ncsvc-socks-wrapper icon indicating copy to clipboard operation
ncsvc-socks-wrapper copied to clipboard

Published 20 hours ago verified publisher icon russdill

Hi question I'm on ubuntu

Open tomer-ben-david opened this issue 9 years ago • 13 comments

i'm on ubuntu

Distributor ID: Ubuntu
Description:    Ubuntu 14.04.2 LTS
Release:    14.04
Codename:   trusty

I get error when I do make install

$ make install
gcc -fno-stack-protector -Wall -O2 -g -D_GNU_SOURCE -fPIC -I/home/myname/src/lwip/src/include/ipv4 -I/home/myname/src/lwip/src/include/ipv6 -I/home/myname/src/lwip/src/include -DAPP_NAME=\"ncsvc\" -m32 -c fd.c -o ncsvc_build/fd.o
fd.c:1:23: fatal error: sys/types.h: No such file or directory
 #include <sys/types.h>
                       ^
compilation terminated.
make: *** [ncsvc_build/fd.o] Error 1

saw somewhere a recommendation to install build-essential but i already have it (no experience with c)

$ sudo apt-get install build-essential
Reading package lists... Done
Building dependency tree       
Reading state information... Done
build-essential is already the newest version.

any chance you can help me please? thanks...

tomer-ben-david avatar Jun 06 '15 19:06 tomer-ben-david

You are probably missing libc6-dev:i386

On Sat, Jun 6, 2015 at 12:18 PM, Tomer Ben David [email protected] wrote:

i'm on ubuntu Distributor ID: Ubuntu Description: Ubuntu 14.04.2 LTS Release: 14.04 Codename: trusty

I get error when I do make install $ make install gcc -fno-stack-protector -Wall -O2 -g -D_GNU_SOURCE -fPIC -I/home/myname/src/lwip/src/include/ipv4 -I/home/myname/src/lwip/src/include/ipv6 -I/home/myname/src/lwip/src/include -DAPP_NAME="ncsvc" -m32 -c fd.c -o ncsvc_build/fd.o fd.c:1:23: fatal error: sys/types.h: No such file or directory #include ^ compilation terminated. make: *** [ncsvc_build/fd.o] Error 1

any chance you can help me please? thanks...

— Reply to this email directly or view it on GitHub https://github.com/russdill/ncsvc-socks-wrapper/issues/3.

russdill avatar Jun 08 '15 19:06 russdill

After adding that build dependency, the build fails again on:


ncsvc_packet.c:8:26: fatal error: event2/event.h: No such file or directory
 #include <event2/event.h>
                          ^
compilation terminated.
make: *** [ncsvc_build/ncsvc_packet.o] Error 1

Which one can fix by adding the missing build dependency: libevent-dev:i386

After which the build fails on:

ncsvc_packet.c:12:25: fatal error: netif/tunif.h: No such file or directory
 #include <netif/tunif.h>
                         ^
compilation terminated.
make: *** [ncsvc_build/ncsvc_packet.o] Error 1

Packages.ubuntu.com yiealds no result for that file: http://packages.ubuntu.com/search?suite=trusty&section=all&arch=any&keywords=tunif.h&searchon=contents

mverwijs avatar Oct 22 '15 22:10 mverwijs

libevent-dev:i386

BTW, openconnect now supports juniper. Its a much easier solution than trying to utilize ncsvc. Let me know if you need a csd-wrapper (tncc dropin).

On Thu, Oct 22, 2015 at 3:40 PM, Maarten Verwijs [email protected] wrote:

After that adding that, the build fails again on:

tory #include <event2/event.h> ^ compilation terminated. make: *** [ncsvc_build/ncsvc_packet.o] Error 1

— Reply to this email directly or view it on GitHub https://github.com/russdill/ncsvc-socks-wrapper/issues/3#issuecomment-150376215 .

russdill avatar Oct 22 '15 22:10 russdill

Yeah, but openconnect refers to this repo for sending the DSPREAUTH cookie.

http://www.infradead.org/openconnect/juniper.html

However, I've since figured out that the problem connecting to my company's VPN lies elsewhere. Probably in unsupported host checker: http://serverfault.com/questions/243707/juniper-s-network-connect-ncsvc-on-linux-host-checker-failed-error-10

mverwijs avatar Oct 23 '15 11:10 mverwijs

openconnect refers to the host checker as a CSD wrapper. I have a host checker script for juniper openconnect, try out this gist with --csd-wrapper

https://gist.github.com/russdill/2052a68801bb09925c77

It currently just answers yes to any and all policy questions, which may not work in all situations. I have some debug code in there that will print the current policies out for examination. Additionally, it doesn't currently support periodic rechecking, but I don't have any example hosts to work with to get that working.

On Fri, Oct 23, 2015 at 4:52 AM, Maarten Verwijs [email protected] wrote:

Yeah, but openconnect refers to this repo for sending the DSPREAUTH cookie.

http://www.infradead.org/openconnect/juniper.html

However, I've since figured out that the problem connecting to my company's VPN lies elsewhere. Probably in unsupported host checker: http://serverfault.com/questions/243707/juniper-s-network-connect-ncsvc-on-linux-host-checker-failed-error-10

— Reply to this email directly or view it on GitHub https://github.com/russdill/ncsvc-socks-wrapper/issues/3#issuecomment-150552206 .

russdill avatar Oct 23 '15 12:10 russdill

ncsvc_packet.c:12:25: fatal error: netif/tunif.h: No such file or director

How it is resolved? Found no solution as well

woodgoblin avatar Dec 24 '15 13:12 woodgoblin

netif/tunif.h is part of the lwip package. Change LWIP variable in the makefile to point to your lwip source location

iourigordon avatar Jan 11 '16 19:01 iourigordon

I came across this page trying to debug the same problems.

