Juniper SSL VPN support

Olda Bartunek olda at cvut.cz
Fri Apr 3 06:18:19 PDT 2015 

David Woodhouse <dwmw2 <at> infradead.org> writes:

> With -v -v do you see traffic in either direction? Is vpnc-script-win 
> actually doing the right thing?
> 
> > Is there a way how to get debug output or I need to touch esp.c?
> 
> I ripped out all that debugging when I declared the sequence number 
> checking to be working. You'll have to add it back.
> 

with -v -v I see a bit more but it doesn't shows any traffic over the 
tunnel:
....
 Got HTTP response: HTTP/1.1 200 OK
 Content-type: application/octet-stream
 Pragma: no-cache
 NCP-Version: 3
 Set-Cookie: DSLastAccess=1428064535; path=/; Secure
 Connection: close
 0000: 16 00 00 04 00 00 00 09 00 6c 6f 63 61 6c 68 6f
 0010: 73 74 bb 01 00 00 00 00
 Read 3 bytes of SSL record
 Read 657 bytes of SSL record
 Got KMP message 301 of size 635
 Unknown TLV group 3 attr 1 len 1: 00
 Unknown TLV group 3 attr 2 len 1: 00
 Received split include route 172.16.0.0/255.255.0.0
 Received split include route 172.17.0.0/255.255.0.0
 Received MTU 1400 from server
 Received DNS server 172.16.10.14
 Unknown TLV group 2 attr 3 len 4: 01 00 00 00
 ESP compression: 0
 ESP encryption: 0x02 (AES-128)
 ESP HMAC: 0x02 (SHA1)
 ESP key lifetime: 1200 seconds
 ESP key lifetime: 0 bytes
 ESP replay protection: 1
 Unknown TLV group 8 attr 11 len 4: 00 00 00 00
 ESP port: 4500
 ESP to SSL fallback: 15 seconds
 Unknown TLV group 8 attr 8 len 4: 00 00 00 3c
 Received internal IP address 192.168.169.11
 Received netmask 255.255.255.255
 Received internal gateway address 10.200.200.200
 ESP SPI (outbound): ff2028bb
 64 bytes of ESP secrets
 0000: 8e 00 00 00 00 00 00 00 01 2f 01 00 00 00 01 00
 0010: 00 00 00 00 00 10 00 06 00 00 00 0a 00 02 00 00
 0020: 00 04 00 00 05 78 00 00 00 00 00 00 01 2e 01 00
 0030: 00 00 01 00 00 00 00 00 00 56 00 07 00 00 00 50
 0040: 00 01 00 00 00 04 81 a6 34 df 00 02 00 00 00 40
 0050: ae 16 29 9f 54 bd 94 76 15 59 fd 97 bb 93 7f e5
 0060: be 63 b2 4a 46 4b ff d4 75 48 22 87 a8 2d 1d ee
 0070: e0 cc 49 2d 86 f6 80 5c 85 91 0c c7 13 af d1 1d
 0080: 42 84 55 0c f9 79 45 13 e2 ec 89 b1 26 a3 25 9f
 Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

Opened tun device Local Area Connection 3
 TAP-Windows driver v9.9 (0)
 Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

