SNX:连接已中止

SNX:连接已中止

我的最终目标是从 FTP 服务器下载文件,该服务器位于运行 ubuntu 16.04 的服务器中的 CheckPoint VPN 后面,我只能通过 ssh 访问该服务器。

我按照中描述的步骤操作这个答案, 具体来说:

  1. 安装snx版本 800007075
wget https://starkers.keybase.pub/snx_install_linux30.sh?dl=1 -O snx_install.sh
  1. 安装依赖项:
sudo apt-get install libstdc++5:i386 libx11-6:i386 libpam0g:i386
  1. 跑步
chmod a+rx snx_install.sh
sudo ./snx_install.sh
  1. 创建一个~/.snxrc文件:
server <server_ip>
username <vpn_user>
reauth yes

之后(以及第四步之前),每当我尝试时,snx -s <server_ip> -u <vpn_user>我都会得到:

Check Point's Linux SNX
build 800007075
Please enter your password:

SNX: Connection aborted.

这里的输出sudo ldd /usr/bin/snx是:

    linux-gate.so.1 =>  (0xf7795000)
    libX11.so.6 => /usr/lib/i386-linux-gnu/libX11.so.6 (0xf7639000)
    libpthread.so.0 => /lib/i386-linux-gnu/libpthread.so.0 (0xf761c000)
    libresolv.so.2 => /lib/i386-linux-gnu/libresolv.so.2 (0xf7603000)
    libdl.so.2 => /lib/i386-linux-gnu/libdl.so.2 (0xf75fe000)
    libpam.so.0 => /lib/i386-linux-gnu/libpam.so.0 (0xf75ee000)
    libnsl.so.1 => /lib/i386-linux-gnu/libnsl.so.1 (0xf75d2000)
    libstdc++.so.5 => /usr/lib/i386-linux-gnu/libstdc++.so.5 (0xf7518000)
    libc.so.6 => /lib/i386-linux-gnu/libc.so.6 (0xf7362000)
    libxcb.so.1 => /usr/lib/i386-linux-gnu/libxcb.so.1 (0xf733c000)
    /lib/ld-linux.so.2 (0xf7796000)
    libaudit.so.1 => /lib/i386-linux-gnu/libaudit.so.1 (0xf7314000)
    libm.so.6 => /lib/i386-linux-gnu/libm.so.6 (0xf72be000)
    libgcc_s.so.1 => /lib/i386-linux-gnu/libgcc_s.so.1 (0xf72a1000)
    libXau.so.6 => /usr/lib/i386-linux-gnu/libXau.so.6 (0xf729d000)
    libXdmcp.so.6 => /usr/lib/i386-linux-gnu/libXdmcp.so.6 (0xf7296000)

我错过了什么吗?

调试日志

[19 Sep  6:14:34] snx: starting debug - Thu Sep 19 06:14:34 2019

[19 Sep  6:14:36] browser::browser(): called
[19 Sep  6:14:36] snx_CCC_browser::snx_CCC_browser: called
[19 Sep  6:14:36] snx_browser::auth: entering
[19 Sep  6:14:36] gwinfo:gwinfo: entered!0x9f674e8
[19 Sep  6:14:36] creating the ssl layer
[19 Sep  6:14:36] talkssl::talkssl(): entered with chunk=512, opaque=9f657e0, link_established=80d66a0, link_failure=80d6680, packet_receive=80d6650, verify_gw=80d66c0
[19 Sep  6:14:36] talkssl::set_sslalg:  setting ssl alg to 2
[19 Sep  6:14:36] talkssl:: init_ssl_neg: using 3DES
[19 Sep  6:14:36] ckpSSLctx_New: prefs = 1a
[19 Sep  6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep  6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep  6:14:36] isExist: ProxyEntity didn't initiated yet
[19 Sep  6:14:36] talkssl::start_async: Creating a new connection
[19 Sep  6:14:36] talkssl::start_async: Connecting to gw: 0x84af80b1, port: 443
[19 Sep  6:14:36] fwasync_make_connection: b180af84/443: dowait is -1 sock is 5
[19 Sep  6:14:36] talkssl::start_async: Connection created successfully
[19 Sep  6:14:36] fwasync_conn_params: <c0a80f05,44316> -> <b180af84,443>
[19 Sep  6:14:36] talkssl::client_handler: state: CONN_INIT - entering
[19 Sep  6:14:36] talkssl::client_handler: start ssl negotaition
[19 Sep  6:14:36] talkssl::client_handler: start openSSL negotaition
[19 Sep  6:14:36] ckpSSL_PrepareConnection: verify mode: 0
[19 Sep  6:14:36] My SSL Ciphers:
[19 Sep  6:14:36] Cipher List:
[19 Sep  6:14:36] 0: DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1

[19 Sep  6:14:36] 1: RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1

[19 Sep  6:14:36] 2: RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 

[19 Sep  6:14:36] 3: DES-CBC-SHA             SSLv3 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=SHA1

[19 Sep  6:14:36] talkssl::client_handler: Returning OK!!!
[19 Sep  6:14:36] ckpSSL_NegotiateStep: current state = before/connect initialization
[19 Sep  6:14:36] is_initialized: new process or forked
[19 Sep  6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep  6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep  6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep  6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep  6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep  6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep  6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep  6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep  6:14:36] rand_add_seedfile: Failed to read seed from registry.: Operation not permitted
[19 Sep  6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep  6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep  6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep  6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep  6:14:36] fwrand_write_seed: Failed to read seed from registry.: Operation not permitted
[19 Sep  6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep  6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep  6:14:36] CkpRegDir: Environment variable CPDIR is not set.
[19 Sep  6:14:36] GenerateGlobalEntry: Unable to get registry path
[19 Sep  6:14:36] fwrand_write_seed: Failed to write seed.: Operation not permitted
[19 Sep  6:14:36] ckpSSL_NegotiateStep: should retry.
[19 Sep  6:14:36] ckpSSL_NegotiateStep: current state = SSLv3 read server hello A
[19 Sep  6:14:36] SSL e stack
[19 Sep  6:14:36] 9594:error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version:s3_pkt.c:1033

[19 Sep  6:14:36] ckpSSL_NegotiateStep: Current step failed. Error is: 336151598
[19 Sep  6:14:36] ckpSSL_fwasync_connected: no connections err -3
[19 Sep  6:14:36] fwasync_end_conn: scheduling the end of connection 5
[19 Sep  6:14:36] fwasync_do_end_conn: closing connection 5 (conn=9f6eb68)
[19 Sep  6:14:36] talkssl::end_handler: ending connection 
[19 Sep  6:14:36] snx_browser::Failure: entering with code: 1
[19 Sep  6:14:36] got link down!- exit
[19 Sep  6:14:36] snx: quit.
[19 Sep  6:14:36] snx_CCC_browser::~snx_CCC_browser: called
[19 Sep  6:14:36] browser::~browser: called
[19 Sep  6:14:36] talkssl::~talkssl: delete link
[19 Sep  6:14:36] talkssl::~talkssl: end
[19 Sep  6:14:36] done

答案1

我有同样的问题和相同的错误日志。

将 SNX 客户端升级到构建800010003解决了我的问题(需要检查点帐户,这是免费的)。

答案2

我遇到了同样的问题,发现我错误地应用了端口。同样,这可能不是您遇到的问题,只是想发布我的发现。

首字母:

sudo snx -s <server>:<port> -u

使固定:

sudo snx -s <server> -p <port> -u <user>

相关内容