1 |
íÏÖÅÔ ÐÏËÏ×ÙÒÑÔØ ÐÁÒÁÍÅÔÒ CertStore ? |
2 |
á ÔÏ ÏÎ ×ÅÄØ ÓÅÒÔÉÆÉËÁÔ ÐÙÔÁÅÔÓÑ ÉÓËÁÔØ × Microsoft User Certificate, ËÏÔÏÒÙÊ ÐÏÄ ÌÉÎÕÈÏÍ ×ÒÑÄ ÌÉ ÅÓÔØ... |
3 |
|
4 |
> |
5 |
> ÷ÓÅÍ ÐÒÉ×ÅÔ! |
6 |
> |
7 |
> ÷ÏÚÎÉËÌÁ ÎÅÏÂÈÏÄÉÍÏÓÔØ ÄÏÓÔÕÐÁ Ë ×ÎÕÔÒÅÎÎÅÊ ÓÅÔËÅ ÍÏÅÊ ÏÒÇÁÎÉÚÁÃÉÉ ÞÅÒÅÚ ÉÎÔÅÒÎÅÔ ÐÏ vpn |
8 |
> ÷ ËÁÞÅÓÔ×Å ËÌÉÅÎÔÁ ÉÓÐÏÌØÚÕÅÔÓÑ Cisco VPN Client |
9 |
> äÌÑ ÐÒÏ×ÅÒËÉ ÐÏÄÌÉÎÎÏÓÔÉ ÉÓÐÏÌØÚÕÅÔÓÑ ÓÍÁÒÔËÁÒÔÁ, Á ÐÏÓÌÅ ÔÏÇÏ ËÁË ÓÅÒÔÉÆÉËÁÔ ÎÁ ËÁÒÔÅ ÐÒÏ×ÅÒÅÎ ÎÅÏÂÈÏÄÉÍÏ ÅÝÅ ××ÏÄÉÔØ ÄÏÍÅÎÎÙÅ ÌÏÇÉÎ É ÐÁÒÏÌØ |
10 |
> ó Windows-ÏÂÒÁÚÎÙÈ ÍÁÛÉÎ ×ÓÅ ÒÁÂÏÔÁÅÔ |
11 |
> á ×ÏÔ ÉÚ Linux ÎÅ ÐÏÌÕÞÁÅÔÓÑ :( |
12 |
> |
13 |
> óÍÁÒÔËÁÒÔÕ × USB ËÁÒÔÒÉÄÅÒÅ pcscd ×ÉÄÉÔ É ÔÏ ÞÔÏ ×ÙÄÁÅÔ pcsc_scan ×Ï ×ÌÏÖÅÎÉÉ pcsc_scan.out |
14 |
> |
15 |
> á ×ÏÔ Cisco VPN Client ÄÌÑ Linux ×ÙÄÁÅÔ ÏÛÉÂËÉ (ÓÍ ×ÌÏÖÅÎÉÅ vpnlog.txt) |
16 |
> |
17 |
> îÁÓÔÒÏÊËÉ Cisco VPN Client ×ÚÑÌ Ó ÒÁÂÏÔÁÀÝÅÇÏ ËÌÉÅÎÔÁ ÉÚ Windows (ÓÍ ×ÌÏÖÅÎÉÅ vpnc.pcf) |
18 |
> |
19 |
> ðÏÎÑÌ, ÞÔÏ ËÌÉÅÎÔ ÎÅ ÍÏÖÅÔ ÎÁÊÔÉ ÓÅÒÔÉÆÉËÁÔ ÎÁ ÍÏÅÊ ÓÍÁÒÔËÁÒÔÅ, ÎÏ ËÁË ÐÒÁ×ÉÌØÎÏ ÐÒÏÐÉÓÁÔØ ÐÕÔØ Ë ÓÅÒÔÉÆÉËÁÔÕ × ËÏÎÆÉÇÅ vpn ËÌÉÅÎÔÁ ÎÅ ÚÎÁÀ :( |
20 |
> ïÂÌÁÚÉÌ ×ÅÓØ ÉÎÔÅÒÎÅÔ - ÎÉÞÅÇÏ ÎÅ ÎÁÛÅÌ :( |
21 |
> ðÏÄÓËÁÖÉÔÅ, ÐÏÖÁÌÕÊÓÔÁ, ËÁË ÏÂßÑÓÎÉÔØ vpn ËÌÉÅÎÔÕ, ÇÄÅ ÉÓËÁÔØ ÍÏÊ ÓÅÒÔÉÆÉËÁÔ, ÉÌÉ ÂÒÏÓØÔÅ ÓÓÙÌËÕ, ÇÄÅ ÍÏÖÎÏ ÐÏÞÉÔÁÔØ Ï ÔÏÍ, ËÁË ÕËÁÚÙ×ÁÀÔÓÑ ÐÕÔÉ Ë ÓÅÒÔÉÆÉËÁÔÁÍ ÎÁ ÓÍÁÒÔËÁÒÔÁÈ × Linux |
22 |
> |
23 |
> ëÏÇÄÁ × Windows ÐÒÏÓÍÁÔÒÉ×ÁÀ ÉÎÆÕ ÐÏ ÍÏÅÍÕ ÓÅÒÔÉÆÉËÁÔÕ ÎÁ ËÁÒÔÅ, ÔÏ ðÕÔØ ÓÅÒÔÉÆÉËÁÃÉÉ ×ÙÇÌÑÄÉÔ ÔÁË: |
24 |
> Root Organization |
25 |
> |_Enterprise Organization |
26 |
> |_Login |
27 |
> |
28 |
> óÐÁÓÉÂÏ! |
29 |
> |
30 |
> [main] |
31 |
> Description= |
32 |
> Host=gate-server.ru |
33 |
> AuthType=3 |
34 |
> GroupName= |
35 |
> GroupPwd= |
36 |
> enc_GroupPwd= |
37 |
> EnableISPConnect=0 |
38 |
> ISPConnectType=0 |
39 |
> ISPConnect= |
40 |
> ISPPhonebook= |
41 |
> ISPCommand= |
42 |
> Username=domain\login |
43 |
> SaveUserPassword=0 |
44 |
> UserPassword= |
45 |
> enc_UserPassword= |
46 |
> NTDomain= |
47 |
> EnableBackup=1 |
48 |
> BackupServer=backup-server-1,backup-server-2 |
49 |
> EnableMSLogon=1 |
50 |
> MSLogonType=0 |
51 |
> EnableNat=1 |
52 |
> TunnelingMode=0 |
53 |
> TcpTunnelingPort=10000 |
54 |
> CertStore=2 |
55 |
> CertName=Login |
56 |
> CertPath= |
57 |
> CertSubjectName=e=Login@×××××××××××.ru,cn=Login,ou=Workers,dc=organization,dc=ru |
58 |
> CertSerialHash= |
59 |
> SendCertChain=0 |
60 |
> PeerTimeout=90 |
61 |
> EnableLocalLAN=0 |
62 |
> |
63 |
> Cisco Systems VPN Client Version 4.8.02 (0030) |
64 |
> |
65 |
> Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved. |
66 |
> |
67 |
> Client Type(s): Linux |
68 |
> |
69 |
> Running on: Linux 2.6.24-23-generic #1 SMP Mon Jan 26 00:13:11 UTC 2009 i686 |
