matthiaslohr / docker-f5fpc Goto Github PK
View Code? Open in Web Editor NEWF5 VPN Client Docker Router
F5 VPN Client Docker Router
We need support for custom CA certificates to give the possibility to use CAs except the ones delivered with the ca-certificates package.
2017-06-09 11:07:29,404 WARNING (requests.packages.urllib3.connectionpool) Connection pool is full, discarding connection: localhost
Traceback (most recent call last):
File "./f5fpc-client.py", line 134, in <module>
sys.exit(main())
File "./f5fpc-client.py", line 43, in main
container = docker_client.containers.get(container_name)
File "/home/mlohr/.local/lib/python2.7/site-packages/docker/models/containers.py", line 757, in get
resp = self.client.api.inspect_container(container_id)
File "/home/mlohr/.local/lib/python2.7/site-packages/docker/utils/decorators.py", line 21, in wrapped
return f(self, resource_id, *args, **kwargs)
File "/home/mlohr/.local/lib/python2.7/site-packages/docker/api/container.py", line 750, in inspect_container
self._get(self._url("/containers/{0}/json", container)), True
File "/home/mlohr/.local/lib/python2.7/site-packages/docker/utils/decorators.py", line 47, in inner
return f(self, *args, **kwargs)
File "/home/mlohr/.local/lib/python2.7/site-packages/docker/api/client.py", line 183, in _get
return self.get(url, **self._set_request_timeout(kwargs))
File "/home/mlohr/.local/lib/python2.7/site-packages/requests/sessions.py", line 526, in get
return self.request('GET', url, **kwargs)
File "/home/mlohr/.local/lib/python2.7/site-packages/requests/sessions.py", line 513, in request
resp = self.send(prep, **send_kwargs)
File "/home/mlohr/.local/lib/python2.7/site-packages/requests/sessions.py", line 623, in send
r = adapter.send(request, **kwargs)
File "/home/mlohr/.local/lib/python2.7/site-packages/requests/adapters.py", line 440, in send
timeout=timeout
File "/home/mlohr/.local/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py", line 587, in urlopen
timeout_obj = self._get_timeout(timeout)
File "/home/mlohr/.local/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py", line 302, in _get_timeout
return Timeout.from_float(timeout)
File "/home/mlohr/.local/lib/python2.7/site-packages/requests/packages/urllib3/util/timeout.py", line 154, in from_float
return Timeout(read=timeout, connect=timeout)
File "/home/mlohr/.local/lib/python2.7/site-packages/requests/packages/urllib3/util/timeout.py", line 94, in __init__
self._connect = self._validate_timeout(connect, 'connect')
File "/home/mlohr/.local/lib/python2.7/site-packages/requests/packages/urllib3/util/timeout.py", line 127, in _validate_timeout
"int, float or None." % (name, value))
ValueError: Timeout value connect was Timeout(connect=None, read=None, total=None), but it must be an int, float or None.
Invoking the script which runs the docker container could trigger the image download if not locally available. This may take a long time. So inform the user about the download action.
Automatically add and remove provided networks to/from the routing table.
I pulled the latest in the linux vm.
