManager::SessionError(QString), ----Session 46112466 ends----. Error occured: Network error 2017-10-13,10:56:06:298, 19333,19333,, 48, /SessionManager.cpp, 214, void f5::qt::SessionManager::CheckSessions(), No live sessions, quitting application.... I'm running on Debian Stretch 64 bit. I tried everything I could think about without success (and at the same time I can login successfully from an Android Tablet). Any tip on what I could try? Could this be related to this bug: ID382396 [Linux CLI] Certificate verification doesn't work for some Linux distributions? Thanks in advance!State lookup fails with "access denied" for firewall policy
I am in the process of setting up Ubuntu Linux (20.04) clients with VPN access using f5epi. Everything works, except for a firewall policy. The client side logs contain: 2021-09-29,12:50:17:954, 19837,19837,, 48, , 221, CreateInspector(), Created new OesisModule: SDK Version = '4.3.1161.0', V3V4 Adapter Version = '4.3.980.0' 2021-09-29,12:50:17:954, 19837,19837,, 48, , 224, CreateInspector(), Created new reference 2021-09-29,12:50:17:954, 19837,19837,, 48, , 74, OesisModule:Run(), policyData=type=fw&collect=2&count=1&check_list_type=required&vendor_id1=97&id1=0&version1=&platform1=2&state1=1 2021-09-29,12:50:17:954, 19837,19837,, 48, , 169, OesisLogInfoPolicy(), server configuration check list ===> Type: fw vendor_id: 97 id: 0 version: platform: 2 state: 1 2021-09-29,12:50:19:043, 19837,19837,, 48, , 86, OesisModule:Run(), testing product: id=97001 2021-09-29,12:50:19:043, 19837,19837,, 48, , 98, OesisModule:Run(), Product didn't match with any product from "server configuration check list"-> 2021-09-29,12:50:19:043, 19837,19837,, 48, , 194, , id=97001 2021-09-29,12:50:19:043, 19837,19837,, 48, , 194, , vendor_id=97 2021-09-29,12:50:19:043, 19837,19837,, 48, , 194, , version=1.8.4 2021-09-29,12:50:19:043, 19837,19837,, 48, , 194, , name=IPTables 2021-09-29,12:50:19:043, 19837,19837,, 48, , 194, , vendor_name=IPTables 2021-09-29,12:50:19:043, 19837,19837,, 48, , 194, , errors=Failed to get 'state'. code: -32 (Access denied) mId: 1 iId: 11 2021-09-29,12:50:19:087, 19837,19837,, 48, , 155, OesisModule:Run(), leave (check failed) I assume the issue is that the iptables state check is trying to do something it is not allowed to do locally. Does anyone recognize this problem or have any information on what OesisModule is trying to access in this case?
Linux SSL VPN client error - GET request timeout/fail
I have a user with a laptop running Linux on a partition who's having trouble connecting to VPN from home (works fine on campus, however). The odd thing is, the first GET request completes and then the second and third appear to time out. The client log showing that is below. Are there any Linux folks here who may have an idea of how to tackle this issue? 2021-08-09,22:07:56:997, 16069,16069,, 0,,,,===================================== 2021-08-09,22:07:56:997, 16069,16069,, 0,,,,Location: /opt/f5/vpn/f5vpn 2021-08-09,22:07:56:997, 16069,16069,, 0,,,,Version: 7185.2021.0108.1 2021-08-09,22:07:56:997, 16069,16069,, 0,,,,Locale: en_US.UTF-8 2021-08-09,22:07:56:997, 16069,16069,, 0,,,,Qt version: 5.5.1 2021-08-09,22:07:56:997, 16069,16069,, 0,,,,===================================== 2021-08-09,22:07:56:997, 16069,16069,, 0,,,, 2021-08-09,22:07:56:997, 16069,16069,, 48,,,, current log level = 63 2021-08-09,22:07:57:006, 16069,16069,, 48, /Helpers.h, 117, void f5::qt::setupLogs(const string&, const string&), QT - OpenSSL supported: true. Lib in use: OpenSSL 1.0.2p14 Aug 2018. Build: OpenSSL 1.0.0-fips 29 Mar 2010 2021-08-09,22:07:57:006, 16069,16069,, 48, /Helpers.h, 118, void f5::qt::setupLogs(const string&, const string&), F5 - OpenSSL build version: OpenSSL 1.0.2p14 Aug 2018 2021-08-09,22:07:57:043, 16069,16069,, 48, /LinuxService.h, 45, void f5::qt::DBusInterface::Open(QStringList, QMap<QString, QVariant>), D-Bus Open() method called 2021-08-09,22:07:57:044, 16069,16069,, 48, /SessionManager.cpp, 198, boost::optional<QString> f5::qt::SessionManager::StartNASession(const QUrl&), otc is non empty, f79db5cb 2021-08-09,22:07:57:047, 16069,16069,, 48, /HttpNetworkManager.cpp, 205, void f5::qt::HttpNetworkManager::HttpGet(const QUrl&, uint32_t), starting GET request to, https://vpn.acme.com/vdesk/get_sessid_for_token.php3 2021-08-09,22:08:00:196, 16069,16069,, 48, /HttpNetworkManager.cpp, 396, void f5::qt::HttpNetworkManager::RequestFinished(), Request finished (err code, HTTP code), 0, 