Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Poor debug lines #1250

Open
smktpd opened this issue Oct 24, 2024 · 4 comments
Open

Poor debug lines #1250

smktpd opened this issue Oct 24, 2024 · 4 comments

Comments

@smktpd
Copy link

smktpd commented Oct 24, 2024

I am trying to debug why a connection to the new endpoint simply doesn't succeed and I run sudo openfortivpn with -vvv key and yet I get useless output:

sudo openfortivpn ${pub_host_of_vpn_server}:54443 --username=${my_user} -vvv
DEBUG:  ATTENTION: the output contains sensitive information such as the THE CLEAR TEXT PASSWORD.
DEBUG:  openfortivpn 1.22.1
DEBUG:  revision unavailable
DEBUG:  Loaded configuration file "/opt/homebrew/etc/openfortivpn/openfortivpn/config".
VPN account password:
DEBUG:  Configuration host = "${pub_host_of_vpn_server}"
DEBUG:  Configuration realm = ""
DEBUG:  Configuration port = "54443"
DEBUG:  Configuration username = "${my_user}"
DEBUG:  Configuration password = "${my_password}"
DEBUG:  Resolving gateway host ip
DEBUG:  Establishing TLS connection
DEBUG:  server_addr: ${pub_ip_of_vpn_server}
DEBUG:  server_port: 54443
DEBUG:  gateway_ip: ${pub_ip_of_vpn_server}
DEBUG:  gateway_port: 54443

and it just hangs there and nothing happens and this log doesn't let me figure out the reason.
@DimitriPapadopoulos
Copy link
Collaborator

As far as I can see, it hangs there because establishing the tunnel has succeeded.

a connection to the new endpoint simply doesn't succeed

What do you mean by that? Are you able to ping IP addresses? It could be that routing is not set properly, see other tickets about routing and/or DNS issues on macOS.

@smktpd
Copy link
Author

smktpd commented Oct 25, 2024

Nope, it was the opposite: the tunnel did not succeed, I got no IP.
In this specific case it turned out that Lulu (a firewall) after an update just didn't pop-up a prompt window and was blocking the connection by default.
But this ticket is about the lack of debug lines which could hint me why it fails.

@DimitriPapadopoulos
Copy link
Collaborator

I see. I guess openfortivpn calls a network function that is blocked by the firewall. The firewall doesn't implement any timeout so openfortivpn gets stucks forever. Isn't that a firewall issue? I mean, we won't implement a timeout in openfportivpn just to print a debug message.

@smktpd
Copy link
Author

smktpd commented Nov 12, 2024

Maybe debug lines could be reordered a bit so that:

  1. DEBUG: Establishing TLS connection would go after lines
DEBUG:  server_addr: ${pub_ip_of_vpn_server}
DEBUG:  server_port: 54443
DEBUG:  gateway_ip: ${pub_ip_of_vpn_server}
DEBUG:  gateway_port: 54443

so user would get stuck on "establishing connection" line.
2. maybe it should be reworded into something like DEBUG: Establishing TLS connection (this operation has no timeout, so check your firewall if you get indefinitely stuck on this step)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DimitriPapadopoulos @smktpd