70 |
> |
71 |
> Config file directory: /etc/opt/cisco-vpnclient |
72 |
> |
73 |
> |
74 |
> 1 16:13:42.472 02/11/2009 Sev=Warning/3 CLI/0x83900004 |
75 |
> |
76 |
> Unable to purge old log files. Function returned -1. |
77 |
> |
78 |
> |
79 |
> 2 16:13:42.494 02/11/2009 Sev=Info/4 CVPND/0x4340001F |
80 |
> |
81 |
> Privilege Separation: restoring MTU on primary interface. |
82 |
> |
83 |
> |
84 |
> 3 16:13:42.494 02/11/2009 Sev=Info/4 CVPND/0x4340000F |
85 |
> |
86 |
> Started cvpnd: |
87 |
> |
88 |
> Cisco Systems VPN Client Version 4.8.02 (0030) |
89 |
> |
90 |
> Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved. |
91 |
> |
92 |
> Client Type(s): Linux |
93 |
> |
94 |
> Running on: Linux 2.6.24-23-generic #1 SMP Mon Jan 26 00:13:11 UTC 2009 i686 |
95 |
> |
96 |
> |
97 |
> 4 16:13:43.474 02/11/2009 Sev=Info/4 CLI/0x43900002 |
98 |
> |
99 |
> Started vpnclient: |
100 |
> |
101 |
> Cisco Systems VPN Client Version 4.8.02 (0030) |
102 |
> |
103 |
> Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved. |
104 |
> |
105 |
> Client Type(s): Linux |
106 |
> |
107 |
> Running on: Linux 2.6.24-23-generic #1 SMP Mon Jan 26 00:13:11 UTC 2009 i686 |
108 |
> |
109 |
> |
110 |
> 5 16:13:48.149 02/11/2009 Sev=Info/4 CM/0x43100002 |
111 |
> |
112 |
> Begin connection process |
113 |
> |
114 |
> |
115 |
> 6 16:13:48.150 02/11/2009 Sev=Info/4 CM/0x43100004 |
116 |
> |
117 |
> Establish secure connection |
118 |
> |
119 |
> |
120 |
> 7 16:13:48.150 02/11/2009 Sev=Info/4 CM/0x43100024 |
121 |
> |
122 |
> Attempt connection with server "gate-server.ru" |
123 |
> |
124 |
> |
125 |
> 8 16:13:49.019 02/11/2009 Sev=Info/4 CVPND/0x43400019 |
126 |
> |
127 |
> Privilege Separation: binding to port: (0). |
128 |
> |
129 |
> |
130 |
> 9 16:13:49.019 02/11/2009 Sev=Info/4 CVPND/0x43400019 |
131 |
> |
132 |
> Privilege Separation: binding to port: (0). |
133 |
> |
134 |
> |
135 |
> 10 16:13:49.019 02/11/2009 Sev=Info/6 IKE/0x4300003B |
136 |
> |
137 |
> Attempting to establish a connection with backup-server-1. |
138 |
> |
139 |
> |
140 |
> 11 16:13:49.020 02/11/2009 Sev=Warning/2 CERT/0x83600009 |
141 |
> |
142 |
> Could not load certificate e=Login@×××××××××××.ru,cn=Login,ou=Workers,dc=organization,dc=ru from store Microsoft User Certificate. Reason: store empty |
143 |
> |
144 |
> |
145 |
> 12 16:13:49.020 02/11/2009 Sev=Warning/2 CERT/0x83600004 |
146 |
> |
147 |
> If you are using a smartcard or token containing a certificate, verify that it is plugged in and try again. |
148 |
> |
149 |
> |
150 |
> 13 16:13:49.020 02/11/2009 Sev=Warning/2 IKE/0xC3000008 |
