我的最终目标是从 FTP 服务器下载文件,该服务器位于运行 ubuntu 16.04 的服务器中的 CheckPoint VPN 后面,我只能通过 ssh 访问该服务器。
我按照中描述的步骤操作这个答案, 具体来说:
- 安装
snx
版本 800007075
wget https://starkers.keybase.pub/snx_install_linux30.sh?dl=1 -O snx_install.sh
- 安装依赖项:
sudo apt-get install libstdc++5:i386 libx11-6:i386 libpam0g:i386
- 跑步
chmod a+rx snx_install.sh
sudo ./snx_install.sh
- 创建一个
~/.snxrc
文件:
server <server_ip>
username <vpn_user>
reauth yes
之后(以及第四步之前),每当我尝试时,snx -s <server_ip> -u <vpn_user>
我都会得到:
Check Point's Linux SNX
build 800007075
Please enter your password:
SNX: Connection aborted.
这里的输出sudo ldd /usr/bin/snx
是:
linux-gate.so.1 => (0xf7795000)
libX11.so.6 => /usr/lib/i386-linux-gnu/libX11.so.6 (0xf7639000)
libpthread.so.0 => /lib/i386-linux-gnu/libpthread.so.0 (0xf761c000)
libresolv.so.2 => /lib/i386-linux-gnu/libresolv.so.2 (0xf7603000)
libdl.so.2 => /lib/i386-linux-gnu/libdl.so.2 (0xf75fe000)
libpam.so.0 => /lib/i386-linux-gnu/libpam.so.0 (0xf75ee000)
libnsl.so.1 => /lib/i386-linux-gnu/libnsl.so.1 (0xf75d2000)
libstdc++.so.5 => /usr/lib/i386-linux-gnu/libstdc++.so.5 (0xf7518000)
libc.so.6 => /lib/i386-linux-gnu/libc.so.6 (0xf7362000)
libxcb.so.1 => /usr/lib/i386-linux-gnu/libxcb.so.1 (0xf733c000)
/lib/ld-linux.so.2 (0xf7796000)
libaudit.so.1 => /lib/i386-linux-gnu/libaudit.so.1 (0xf7314000)
libm.so.6 => /lib/i386-linux-gnu/libm.so.6 (0xf72be000)
libgcc_s.so.1 => /lib/i386-linux-gnu/libgcc_s.so.1 (0xf72a1000)
libXau.so.6 => /usr/lib/i386-linux-gnu/libXau.so.6 (0xf729d000)
libXdmcp.so.6 => /usr/lib/i386-linux-gnu/libXdmcp.so.6 (0xf7296000)
我错过了什么吗?
调试日志
[19 Sep 6:14:34] snx: starting debug - Thu Sep 19 06:14:34 2019
[19 Sep 6:14:36] browser::browser(): called
[19 Sep 6:14:36] snx_CCC_browser::snx_CCC_browser: called
[19 Sep 6:14:36] snx_browser::auth: entering
[19 Sep 6:14:36] gwinfo:gwinfo: entered!0x9f674e8
[19 Sep 6:14:36] creating the ssl layer
[19 Sep 6:14:36] talkssl::talkssl(): entered with chunk=512, opaque=9f657e0, link_established=80d66a0, link_failure=80d6680, packet_receive=80d6650, verify_gw=80d66c0
[19 Sep 6:14:36] talkssl::set_sslalg: setting ssl alg to 2
[19 Sep 6:14:36] talkssl:: init_ssl_neg: using 3DES
[19 Sep 6:14:36] ckpSSLctx_New: prefs = 1a
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] isExist: ProxyEntity didn't initiated yet
[19 Sep 6:14:36] talkssl::start_async: Creating a new connection
[19 Sep 6:14:36] talkssl::start_async: Connecting to gw: 0x84af80b1, port: 443
[19 Sep 6:14:36] fwasync_make_connection: b180af84/443: dowait is -1 sock is 5
[19 Sep 6:14:36] talkssl::start_async: Connection created successfully
[19 Sep 6:14:36] fwasync_conn_params: <c0a80f05,44316> -> <b180af84,443>
[19 Sep 6:14:36] talkssl::client_handler: state: CONN_INIT - entering
[19 Sep 6:14:36] talkssl::client_handler: start ssl negotaition
[19 Sep 6:14:36] talkssl::client_handler: start openSSL negotaition
[19 Sep 6:14:36] ckpSSL_PrepareConnection: verify mode: 0
[19 Sep 6:14:36] My SSL Ciphers:
[19 Sep 6:14:36] Cipher List:
[19 Sep 6:14:36] 0: DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
[19 Sep 6:14:36] 1: RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
[19 Sep 6:14:36] 2: RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
[19 Sep 6:14:36] 3: DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
[19 Sep 6:14:36] talkssl::client_handler: Returning OK!!!
[19 Sep 6:14:36] ckpSSL_NegotiateStep: current state = before/connect initialization
[19 Sep 6:14:36] is_initialized: new process or forked
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] rand_add_seedfile: Failed to read seed from registry.: Operation not permitted
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] fwrand_write_seed: Failed to read seed from registry.: Operation not permitted
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep 6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep 6:14:36] fwrand_write_seed: Failed to write seed.: Operation not permitted
[19 Sep 6:14:36] ckpSSL_NegotiateStep: should retry.
[19 Sep 6:14:36] ckpSSL_NegotiateStep: current state = SSLv3 read server hello A
[19 Sep 6:14:36] SSL e stack
[19 Sep 6:14:36] 9594:error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version:s3_pkt.c:1033
[19 Sep 6:14:36] ckpSSL_NegotiateStep: Current step failed. Error is: 336151598
[19 Sep 6:14:36] ckpSSL_fwasync_connected: no connections err -3
[19 Sep 6:14:36] fwasync_end_conn: scheduling the end of connection 5
[19 Sep 6:14:36] fwasync_do_end_conn: closing connection 5 (conn=9f6eb68)
[19 Sep 6:14:36] talkssl::end_handler: ending connection
[19 Sep 6:14:36] snx_browser::Failure: entering with code: 1
[19 Sep 6:14:36] got link down!- exit
[19 Sep 6:14:36] snx: quit.
[19 Sep 6:14:36] snx_CCC_browser::~snx_CCC_browser: called
[19 Sep 6:14:36] browser::~browser: called
[19 Sep 6:14:36] talkssl::~talkssl: delete link
[19 Sep 6:14:36] talkssl::~talkssl: end
[19 Sep 6:14:36] done
答案1
我有同样的问题和相同的错误日志。
将 SNX 客户端升级到构建800010003解决了我的问题(需要检查点帐户,这是免费的)。
答案2
我遇到了同样的问题,发现我错误地应用了端口。同样,这可能不是您遇到的问题,只是想发布我的发现。
首字母:
sudo snx -s <server>:<port> -u
使固定:
sudo snx -s <server> -p <port> -u <user>