Package Details: f5vpn 7214.2021.0915.1-1

Git Clone URL: https://aur.archlinux.org/f5vpn.git (read-only, click to copy)
Package Base: f5vpn
Description: VPN client using the Point-to-Point Protocol to connect to F5Networks BIG-IP APM 16.0
Upstream URL: https://support.f5.com/csp/article/K32311645#link_04_05
Licenses: Commercial
Conflicts: f5fpc<7213.2021.0526.1-2
Provides: f5vpn
Submitter: zrhoffman
Maintainer: zrhoffman
Last Packager: zrhoffman
Votes: 8
Popularity: 1.21
First Submitted: 2019-12-27 08:37
Last Updated: 2021-11-08 09:51

Latest Comments

« First ‹ Previous 1 2 3 4 Next › Last »

ImPatient commented on 2020-08-19 04:30

<3 <3 My Uni just switched to this. You've saved me the pain of my dusty old windows installation; much love

zrhoffman commented on 2020-07-31 15:24

Updated to use a different mirror, current sums work again.

KenMacD commented on 2020-07-31 14:00

The version upstream and on your link has been downgraded to 7183. Please update with the new sums: 5ce1e05a353e5a95c2fa5f7a4411c62c58a54dbd867630c5164aa46c5525e2a6 & 475813581c09861c69e5e7376909e3bb

morodan commented on 2020-03-25 13:46

YOU ROCK! I was able to connect to my employer's VPN, following the instructions on your github project site f5vpn-arch. Thx!

eggz commented on 2020-03-16 20:36

Thanks so far!! You have my vote.

zrhoffman commented on 2020-03-16 18:37

Since the issue you are facing is not related to the packaging of f5vpn, discussion related to it is better-suited for the Arch Linux forums or IRC.

eggz commented on 2020-03-16 17:58

I think I understand the concept, but none of the methods I read so far really describe applying a passphrase-protected pk12 client cert 'kit' with privatekey to the entire system.

They only thing I have been able to do is apply the CA systemwide, and break the PKCS into pem pieces.

Applying a specific user/client PKCS "kit" systemwide remains a mystery to me.

Ill keep searching.

zrhoffman commented on 2020-03-16 16:51

That CA cert and user cert should be added system-wide. You shouldn't have to specify them with curl. https://wiki.archlinux.org/index.php/Transport_Layer_Security

eggz commented on 2020-03-16 14:18

Hello,

Yeah i just recently found the log folder. :-)

I think it is because we use a PKCS#12 certificate per user. I manually imported this into my browser to acces the webpage, but I have no idea how to tackle this for your application

Here are the logs that confirm it:

2020-03-16,14:38:20:725, 26853,26853,, 48, /HttpNetworkManager.cpp, 205, void f5::qt::HttpNetworkManager::HttpGet(const QUrl&, uint32_t), starting GET request to, https://CLASSIFIED:6155/pre/config.php?version=2.0
2020-03-16,14:38:20:725, 26853,26853,, 48, /SessionManager.cpp, 204, bool f5::qt::SessionManager::CreateAndLaunchSessionInternal(const QUrl&), ----Session dfb50d2e starts----
2020-03-16,14:38:20:760, 26853,26853,, 1, /HttpNetworkManager.cpp, 120, void f5::qt::HttpNetworkManager::error(QNetworkReply::NetworkError), Error occurred while processing request (6)
2020-03-16,14:38:20:761, 26853,26853,, 1, /HttpNetworkManager.cpp, 263, void f5::qt::HttpNetworkManager::Finished(QNetworkReply*), Finished (code, error), 6, SSL handshake failed

Now, If I use my ps12 certstuff manually;

curl -v -k --key rasdist007key.pem --cacert rasdist007ca.pem --cert rasdist007client.pem https://CLASSIFIED:6155/pre/config.php?version
*   Trying CLASSIFIED:6155...
* Connected to CLASSIFIED port 6155 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
Enter PEM pass phrase:
* successfully set certificate verify locations:
*   CAfile: rasdist007ca.pem
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS handshake, CERT verify (15):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject:CLASSIFIED
*  start date: Apr 15 00:00:00 2019 GMT
*  expire date: Apr 19 12:00:00 2021 GMT
*  issuer: CLASSIFIED
*  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
> GET /pre/config.php?version HTTP/1.1
> Host: CLASSIFIED:6155
> User-Agent: curl/7.69.1
> Accept: */*
> 
* Mark bundle as not supporting multiuse
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Connection: Close
< Content-length: 429
< 
<?xml version="1.0" encoding="utf-8"?>
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, close notify (256):
<PROFILE VERSION="2.0"><SERVER....

Dont mind the CLASSIFIED, its to hide the sensitive information of our servers. But that curl works. I can see my profile.

My SSL knowledge/experience is too low how to make your tool use my personal certificate. I think this is the problem. What do you think?

zrhoffman commented on 2020-03-16 13:46

You might get some info on what is failing from the logs inside ~/.F5Networks/.

One possibility is that the RPM version the AUR package uses is too old or too new for your server. You could try rebuilding the package using an RPM downloaded directly from https://[server]/public/download/linux_f5vpn.x86_64.rpm.