-> % git pull
Updating 20e9888..5332123
Fast-forward
f5fpc-client.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
antouank@antergos-vm [09:53:26] [~/_REPOS_/docker-f5fpc] [master]
-> % sudo ./f5fpc-client.py connect.xxxxxx.com xxxxxxx
Enter your VPN password:
Traceback (most recent call last):
File "./f5fpc-client.py", line 155, in <module>
sys.exit(main())
File "./f5fpc-client.py", line 63, in main
'HEXPASSWORD': password.encode('hex')
LookupError: 'hex' is not a text encoding; use codecs.encode() to handle arbitrary codecs
python version
antouank@antergos-vm [09:57:04] [~/_REPOS_/docker-f5fpc] [master]
-> % python --version
Python 3.6.0
antouank@antergos-vm [09:57:08] [~/_REPOS_/docker-f5fpc] [master]
-> % python2 --version
Python 2.7.13
antouank@antergos-vm [09:57:11] [~/_REPOS_/docker-f5fpc] [master]
-> % sudo pip install -r requirements.txt
/usr/lib/python3.6/site-packages/requests/packages/urllib3/contrib/socks.py:31: DependencyWarning: SOCKS support in urllib3 requires the installation of optional dependencies: specifically, PySocks. For more information, see https://urllib3.readthedocs.io/en/latest/contrib.html#socks-proxies
DependencyWarning
Requirement already satisfied: docker==2.2.1 in /usr/lib/python3.6/site-packages (from -r requirements.txt (line 1)) (2.2.1)
Requirement already satisfied: requests==2.11.1 in /usr/lib/python3.6/site-packages (from -r requirements.txt (line 2)) (2.11.1)
Requirement already satisfied: websocket-client>=0.32.0 in /usr/lib/python3.6/site-packages (from docker==2.2.1->-r requirements.txt (line 1)) (0.48.0)
Requirement already satisfied: six>=1.4.0 in /usr/lib/python3.6/site-packages (from docker==2.2.1->-r requirements.txt (line 1)) (1.10.0)
Requirement already satisfied: docker-pycreds>=0.2.1 in /usr/lib/python3.6/site-packages (from docker==2.2.1->-r requirements.txt (line 1)) (0.3.0)
The VPN client may be forced to logout after a specific period by the VPN-server. It would be nice if this event could be detected and lead to a reconnect with the original parameters.
Hello,
I followed the instructions and when I run the wrapper script I get: Connection established. Welcome to <some_network> network. After this message the container just hangs there. Is that the expected behaviour?
In any case, even though it says "connection established", in practice I am not connected to the VPN. When I run ifconfig I still see my original IP, and not the VPN's IP.
I am running the docker from MacOS. When using a linux PC, I can successfully connect directly from linux_sslvpn F5 client (which doesn't work on Mac, that's why I wanted to try this docker). After connecting on the linux PC, I see that my IP is changed as expected when I run ifconfig.
I didn't try running this docker from the linux PC (should I?)
When I run with the debug flag, I get the following "suspicious" lines:
2018-08-29 14:09:48,702 DEBUG (docker.auth) Couldn't find 'auths' or 'HttpHeaders' sections
2018-08-29 14:09:48,702 DEBUG (docker.auth) Config entry for key stackOrchestrator is not auth config
Any ideas?
Thanks,
Alex
Check if required dependencies are provided:
Currently, i receive the error message "Login denied" on network problems (when the VPN server could not be reached). That should be a more meaningful error message.
Seems to be a problem regarding alpine or the installations
Error loading shared library ld-linux-x86-64.so.2: No such file or directory (needed by /usr/local/bin/f5fpc)
Give status feedback from f5fpc -i
command.
Command status | hex value | shell value | description |
---|---|---|---|
CLI_ERROR_SUCCESS | 0x0 | 0 | The command line operation was successful. |
CLI_ERROR_USERS_DISCONNECT | 0x150 | 80 | The user was disconnected |
CLI_ERROR_LOGON_FAILURE | 0x151 | 81 | Login failed due to incorrect authenticaion information or login errors. |
CLI_ERROR_ATTENTION_REQUIRED | 0x154 | 84 | The user's attention is required. |
CLI_ERROR_GENERIC_FAILURE | 0x155 | 85 | An error occurred in the system API. |
CLI_ERROR_UNKNOWN_PARAMETER | 0x156 | 86 | An incorrect or unknown parameter was passed to the command line. |
CLI_ERROR_WRONG_VALUE | 0x157 | 87 | This is an undefined error. |
CLI_ERROR_UNKNOWN_SESSION_ID | 0x158 | 88 | An unknown session ID was encountered. The user should reconnect to the server. |
CLI_ERROR_NO_PROFILE | 0x15B | 91 | No such profile exists. |
CLI_ERROR_MSGQ_OPEN_FAILURE | 0x15D | 93 | The system failed to open the message queue. |
CLI_ERROR_OPERATION_IN_PROGRESS | 0x15F | 95 | An operation is in progress, please retry. |
kss_Initialized | 1 | 1 | The session is initialized. |
kss_LogonInProgress | 2 | 2 | The user login is in progress. |
kss_Idle | 3 | 3 | The session is idle. |
kss_Established | 5 | 5 | The session is established. |
kss_AttentionReq | 6 | 6 | The session requires the user's attention. |
kss_LogonDenied | 7 | 7 | Login was denied. |
kss_LoggedOut | 8 | 8 | The user is logged out of the server |
Additional information:
Connection Status: logon failed
Server certificate verification failed.