I've tried the gist suggested by @russdill but get the following error:

openconnect --juniper --useragent 'Mozilla/5.0 (Linux) Firefox' --csd-wrapper=./gistfile1.py vpn.host.tld

... elided ...

Traceback (most recent call last): File "./gistfile1.py", line 333, in server.process_cmd() File "./gistfile1.py", line 313, in process_cmd cookie = self.tncc.get_cookie(args['Cookie'], args['DSSIGNIN']) File "./gistfile1.py", line 260, in get_cookie data = self.get_msg_contents(response['msg']) File "./gistfile1.py", line 199, in get_msg_contents compressed = msg_decoded[0x0ce4][0][0x0ce7][0] IndexError: list index out of range Received invalid response from TNCC Failed to obtain WebVPN cookie

I also got a similar error from tncc.py in the juniper-vpn-py repo.

Apologies if this isn't the best place to post this.

sagepe avatar Jan 22 '16 09:01 sagepe

The network protocol format isn't documented and it's a bit convoluted, so I did the best I could reverse engineering it. Seeing the output of a 'print _1, _2, msg_decoded' just before the 'compressed = msg_decoded[0x0ce4][0][0x0ce7][0]' line might help

On Fri, Jan 22, 2016 at 1:18 AM, Sam Pearson [email protected] wrote:

I came across this page trying to debug the same problems.

I've tried the gist suggested by @russdill https://github.com/russdill but get the following error:

openconnect --juniper --useragent 'Mozilla/5.0 (Linux) Firefox' --csd-wrapper=./gistfile1.py vpn.host.tld

... elided ...

Traceback (most recent call last): File "./gistfile1.py", line 333, in server.process_cmd() File "./gistfile1.py", line 313, in process_cmd cookie = self.tncc.get_cookie(args['Cookie'], args['DSSIGNIN']) File "./gistfile1.py", line 260, in get_cookie data = self.get_msg_contents(response['msg']) File "./gistfile1.py", line 199, in get_msg_contents compressed = msg_decoded[0x0ce4][0][0x0ce7][0] IndexError: list index out of range Received invalid response from TNCC Failed to obtain WebVPN cookie

I also got a similar error from tncc.py in the juniper-vpn-py repo.

Apologies if this isn't the best place to post this.

— Reply to this email directly or view it on GitHub https://github.com/russdill/ncsvc-socks-wrapper/issues/3#issuecomment-173856720 .

russdill avatar Jan 22 '16 10:01 russdill

How about this:

364 19 defaultdict(<type 'list'>, {3312: [{43: ('Are you a member of the domain?',)}, {25: ('Bloody Vista!',)}, {20: ('Windows7',)}], 18: [(2,)], 3315: [(1,)], 3300: [defaultdict(<type 'list'>, {})]})

sagepe avatar Jan 22 '16 10:01 sagepe

The key that should contain the tncc policies is empty. Maybe returning a blank response would be acceptable. Try the updated gist.

On Fri, Jan 22, 2016 at 2:51 AM, Sam Pearson [email protected] wrote:

How about this:

364 19 defaultdict(<type 'list'>, {3312: [{43: ('Are you a member of the domain?',)}, {25: ('Bloody Vista!',)}, {20: ('Windows7',)}], 18: [(2,)], 3315: [(1,)], 3300: [defaultdict(<type 'list'>, {})]})

— Reply to this email directly or view it on GitHub https://github.com/russdill/ncsvc-socks-wrapper/issues/3#issuecomment-173877487 .

russdill avatar Jan 22 '16 14:01 russdill

I had a similar problem, so I got it to return None from that method if that key is empty. But I now get:

Unknown form ID 'frm'
Dumping unknown HTML form:
<form id="frm_142" name="frm" action="remediate.cgi">

    <input id="action_31" type="hidden" name="action" value="">

    <input id="signinId_2" type="hidden" name="signinId" value="url_default">
    <input id="realmId_10" type="hidden" name="realmId" value="">
    <input id="executedStep_2" type="hidden" name="executedStep" value="preauth">
    <input id="stateId_8" type="hidden" name="stateId" value="">
    <input id="p_16" type="hidden" name="p" value="">

    <input id="showContinue_2" type="hidden" name="showContinue" value="0">
    <input id="showRemedOption_2" type="hidden" name="showRemedOption" value="0">

    <input id="hostcheckTS_2" type="hidden" name="hostcheckTS" value="">
    <input id="totalseconds_2" type="hidden" name="totalseconds" value="">

    <input id="executedAction_2" type="hidden" name="executedAction" value="">
</form>Failed to obtain WebVPN cookie

It looks as though it's failed, because it didn't like one of the policy responses; but there's no information as to which one. Any idea on how to get it to tell me?

chiastic-security avatar Mar 18 '16 14:03 chiastic-security

Did you guys have a luck breaking through all of this?

@chiastic-security I'm having the same issue using vpn.server/realm. Try using blank realm.

yermulnik avatar Jun 13 '17 10:06 yermulnik