151 |
> |
152 |
> Unable to open certificate (e=Login@×××××××××××.ru,cn=Login,ou=Workers,dc=organization,dc=ru). |
153 |
> |
154 |
> If you are using a smartcard or token containing a certificate, verify the correct one is plugged in and try again. |
155 |
> |
156 |
> |
157 |
> 14 16:13:49.020 02/11/2009 Sev=Warning/2 IKE/0xC300009B |
158 |
> |
159 |
> Failed to open my certificate (Connection:240) |
160 |
> |
161 |
> |
162 |
> 15 16:13:49.020 02/11/2009 Sev=Warning/2 IKE/0xC300009A |
163 |
> |
164 |
> Failed to set up connection data |
165 |
> |
166 |
> |
167 |
> 16 16:13:49.020 02/11/2009 Sev=Info/4 CM/0x4310001C |
168 |
> |
169 |
> Unable to contact server "gate-server.ru" |
170 |
> |
171 |
> |
172 |
> 17 16:13:49.020 02/11/2009 Sev=Info/4 CM/0x43100024 |
173 |
> |
174 |
> Attempt connection with server "backup-server-2" |
175 |
> |
176 |
> |
177 |
> 18 16:13:49.020 02/11/2009 Sev=Info/4 CVPND/0x43400019 |
178 |
> |
179 |
> Privilege Separation: binding to port: (0). |
180 |
> |
181 |
> |
182 |
> 19 16:13:49.021 02/11/2009 Sev=Info/4 CVPND/0x43400019 |
183 |
> |
184 |
> Privilege Separation: binding to port: (0). |
185 |
> |
186 |
> |
187 |
> 20 16:13:49.021 02/11/2009 Sev=Info/6 IKE/0x4300003B |
188 |
> |
189 |
> Attempting to establish a connection with backup-server-2. |
190 |
> |
191 |
> |
192 |
> 21 16:13:49.021 02/11/2009 Sev=Warning/2 CERT/0x83600009 |
193 |
> |
194 |
> Could not load certificate e=Login@×××××××××××.ru,cn=Login,ou=Workers,dc=organization,dc=ru from store Microsoft User Certificate. Reason: store empty |
195 |
> |
196 |
> |
197 |
> 22 16:13:49.021 02/11/2009 Sev=Warning/2 CERT/0x83600004 |
198 |
> |
199 |
> If you are using a smartcard or token containing a certificate, verify that it is plugged in and try again. |
200 |
> |
201 |
> |
202 |
> 23 16:13:49.021 02/11/2009 Sev=Warning/2 IKE/0xC3000008 |
203 |
> |
204 |
> Unable to open certificate (e=Login@×××××××××××.ru,cn=Login,ou=Workers,dc=organization,dc=ru). |
205 |
> |
206 |
> If you are using a smartcard or token containing a certificate, verify the correct one is plugged in and try again. |
207 |
> |
208 |
> |
209 |
> 24 16:13:49.021 02/11/2009 Sev=Warning/2 IKE/0xC300009B |
210 |
> |
211 |
> Failed to open my certificate (Connection:240) |
212 |
> |
213 |
> |
214 |
> 25 16:13:49.021 02/11/2009 Sev=Warning/2 IKE/0xC300009A |
215 |
> |
216 |
> Failed to set up connection data |
217 |
> |
218 |
> |
219 |
> 26 16:13:49.021 02/11/2009 Sev=Info/4 CM/0x4310001C |
220 |
> |
221 |
> Unable to contact server "backup-server-2" |
222 |
> |
223 |
> |
224 |
> 27 16:13:49.021 02/11/2009 Sev=Info/4 CM/0x43100024 |
