Centos / Ubuntu solution EasyConnect connection failure
background
Recently whim to learn linux, simply a Centos 8 is installed directly on the laptop, work carried out on it, but the network is connected by a deep conviction of EasyConnect VPN. Encountered during the connection process a little problem, and in the deep convinced the community published post for help to no avail, but can only try to connect their own free time to explore, tried several times, finally found the idea, let me get, ha ha, happy, so share next, we hope to help more people. A similar situation on a colleague's Ubuntu 18, can also get rid of in this way. The following is a Solutions
Environmental Information
System Environment
Software version
EasyConnect can be downloaded directly through the browser at the server end, here is a version of the software I use
EasyConnect run time will use the iptables and route two programs, there is no need to install at their own words
The connection attempt
I just try to connect the following process personal understanding, because after this software is not familiar with, if misunderstood please point out
Troubleshooting / positioning
After a successful installation will start a EasyMonitor EasyConnect service, view service
[root@linux EasyConnect]# systemctl status EasyMonitor.service
● EasyMonitor.service - Sangfor EasyMonitor Service
Loaded: loaded (/usr/lib/systemd/system/EasyMonitor.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2020-03-02 21:00:00 CST; 4 days ago
Main PID: 3279 (EasyMonitor)
Tasks: 4 (limit: 26213)
Memory: 3.5G
CGroup: /system.slice/EasyMonitor.service
├─3279 /usr/share/sangfor/EasyConnect/resources/bin/EasyMonitor
└─3436 /usr/share/sangfor/EasyConnect/resources/bin/ECAgent --resume
Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
Easyonitor normal operation can be seen, and the executable file in / usr / share / sangfor / EasyConnect / resources / bin path below
[root@linux EasyConnect]# cd /usr/share/sangfor/EasyConnect/resources/bin/
[root@linux bin]# ls
ca.crt cert.crt CSClient EasyMonitor ECAgent svpnservice
This directory has four executable files
EasyMonitor, ECAgent is listening service, start listening client, log in, connect and out of state
CSClient is the actual client program
svpnservice is connected to the program, clients can start, but the connection does not go up because the program does not start
We went to the / usr / share / sangfor / EasyConnect / resources directory
[root@linux resources]# pwd
/usr/share/sangfor/EasyConnect/resources
[root@linux resources]# ls
app.asar bin conf default_app.asar EasyConnect.png electron.asar lib64 logs shell user_cert
In this I will not go into detail, we only used the two paths
- All log files in / usr / share / sangfor / EasyConnect / resources / logs path
- Debug scripts in the / usr / share / sangfor / EasyConnect / resources / shell path
First under logs path View
[root@linux logs]# pwd
/usr/share/sangfor/EasyConnect/resources/logs
[root@linux logs]# ls
Service will start when the log file is generated ECAgent.log
When you start a program to view the log through the tail -f ECAgent.log, at login you will find a connection error log
[2020-03-03 09:08:10][E][3436][ 106][RunRegister][plugin] socket thread connect failed, sleep(500000) us
[2020-03-03 09:08:10][D][3436][ 412][HandlerHttpRequest][WebServer] http queryString : op=DoQueryService&arg1=QUERY%20QSTATE%20ALLSERVICES&callback=this.querryQstateAllServicesCallback&token=aa11985c2064f2c42ab2094ca14a2841&Guid=NULL&type=EC
[2020-03-03 09:08:10][D][3436][ 138][DoQueryService][web]qry: QUERY QSTATE ALLSERVICES
[2020-03-03 09:08:10][E][3436][ 165][ConnectDomainSock][cms] /usr/share/sangfor/EasyConnect/resources/conf/ECDomainFile domain socket connect failed, errno:111.
[2020-03-03 09:08:10][E][3436][ 114][Register]cms client connect failed.
Service at startup will use svpnservice connected by ECDomainFile socket file server, but this time did not svpnservice process, it will be the connection fails, see the process information
[root@linux logs]# ps -ef | grep EasyConnect
root 3279 1 0 Mar02 ? 00:37:13 /usr/share/sangfor/EasyConnect/resources/bin/EasyMonitor
root 3436 1 0 Mar02 ? 00:37:19 /usr/share/sangfor/EasyConnect/resources/bin/ECAgent --resume
root 3686 5303 0 12:01 tty2 00:00:02 /usr/share/sangfor/EasyConnect/EasyConnect --enable-transparent-visuals --disable-gpu
root 3692 3686 0 12:01 tty2 00:00:00 /usr/share/sangfor/EasyConnect/EasyConnect --type=zygote --no-sandbox
root 3739 3692 0 12:01 tty2 00:00:01 /usr/share/sangfor/EasyConnect/EasyConnect --type=renderer --no-sandbox --primordial-pipe-token=294FF4553195355ED350775CF8642791 --lang=en-US --enable-plugins --node-integration=true --hidden-page --enable-pinch --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --service-request-channel-token=294FF4553195355ED350775CF8642791 --renderer-client-id=3 --v8-natives-passed-by-fd --v8-snapshot-passed-by-fd
This time we used the second path (/ usr / share / sangfor / EasyConnect / resources / shell)
[root@linux shell]# pwd
/usr/share/sangfor/EasyConnect/resources/shell
[root@linux shell]# ls
dns_service_ctl.sh EasyConnect.sh EasyMonitor.sh envcheck.sh find_browser_path.sh list_dns.sh logout.sh open_browser.sh sslcheck.sh sslservice.sh startrapp.sh track_eraser.sh
At the name I guess we can guess about the meaning of (name really important, but not logout.sh Log meant, but the log output log output ...)
We mainly use the next few script
-
envcheck.sh environmental inspections, mainly to check the route and iptables are installed, the default is not output
-
Sslcheck.sh check whether ssl connection profile meet, there is no default output
-
sslservice.sh start svpnservice, the importance of self-evident
Well, the next step is to witness the miracle of the moment. .
- First, open a terminal and EasyConnect clients. .
- Enter the server address and user name and password, click Login in the client
- In the progress bar about 70 percent of the time, start svpnservice (/usr/share/sangfor/EasyConnect/resources/shell/sslservice.sh) in the console
Ha ha, about 70%, the wind, the progress bar, time card to a quasi (fight hand speed), faster, then you will be prompted Failed to login in with this user account, for a user is online !. Slow or can not connect
- 最后成功了,ECAgent.log文件也没有错误日志了内网也可以ping通了
总结
深信服客服提供的client端版本如下:
SSL VPN标准版本M7.6.0及以上版本EC客户端支持如下linux系统,暂不支持centOS系统
【Linux-Ubuntu版本范围】
Ubuntu 12.04 (32、64位)
Ubuntu 14.04 (32、64位)
Ubuntu 16.04 (32、64位)
Ubuntu 17.04 (32、64位)
Ubuntu下浏览器支持firefox\chrome
【Linux-中标麒麟 版本范围】
中标麒麟 v6.0 (32、64位)
中标麒麟 v7.0
中标麒麟下浏览器支持chrome\firefox
使用浏览器登录只能访问WEB资源,WEB资源兼容性不好,WEB资源只支持简单的静态网页,不推荐管理员发布WEB资源的
不太理解为什么不支持Centos。。
但是通过手动处理还是可以满足当前的环境的
Linux使用客户端要比其他系统上好一点,windows上如果没有网络流量的话过段时间会自动登出,但linux上不会,除非断网时间过长。。