VPN Gateway: <IPremoved>
Internal Address: 192.168.169.11
Internal Netmask: 255.255.255.255
Internal Gateway: 192.168.169.12
Interface: "Local Area Connection 3"
MTU: 1400
Configuring "Local Area Connection 3" interface for Legacy IP...
done.
Configuring Legacy IP networks:
Waiting for interface to come up...
Failed to spawn script 'F:\a\a\vpnc-script-win.js' for connect: The 
operation completed successfully.
 Parameters for incoming ESP: SPI 0x225ed42f
 ESP encryption type AES-128-CBC (RFC3602) key 
0x83aba720957bd2a10b4577cf91a0f533
 ESP authentication type HMAC-SHA-1-96 (RFC2404) key 
0x075622223fb68b083f521ab8c
56af1660ad7cf1d
 Parameters for outgoing ESP: SPI 0x06eec4f4
 ESP encryption type AES-128-CBC (RFC3602) key 
0xda0b49074ddc03d81b1ab9a13f727137
 ESP authentication type HMAC-SHA-1-96 (RFC2404) key 
0x682db8d3221c3a49413f0a0a3218060f28906df9
 Send ESP probes
 Connected Local Area Connection 3 as 192.168.169.11, using SSL
 No work to do; sleeping for 60000 ms...
 Received ESP packet of 52 bytes
 Accepting later-than-expected ESP packet with seq 1 (expected 0)
 ESP session established with server
 Received ESP packet of 52 bytes
 Discarding replayed ESP packet with seq 1
 Received ESP packet of 52 bytes
 Accepting expected ESP packet with seq 2
 Received ESP packet of 52 bytes
 Discarding replayed ESP packet with seq 2
 Packet outgoing:
 0000: 21 00 00 00 00 00 00 00 01 2f 01 00 00 00 01 00
 0010: 00 00 00 00 00 0d 00 06 00 00 00 07 00 01 00 00
 0020: 00 01 01
 Sent ESP enable control packet
 No work to do; sleeping for 15000 ms...
 No work to do; sleeping for 15000 ms...
 Route configuration done.
Send ESP probes for DPD
 No work to do; sleeping for 7000 ms...
 Received ESP packet of 52 bytes
 Accepting expected ESP packet with seq 3
 Received ESP packet of 52 bytes
 Discarding replayed ESP packet with seq 3
 Received ESP packet of 52 bytes
 Accepting expected ESP packet with seq 4
 Received ESP packet of 52 bytes
 Discarding replayed ESP packet with seq 4
 No work to do; sleeping for 15000 ms...
 No work to do; sleeping for 15000 ms...
 Send ESP probes for DPD
 No work to do; sleeping for 7000 ms...
 Received ESP packet of 52 bytes
 Accepting expected ESP packet with seq 5
 Received ESP packet of 52 bytes
 Discarding replayed ESP packet with seq 5
 Received ESP packet of 52 bytes
 Accepting expected ESP packet with seq 6
 Received ESP packet of 52 bytes
 Discarding replayed ESP packet with seq 6
 No work to do; sleeping for 15000 ms...
 No work to do; sleeping for 15000 ms...
 Send ESP probes for DPD
 No work to do; sleeping for 7000 ms...
 Received ESP packet of 52 bytes
 Accepting expected ESP packet with seq 7
 Received ESP packet of 52 bytes
 Discarding replayed ESP packet with seq 7
 Received ESP packet of 52 bytes
 Accepting expected ESP packet with seq 8
 Received ESP packet of 52 bytes
 Discarding replayed ESP packet with seq 8
 No work to do; sleeping for 15000 ms...
 No work to do; sleeping for 15000 ms...
 Send ESP probes for DPD
 No work to do; sleeping for 7000 ms...
 Received ESP packet of 52 bytes
 Accepting expected ESP packet with seq 9
 Received ESP packet of 52 bytes
 Discarding replayed ESP packet with seq 9
 Received ESP packet of 52 bytes
 Accepting expected ESP packet with seq 10
 Received ESP packet of 52 bytes
 Discarding replayed ESP packet with seq 10
 No work to do; sleeping for 15000 ms...
 No work to do; sleeping for 15000 ms...
 Send ESP probes for DPD
 No work to do; sleeping for 7000 ms...
 Received ESP packet of 52 bytes
 Accepting expected ESP packet with seq 11
 Received ESP packet of 52 bytes
 Discarding replayed ESP packet with seq 11
 No work to do; sleeping for 15000 ms...
 Received ESP packet of 52 bytes
 Accepting expected ESP packet with seq 12
 Received ESP packet of 52 bytes
 Discarding replayed ESP packet with seq 12
 No work to do; sleeping for 15000 ms...
 No work to do; sleeping for 15000 ms...
 ^C
.....
(while I run ping)
vpnc-script-win.js script seems to works ok. I got right IP, got routes/DNS, 
only difference is netmask while on linux has /32 while on windows /24 but I 
guess is because of windows...
O.

More information about the openconnect-devel mailing list