225 |
> |
226 |
> Attempt connection with server "backup-server-1" |
227 |
> |
228 |
> |
229 |
> 28 16:13:49.021 02/11/2009 Sev=Info/4 CVPND/0x43400019 |
230 |
> |
231 |
> Privilege Separation: binding to port: (0). |
232 |
> |
233 |
> |
234 |
> 29 16:13:49.022 02/11/2009 Sev=Info/4 CVPND/0x43400019 |
235 |
> |
236 |
> Privilege Separation: binding to port: (0). |
237 |
> |
238 |
> |
239 |
> 30 16:13:49.022 02/11/2009 Sev=Info/6 IKE/0x4300003B |
240 |
> |
241 |
> Attempting to establish a connection with backup-server-1. |
242 |
> |
243 |
> |
244 |
> 31 16:13:49.022 02/11/2009 Sev=Warning/2 CERT/0x83600009 |
245 |
> |
246 |
> Could not load certificate e=Login@×××××××××××.ru,cn=Login,ou=Workers,dc=organization,dc=ru from store Microsoft User Certificate. Reason: store empty |
247 |
> |
248 |
> |
249 |
> 32 16:13:49.022 02/11/2009 Sev=Warning/2 CERT/0x83600004 |
250 |
> |
251 |
> If you are using a smartcard or token containing a certificate, verify that it is plugged in and try again. |
252 |
> |
253 |
> |
254 |
> 33 16:13:49.022 02/11/2009 Sev=Warning/2 IKE/0xC3000008 |
255 |
> |
256 |
> Unable to open certificate (e=Login@×××××××××××.ru,cn=Login,ou=Workers,dc=organization,dc=ru). |
257 |
> |
258 |
> If you are using a smartcard or token containing a certificate, verify the correct one is plugged in and try again. |
259 |
> |
260 |
> |
261 |
> 34 16:13:49.022 02/11/2009 Sev=Warning/2 IKE/0xC300009B |
262 |
> |
263 |
> Failed to open my certificate (Connection:240) |
264 |
> |
265 |
> |
266 |
> 35 16:13:49.022 02/11/2009 Sev=Warning/2 IKE/0xC300009A |
267 |
> |
268 |
> Failed to set up connection data |
269 |
> |
270 |
> |
271 |
> 36 16:13:49.022 02/11/2009 Sev=Info/4 CM/0x4310001C |
272 |
> |
273 |
> Unable to contact server "backup-server-1" |
274 |
> |
275 |
> |
276 |
> 37 16:13:49.022 02/11/2009 Sev=Info/4 CM/0x4310000C |
277 |
> |
278 |
> All connection attempts with backup server failed |
279 |
> |
280 |
> |
281 |
> 38 16:13:49.022 02/11/2009 Sev=Info/5 CM/0x43100025 |
282 |
> |
283 |
> Initializing CVPNDrv |
284 |
> |
285 |
> |
286 |
> 39 16:13:49.022 02/11/2009 Sev=Info/4 CVPND/0x4340001F |
287 |
> |
288 |
> Privilege Separation: restoring MTU on primary interface. |
289 |
> |
290 |
> |
291 |
> 40 16:13:49.022 02/11/2009 Sev=Info/4 IKE/0x43000001 |
292 |
> |
293 |
> IKE received signal to terminate VPN connection |
294 |
> |
295 |
> |
296 |
> 41 16:13:49.023 02/11/2009 Sev=Info/4 IPSEC/0x43700008 |
297 |
> |
298 |
> IPSec driver successfully started |
299 |
> |
300 |
> |
301 |
> 42 16:13:49.023 02/11/2009 Sev=Info/4 IPSEC/0x43700014 |
302 |
> |
303 |
> Deleted all keys |
