Centos / Ubuntu solution EasyConnect connection failure

Centos / Ubuntu solution EasyConnect connection failure

background

Recently whim to learn linux, simply a Centos 8 is installed directly on the laptop, work carried out on it, but the network is connected by a deep conviction of EasyConnect VPN. Encountered during the connection process a little problem, and in the deep convinced the community published post for help to no avail, but can only try to connect their own free time to explore, tried several times, finally found the idea, let me get, ha ha, happy, so share next, we hope to help more people. A similar situation on a colleague's Ubuntu 18, can also get rid of in this way. The following is a Solutions

Environmental Information

System Environment

Software version

EasyConnect can be downloaded directly through the browser at the server end, here is a version of the software I use

EasyConnect run time will use the iptables and route two programs, there is no need to install at their own words

The connection attempt

I just try to connect the following process personal understanding, because after this software is not familiar with, if misunderstood please point out

Troubleshooting / positioning

After a successful installation will start a EasyMonitor EasyConnect service, view service

[root@linux EasyConnect]# systemctl status EasyMonitor.service 
● EasyMonitor.service - Sangfor EasyMonitor Service
   Loaded: loaded (/usr/lib/systemd/system/EasyMonitor.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2020-03-02 21:00:00 CST; 4 days ago
 Main PID: 3279 (EasyMonitor)
    Tasks: 4 (limit: 26213)
   Memory: 3.5G
   CGroup: /system.slice/EasyMonitor.service
           ├─3279 /usr/share/sangfor/EasyConnect/resources/bin/EasyMonitor
           └─3436 /usr/share/sangfor/EasyConnect/resources/bin/ECAgent --resume

Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.

Easyonitor normal operation can be seen, and the executable file in / usr / share / sangfor / EasyConnect / resources / bin path below

[root@linux EasyConnect]# cd /usr/share/sangfor/EasyConnect/resources/bin/
[root@linux bin]# ls
ca.crt  cert.crt  CSClient  EasyMonitor  ECAgent  svpnservice

This directory has four executable files

EasyMonitor, ECAgent is listening service, start listening client, log in, connect and out of state

CSClient is the actual client program

svpnservice is connected to the program, clients can start, but the connection does not go up because the program does not start

We went to the / usr / share / sangfor / EasyConnect / resources directory

[root@linux resources]# pwd
/usr/share/sangfor/EasyConnect/resources
[root@linux resources]# ls
app.asar  bin  conf  default_app.asar  EasyConnect.png  electron.asar  lib64  logs  shell  user_cert

In this I will not go into detail, we only used the two paths

1. All log files in / usr / share / sangfor / EasyConnect / resources / logs path
2. Debug scripts in the / usr / share / sangfor / EasyConnect / resources / shell path

First under logs path View

[root@linux logs]# pwd
/usr/share/sangfor/EasyConnect/resources/logs
[root@linux logs]# ls

Service will start when the log file is generated ECAgent.log

When you start a program to view the log through the tail -f ECAgent.log, at login you will find a connection error log

[2020-03-03 09:08:10][E][3436][ 106][RunRegister][plugin] socket thread connect failed, sleep(500000) us
[2020-03-03 09:08:10][D][3436][ 412][HandlerHttpRequest][WebServer] http queryString : op=DoQueryService&arg1=QUERY%20QSTATE%20ALLSERVICES&callback=this.querryQstateAllServicesCallback&token=aa11985c2064f2c42ab2094ca14a2841&Guid=NULL&type=EC
[2020-03-03 09:08:10][D][3436][ 138][DoQueryService][web]qry: QUERY QSTATE ALLSERVICES
[2020-03-03 09:08:10][E][3436][ 165][ConnectDomainSock][cms] /usr/share/sangfor/EasyConnect/resources/conf/ECDomainFile domain socket connect failed, errno:111.
[2020-03-03 09:08:10][E][3436][ 114][Register]cms client connect failed.

Service at startup will use svpnservice connected by ECDomainFile socket file server, but this time did not svpnservice process, it will be the connection fails, see the process information

[root@linux logs]# ps -ef | grep EasyConnect
root      3279     1  0 Mar02 ?        00:37:13 /usr/share/sangfor/EasyConnect/resources/bin/EasyMonitor
root      3436     1  0 Mar02 ?        00:37:19 /usr/share/sangfor/EasyConnect/resources/bin/ECAgent --resume
root      3686  5303  0 12:01 tty2     00:00:02 /usr/share/sangfor/EasyConnect/EasyConnect --enable-transparent-visuals --disable-gpu
root      3692  3686  0 12:01 tty2     00:00:00 /usr/share/sangfor/EasyConnect/EasyConnect --type=zygote --no-sandbox
root      3739  3692  0 12:01 tty2     00:00:01 /usr/share/sangfor/EasyConnect/EasyConnect --type=renderer --no-sandbox --primordial-pipe-token=294FF4553195355ED350775CF8642791 --lang=en-US --enable-plugins --node-integration=true --hidden-page --enable-pinch --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --service-request-channel-token=294FF4553195355ED350775CF8642791 --renderer-client-id=3 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd

This time we used the second path (/ usr / share / sangfor / EasyConnect / resources / shell)

[root@linux shell]# pwd
/usr/share/sangfor/EasyConnect/resources/shell
[root@linux shell]# ls
dns_service_ctl.sh  EasyConnect.sh  EasyMonitor.sh  envcheck.sh  find_browser_path.sh  list_dns.sh  logout.sh  open_browser.sh  sslcheck.sh  sslservice.sh  startrapp.sh  track_eraser.sh

At the name I guess we can guess about the meaning of (name really important, but not logout.sh Log meant, but the log output log output ...)

We mainly use the next few script

• envcheck.sh environmental inspections, mainly to check the route and iptables are installed, the default is not output

• Sslcheck.sh check whether ssl connection profile meet, there is no default output

• sslservice.sh start svpnservice, the importance of self-evident

Well, the next step is to witness the miracle of the moment. .

1. First, open a terminal and EasyConnect clients. .
2. Enter the server address and user name and password, click Login in the client

3. In the progress bar about 70 percent of the time, start svpnservice (/usr/share/sangfor/EasyConnect/resources/shell/sslservice.sh) in the console

Ha ha, about 70%, the wind, the progress bar, time card to a quasi (fight hand speed), faster, then you will be prompted Failed to login in with this user account, for a user is online !. Slow or can not connect

4. 最后成功了,ECAgent.log文件也没有错误日志了内网也可以ping通了

总结

深信服客服提供的client端版本如下：

SSL VPN标准版本M7.6.0及以上版本EC客户端支持如下linux系统，暂不支持centOS系统
【Linux-Ubuntu版本范围】
Ubuntu 12.04 (32、64位)
Ubuntu 14.04 (32、64位)
Ubuntu 16.04 (32、64位)
Ubuntu 17.04 (32、64位)
Ubuntu下浏览器支持firefox\chrome
【Linux-中标麒麟 版本范围】
中标麒麟 v6.0 (32、64位)
中标麒麟 v7.0
中标麒麟下浏览器支持chrome\firefox
使用浏览器登录只能访问WEB资源，WEB资源兼容性不好，WEB资源只支持简单的静态网页，不推荐管理员发布WEB资源的

不太理解为什么不支持Centos。。

但是通过手动处理还是可以满足当前的环境的

Linux使用客户端要比其他系统上好一点，windows上如果没有网络流量的话过段时间会自动登出，但linux上不会，除非断网时间过长。。