200 2021-08-09,22:08:00:196, 16069,16069,, 48, /SessionManager.cpp, 78, bool f5::qt::retrieveSidFromOtc(const QUrl&, const CString&, CString&), session id(308719ec) for otc(f79db5cb) 2021-08-09,22:08:00:197, 16069,16069,, 48, /SessionManager.cpp, 200, boost::optional<QString> f5::qt::SessionManager::StartNASession(const QUrl&), exchanged session id is, 308719ec 2021-08-09,22:08:00:198, 16069,16069,, 48, /HttpNetworkManager.cpp, 205, void f5::qt::HttpNetworkManager::HttpGet(const QUrl&, uint32_t), starting GET request to, https://vpn.acme.com/my.report.na 2021-08-09,22:08:15:197, 16069,16069,, 1, /HttpNetworkManager.cpp, 158, void f5::qt::HttpNetworkManager::RequestAbort(QNetworkReply*, bool) const, Request (https://vpn.acme.com/my.report.na) is being aborted (timeouted) 2021-08-09,22:08:15:197, 16069,16069,, 1, /HttpNetworkManager.cpp, 120, void f5::qt::HttpNetworkManager::error(QNetworkReply::NetworkError), Error occurred while processing request (5) 2021-08-09,22:08:15:197, 16069,16069,, 1, /HttpNetworkManager.cpp, 263, void f5::qt::HttpNetworkManager::Finished(QNetworkReply*), Finished (code, error), 5, Operation canceled 2021-08-09,22:08:15:197, 16069,16069,, 48, /HttpNetworkManager.cpp, 396, void f5::qt::HttpNetworkManager::RequestFinished(), Request finished (err code, HTTP code), 5, 0 2021-08-09,22:08:15:197, 16069,16069,, 1, /HttpNetworkManager.cpp, 400, void f5::qt::HttpNetworkManager::RequestFinished(), Error occurred (error code, HTTP code), 5, 0 2021-08-09,22:08:15:198, 16069,16069,, 48, /Session.cpp, 108, void f5::qt::Session::ProfileDownload(), Profile download starting, https://vpn.acme.com/pre/config.php?version=2.0 2021-08-09,22:08:15:198, 16069,16069,, 48, /HttpNetworkManager.cpp, 205, void f5::qt::HttpNetworkManager::HttpGet(const QUrl&, uint32_t), starting GET request to, https://vpn.acme.com/pre/config.php?version=2.0 2021-08-09,22:08:15:198, 16069,16069,, 48, /SessionManager.cpp, 268, bool f5::qt::SessionManager::CreateAndLaunchSessionInternal(const QUrl&), ----Session 308719ec starts---- 2021-08-09,22:09:15:198, 16069,16069,, 1, /HttpNetworkManager.cpp, 158, void f5::qt::HttpNetworkManager::RequestAbort(QNetworkReply*, bool) const, Request (https://vpn.acme.com/pre/config.php?version=2.0) is being aborted (timeouted) 2021-08-09,22:09:15:198, 16069,16069,, 1, /HttpNetworkManager.cpp, 120, void f5::qt::HttpNetworkManager::error(QNetworkReply::NetworkError), Error occurred while processing request (5) 2021-08-09,22:09:15:198, 16069,16069,, 1, /HttpNetworkManager.cpp, 263, void f5::qt::HttpNetworkManager::Finished(QNetworkReply*), Finished (code, error), 5, Operation canceled 2021-08-09,22:09:15:198, 16069,16069,, 48, /HttpNetworkManager.cpp, 396, void f5::qt::HttpNetworkManager::RequestFinished(), Request finished (err code, HTTP code), 5, 0 2021-08-09,22:09:15:198, 16069,16069,, 1, /HttpNetworkManager.cpp, 400, void f5::qt::HttpNetworkManager::RequestFinished(), Error occurred (error code, HTTP code), 5, 0 2021-08-09,22:09:15:198, 16069,16069,, 48, /Session.cpp, 80, void f5::qt::Session::ProfileDownloadFailed(QString), Profile download failed, Network error 2021-08-09,22:09:15:198, 16069,16069,, 48, /SessionManager.cpp, 310, void f5::qt::SessionManager::SessionError(QString), ----Session 308719ec ends----. Error occurred: Network error 2021-08-09,22:09:15:198, 16069,16069,, 48, /SessionManager.cpp, 302, void f5::qt::SessionManager::CheckSessions(), No live sessions, quitting application.... Thanks!
Cronjob that checks every 15 min if there is no APM active session, than disable the virt.
Hello there, My goal is to check every 15 minutes if there is no active APM session , if not, disable the virt. i thought i will have a bash script that i can call from crontab with the timing: 0,15,30,45 * * * * /var/tmp/disablevirt and check if there is an active connections with snmpwalk: snmpwalk -Os -c public -v 2c localhost apmPaStatCurrentActiveSessions | grep PROFILENAME if VALUE is equal to 0, run this: tmsh modify ltm virtual virt_NAME disabled else echo "Users are still connected." Thanks for the help.
Recommended linux text books for F5 Administration using TMSH
Hi All, I have little experience with using Linux and would like to build my understanding in using Linux to appreciate using Traffic Management Shell with confidence. I would like to know what recommended Linux Text books that would be required to get a basic to immediate understanding of administration of F5 appliances using TMSH.