304 |
> |
305 |
> |
306 |
> 43 16:13:49.023 02/11/2009 Sev=Info/4 IPSEC/0x43700014 |
307 |
> |
308 |
> Deleted all keys |
309 |
> |
310 |
> |
311 |
> 44 16:13:49.023 02/11/2009 Sev=Info/4 IPSEC/0x43700014 |
312 |
> |
313 |
> Deleted all keys |
314 |
> |
315 |
> |
316 |
> 45 16:13:49.023 02/11/2009 Sev=Info/4 IPSEC/0x43700014 |
317 |
> |
318 |
> Deleted all keys |
319 |
> |
320 |
> |
321 |
> 46 16:13:49.023 02/11/2009 Sev=Info/4 IPSEC/0x4370000A |
322 |
> |
323 |
> IPSec driver successfully stopped |
324 |
> |
325 |
> |
326 |
> 47 16:13:52.021 02/11/2009 Sev=Info/4 CVPND/0x4340000C |
327 |
> |
328 |
> Stopped service: |
329 |
> |
330 |
> |
331 |
> 48 16:13:52.022 02/11/2009 Sev=Info/4 CVPND/0x4340001F |
332 |
> |
333 |
> Privilege Separation: restoring MTU on primary interface. |
334 |
> |
335 |
> PC/SC device scanner |
336 |
> V 1.4.11 (c) 2001-2007, Ludovic Rousseau <ludovic.rousseau@××××.fr> |
337 |
> Compiled with PC/SC lite version: 1.4.4 |
338 |
> Scanning present readers |
339 |
> 0: AseIIIeUSB 00 00 |
340 |
> |
341 |
> Wed Feb 11 16:01:02 2009 |
342 |
> Reader 0: AseIIIeUSB 00 00 |
343 |
> Card state: Card inserted, |
344 |
> ATR: 3B D6 18 00 81 B1 80 7D 1F 03 80 51 00 61 10 30 8F |
345 |
> |
346 |
> ATR: 3B D6 18 00 81 B1 80 7D 1F 03 80 51 00 61 10 30 8F |
347 |
> + TS = 3B --> Direct Convention |
348 |
> + T0 = D6, Y(1): 1101, K: 6 (historical bytes) |
349 |
> TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU (115200 bits/s at 3.57 MHz) |
350 |
> TC(1) = 00 --> Extra guard time: 0 |
351 |
> TD(1) = 81 --> Y(i+1) = 1000, Protocol T = 1 |
352 |
> ----- |
353 |
> TD(2) = B1 --> Y(i+1) = 1011, Protocol T = 1 |
354 |
> ----- |
355 |
> TA(3) = 80 --> IFSC: 128 |
356 |
> TB(3) = 7D --> Block Waiting Integer: 7 - Character Waiting Integer: 13 |
357 |
> TD(3) = 1F --> Y(i+1) = 0001, Protocol T = 15 - Global interface bytes following |
358 |
> ----- |
359 |
> TA(4) = 03 --> Clock stop: not supported - Class accepted by the card: (3G) A 5V B 3V |
360 |
> + Historical bytes: 80 51 00 61 10 30 |
361 |
> Category indicator byte: 80 (compact TLV data object) |
362 |
> Tag: 5, len: 1 (card issuer's data) |
363 |
> Card issuer data: 00 |
364 |
> Tag: 6, len: 1 (pre-issuing data) |
365 |
> Data: 10 |
366 |
> Tag: 3, len: 0 (card service data byte) |
367 |
> Error in the ATR: expecting 1 byte and got 0 |
368 |
> + TCK = 8F (correct checksum) |
369 |
> |
370 |
> Possibly identified card (using /usr/share/pcsc/smartcard_list.txt): |
371 |
> 3B D6 18 00 81 B1 80 7D 1F 03 80 51 00 61 10 30 8F |
372 |
> ASECard Crypto, http://www.athena-scs.com/product.asp?pid=8 |
373 |
> |
374 |
> |