Package Details: f5vpn 7190.2020.0221.1-3

Git Clone URL: https://aur.archlinux.org/f5vpn.git (read-only, click to copy)
Package Base: f5vpn
Description: VPN client using the Point-to-Point Protocol to connect to F5Networks BIG-IP APM 13.0
Upstream URL: https://support.f5.com/csp/article/K32311645#link_04_05
Licenses: Commercial
Submitter: zrhoffman
Maintainer: zrhoffman
Last Packager: zrhoffman
Votes: 3
Popularity: 0.79
First Submitted: 2019-12-27 08:37
Last Updated: 2020-05-08 19:55

Latest Comments

morodan commented on 2020-03-25 13:46

YOU ROCK! I was able to connect to my employer's VPN, following the instructions on your github project site f5vpn-arch. Thx!

eggz commented on 2020-03-16 20:36

Thanks so far!! You have my vote.

zrhoffman commented on 2020-03-16 18:37

Since the issue you are facing is not related to the packaging of f5vpn, discussion related to it is better-suited for the Arch Linux forums or IRC.

eggz commented on 2020-03-16 17:58

I think I understand the concept, but none of the methods I read so far really describe applying a passphrase-protected pk12 client cert 'kit' with privatekey to the entire system.

They only thing I have been able to do is apply the CA systemwide, and break the PKCS into pem pieces.

Applying a specific user/client PKCS "kit" systemwide remains a mystery to me.

Ill keep searching.

zrhoffman commented on 2020-03-16 16:51

That CA cert and user cert should be added system-wide. You shouldn't have to specify them with curl. https://wiki.archlinux.org/index.php/Transport_Layer_Security

eggz commented on 2020-03-16 14:18

Hello,

Yeah i just recently found the log folder. :-)

I think it is because we use a PKCS#12 certificate per user. I manually imported this into my browser to acces the webpage, but I have no idea how to tackle this for your application

Here are the logs that confirm it:

2020-03-16,14:38:20:725, 26853,26853,, 48, /HttpNetworkManager.cpp, 205, void f5::qt::HttpNetworkManager::HttpGet(const QUrl&, uint32_t), starting GET request to, https://CLASSIFIED:6155/pre/config.php?version=2.0
2020-03-16,14:38:20:725, 26853,26853,, 48, /SessionManager.cpp, 204, bool f5::qt::SessionManager::CreateAndLaunchSessionInternal(const QUrl&), ----Session dfb50d2e starts----
2020-03-16,14:38:20:760, 26853,26853,, 1, /HttpNetworkManager.cpp, 120, void f5::qt::HttpNetworkManager::error(QNetworkReply::NetworkError), Error occurred while processing request (6)
2020-03-16,14:38:20:761, 26853,26853,, 1, /HttpNetworkManager.cpp, 263, void f5::qt::HttpNetworkManager::Finished(QNetworkReply*), Finished (code, error), 6, SSL handshake failed

Now, If I use my ps12 certstuff manually;

curl -v -k --key rasdist007key.pem --cacert rasdist007ca.pem --cert rasdist007client.pem https://CLASSIFIED:6155/pre/config.php?version
*   Trying CLASSIFIED:6155...
* Connected to CLASSIFIED port 6155 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
Enter PEM pass phrase:
* successfully set certificate verify locations:
*   CAfile: rasdist007ca.pem
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS handshake, CERT verify (15):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject:CLASSIFIED
*  start date: Apr 15 00:00:00 2019 GMT
*  expire date: Apr 19 12:00:00 2021 GMT
*  issuer: CLASSIFIED
*  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
> GET /pre/config.php?version HTTP/1.1
> Host: CLASSIFIED:6155
> User-Agent: curl/7.69.1
> Accept: */*
> 
* Mark bundle as not supporting multiuse
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Connection: Close
< Content-length: 429
< 
<?xml version="1.0" encoding="utf-8"?>
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, close notify (256):
<PROFILE VERSION="2.0"><SERVER....

Dont mind the CLASSIFIED, its to hide the sensitive information of our servers. But that curl works. I can see my profile.

My SSL knowledge/experience is too low how to make your tool use my personal certificate. I think this is the problem. What do you think?

zrhoffman commented on 2020-03-16 13:46

You might get some info on what is failing from the logs inside ~/.F5Networks/.

One possibility is that the RPM version the AUR package uses is too old or too new for your server. You could try rebuilding the package using an RPM downloaded directly from https://[server]/public/download/linux_f5vpn.x86_64.rpm.

eggz commented on 2020-03-16 12:32

Update: followed your instructions on https://github.com/zrhoffman/f5vpn-arch/.

I did get a valid f5-vpn:// url, after making the browser import all the needed certificates. I gave it to the f5vpn as instructed, got a trust popup, but then it showed nothing and it appears to stop.

Ill keep searching.

eggz commented on 2020-03-16 11:57

Im opening f5vpn and nothing happens, I can't even seem to trace the problem. I can see it running for a while and then it just gives up.

Any idea what Im missing here? I'd love to see this program work!