Unknown result code: 7
Please create an issue with this code here:
https://github.com/MatthiasLohr/docker-f5fpc/issues/new
E.g. use alpine linux.
RUN apk update && apk add bash file iproute2 iptables iputils libc6-compat libgcc libstdc++ net-tools wget
RUN mkdir -p /lib64 && ln -s /lib/ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2
As requested:
Please enter your VPN password:
Waiting...
Unknown result code: 4
Please create an issue with this code here:
https://github.com/MatthiasLohr/docker-f5fpc/issues/new
Additional information:
Connection Status: retrieving favorites list
Favorites Information:
______________________
fav-Id fav-Type fav-Status fav-Name
Connection established successfully
When connecting via the CLI on f5fpc is there a way to force split tunneling?
Seems to be a problem regarding alpine libc6, how I can fix it?
Unknown result code: 9
Please create an issue with this code here:
https://github.com/MatthiasLohr/docker-f5fpc/issues/new
Additional information:
Connection Status: Session timed out
Favorites Information:
fav-Id fav-Type fav-Status fav-Name
245 vpn disconnected /Common/corp_ft_network
619 vpn available /Common/corp_split_network
This might be an unavoidable timeout, I haven't tried very hard to keep this thing alive over long periods.
From F5 support
Known Issue
Server certificate verification may fail with the BIG-IP Edge Client command line for Linux.
Connection Status: logon failed
Server certificate verification failed.
F5 Workaround
To work around this issue, you can disable certificate verification using the -x option to the f5fpc command.
For example:
f5fpc -s -x -t https://apm1.example.com
But seems that the -x option is not recevied by the docker-f5fpc
./f5fpc-vpn.sh client -x -t https://sslvpn-xxx.xxx.it
Please enter your VPN username: xxx
Please enter your VPN password:
Logon denied
Connection Status: logon failed
Server certificate verification failed.
It is possible to add this option?
Hi there.
I'm trying to use that script in my macbook, but I get this error:
โ docker-f5fpc git:(master) sudo ./f5fpc-client.py connect.something.com someUser
Enter your VPN password:
2018-06-27 11:26:38,028 INFO (root) Connecting to connect.something.com...
Traceback (most recent call last):
File "./f5fpc-client.py", line 155, in <module>
sys.exit(main())
File "./f5fpc-client.py", line 68, in main
container_exec(container_name, '/opt/connect.sh')
File "./f5fpc-client.py", line 132, in container_exec
process = subprocess.Popen(command_splitted, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
File "/usr/local/Cellar/python@2/2.7.15_1/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 394, in __init__
errread, errwrite)
File "/usr/local/Cellar/python@2/2.7.15_1/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 1047, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory
I did pip install
, and I have python 2.7 installed ( I used brew to install that if I remember correctly ).
Trying a wrong password or removing sudo
yields the same error.
Any ideas what's wrong?
Apply DNS settings from /etc/resolv.conf.fp-tmp and restore old after disconnecting.
Btw, I made an ubuntu vm, and tried the script from in there.
I get no errors, but my login is denied.
Could it be that it doesn't ask for the RSA code? ( the 2FA part )
From the same vm, using the f5vpn "app", I can get connected.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.