Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

客户端连接报tunnel negotiation failed 401 Unauthorized #309

Closed
he-jason opened this issue Apr 1, 2024 · 6 comments
Closed

客户端连接报tunnel negotiation failed 401 Unauthorized #309

he-jason opened this issue Apr 1, 2024 · 6 comments

Comments

@he-jason
Copy link

he-jason commented Apr 1, 2024

使用的anylink版本 ?

./anylink tool -v
管理后台也可以查看
AnyLink v0.11.4 build on go1.20.14 [linux, amd64] date:2024-04-01T14:31:40+0800 commit_id(380a8cb3fb55be6d6ab35b800715a6f7420b78fb)

使用操作系统的类型和版本?

如: centos 7.9

cat /etc/issue
cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)

使用linux 内核版本?

uname -a
Linux explore 3.10.0-1160.31.1.el7.x86_64 #1 SMP Thu Jun 10 13:32:12 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

具体遇到的问题,可上传截图

21591415686eadd77429008888d70ffd
image

连接日志

024/04/01 19:38:13 auth.go:185: [Debug] <?xml version="1.0" encoding="UTF-8"?>
<config-auth client="vpn" type="complete" aggregate-auth-version="2">
    <session-id>1711971493</session-id>
    <session-token>1711971493@5b5d187a78202dc81ee1a960b3bf6fe4fb30f727a80aa40c34699fd80d0e51cd</session-token>
    <auth id="success">
        <banner>您已接入及刻GAP网络,请按照及刻公司GAP相关规定使用。&#xA;GAP主页</banner>
        <message id="0" param1="" param2=""></message>
    </auth>
    <capabilities>
        <crypto-supported>ssl-dhe</crypto-supported>
    </capabilities>
    <config client="vpn" type="private">
        <vpn-base-config>
            <server-cert-hash>240B97A685B2BFA66AD699B90AAC49EA66495D69</server-cert-hash>
        </vpn-base-config>
        <opaque is-for="vpn-client"></opaque>
        <vpn-profile-manifest>
            <vpn rev="1.0">
                <file type="profile" service-type="user">
                    <uri>/profile_anylink.xml</uri>
                    <hash type="sha1">632a4988b0ee146fd9e43be712edecba2a385ce6</hash>
                </file>
            </vpn>
        </vpn-profile-manifest>
    </config>
</config-auth>

2024/04/01 19:38:13 auth.go:133: [Debug] SessionToken:1711971493@5b5d187a78202dc81ee1a960b3bf6fe4fb30f727a80aa40c34699fd80d0e51cd
2024/04/01 19:38:13 rpc.go:120: [Error] tunnel negotiation failed 401 Unauthorized
@itviewer

This comment has been minimized.

@he-jason he-jason changed the title affected/package: 客户端连接报tunnel negotiation failed 401 Unauthorized Apr 2, 2024
@he-jason
Copy link
Author

he-jason commented Apr 2, 2024

经反复排查,目前查到,在非容器环境下无此异常

@he-jason
Copy link
Author

he-jason commented Apr 2, 2024

以下是在客户端侧抓包反馈
image
image
看起来是服务端主动关半了连接,客户端随后重试,然后达到单个用户最大限制

@he-jason
Copy link
Author

he-jason commented Apr 2, 2024

当我用bjdgyc/anylink:latest 这个镜像作为基础镜像没有这个问题了

@he-jason
Copy link
Author

he-jason commented Apr 2, 2024

image
复盘一下:这个0.9.4和0.11.4用的底层基础镜像的区别导致的
0.9.4镜像内核:Linux 0436909890fc 3.10.0-1160.66.1.el7.x86_64 #1 SMP Wed May 18 16:02:34 UTC 2022 x86_64 Linux

0.11.4镜像内核:Linux cafe2071f0de 3.10.0-1160.31.1.el7.x86_64 #1 SMP Thu Jun 10 13:32:12 UTC 2021 x86_64 Linux

@bjdgyc
Copy link
Owner

bjdgyc commented Apr 8, 2024

请尽量使用官方编译的版本,利于排查问题。自行编译因环境问题,会有各种奇怪的问题,我也不好判断。

@bjdgyc bjdgyc closed this as completed Apr 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants