-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IPs are not getting assigned #21
Comments
A couple things I'd check to troubleshoot:
Paste your results here and this should give us an idea of whats wrong. Hope this helps! |
Thank you for replying back. Here are the results: (1) |
from a quick glance everything seems to be correct. This leads me to think there is some general networking failure somewhere. I'd revisit the networking setup and make sure the control server is setup correctly. Specifically these commands (do not blindly rerun install.sh):
If the above checks out ok, I'd start gather more basic networking info. |
I ran those commands and It's working now. Any idea what was happening? |
Ya I have one idea. Some of those commands don't persist a reboot. Did you happen to reboot the control server after running |
Yes, I think I did. Anyways, thank you for solving this issue. |
Thanks for tshooting! I'm going to add this bug as an issue and update the wiki. |
Hey, I know this issue is closed, but I am still running into problems.
Forwarding is enabled $sudo sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1 A rule for policy-based routing for traffic from the VPN connection exists: $ip rule list
0: from all lookup local
32765: from 10.10.10.0/24 lookup loadb
32766: from all lookup main
32767: from all lookup default Masquerading is enabled.
When checking the exit IPs from my box while connected to the control-server via VPN
So I only see two exit IPs where there should be five. Could you please help me diagnose this. |
In the end reviewing the scripts in setup turned up a solution. The file # use L4 (src ip, src dport, dest ip, dport) hashing for load balancing instead of L3 (src ip ,dst ip)
echo 1 > /proc/sys/net/ipv4/fib_multipath_hash_policy After confirming this setting was indeed set to 0 after a fresh start of the control-server, Hope this helps others. |
Hey guys,
I followed all the steps to setup proxycannon and I am able to connect to the instance using openvpn as well. But I don't see any IPs getting assigned when I do "while true;do curl ifconfig.co;done". It is giving me "curl: (6) Could not resolve host: ifconfig.co" error. I can also see all the instances running properly on AWS.
Using Kali linux for openvpn connection
Here is my openvpn trace:
Wed Jul 17 10:48:09 2019 WARNING: file 'client01.key' is group or others accessible Wed Jul 17 10:48:09 2019 WARNING: file 'ta.key' is group or others accessible Wed Jul 17 10:48:09 2019 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 30 2018 Wed Jul 17 10:48:09 2019 library versions: OpenSSL 1.1.1c 28 May 2019, LZO 2.10 Wed Jul 17 10:48:09 2019 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication Wed Jul 17 10:48:09 2019 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication Wed Jul 17 10:48:09 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]3.13.170.173:443 Wed Jul 17 10:48:09 2019 Socket Buffers: R=[87380->87380] S=[16384->16384] Wed Jul 17 10:48:09 2019 Attempting to establish TCP connection with [AF_INET]3.13.170.173:443 [nonblock] Wed Jul 17 10:48:10 2019 TCP connection established with [AF_INET]3.13.170.173:443 Wed Jul 17 10:48:10 2019 TCP_CLIENT link local: (not bound) Wed Jul 17 10:48:10 2019 TCP_CLIENT link remote: [AF_INET]3.13.170.173:443 Wed Jul 17 10:48:10 2019 TLS: Initial packet from [AF_INET]3.13.170.173:443, sid=5aee4d31 12ce02c7 Wed Jul 17 10:48:10 2019 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=Fort-Funston CA, name=EasyRSA, emailAddress=me@myhost.mydomain Wed Jul 17 10:48:10 2019 VERIFY KU OK Wed Jul 17 10:48:10 2019 Validating certificate extended key usage Wed Jul 17 10:48:10 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Wed Jul 17 10:48:10 2019 VERIFY EKU OK Wed Jul 17 10:48:10 2019 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=MyOrganizationalUnit, CN=server, name=EasyRSA, emailAddress=me@myhost.mydomain Wed Jul 17 10:48:10 2019 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA Wed Jul 17 10:48:10 2019 [server] Peer Connection Initiated with [AF_INET]3.13.170.173:443 Wed Jul 17 10:48:11 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1) Wed Jul 17 10:48:11 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,route 10.0.0.0 255.0.0.0 net_gateway,route 172.16.0.0 255.240.0.0 net_gateway,route 192.168.0.0 255.255.0.0 net_gateway,route 10.10.10.1,topology net30,ping 10,ping-restart 120,ifconfig 10.10.10.6 10.10.10.5,peer-id 0,cipher AES-256-GCM' Wed Jul 17 10:48:11 2019 OPTIONS IMPORT: timers and/or timeouts modified Wed Jul 17 10:48:11 2019 OPTIONS IMPORT: --ifconfig/up options modified Wed Jul 17 10:48:11 2019 OPTIONS IMPORT: route options modified Wed Jul 17 10:48:11 2019 OPTIONS IMPORT: peer-id set Wed Jul 17 10:48:11 2019 OPTIONS IMPORT: adjusting link_mtu to 1626 Wed Jul 17 10:48:11 2019 OPTIONS IMPORT: data channel crypto options modified Wed Jul 17 10:48:11 2019 Data Channel: using negotiated cipher 'AES-256-GCM' Wed Jul 17 10:48:11 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Wed Jul 17 10:48:11 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Wed Jul 17 10:48:11 2019 ROUTE_GATEWAY 10.0.2.2/255.255.255.0 IFACE=eth0 HWADDR=08:00:27:a3:fd:32 Wed Jul 17 10:48:11 2019 TUN/TAP device tun0 opened Wed Jul 17 10:48:11 2019 TUN/TAP TX queue length set to 100 Wed Jul 17 10:48:11 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Wed Jul 17 10:48:11 2019 /sbin/ip link set dev tun0 up mtu 1500 Wed Jul 17 10:48:11 2019 /sbin/ip addr add dev tun0 local 10.10.10.6 peer 10.10.10.5 Wed Jul 17 10:48:11 2019 /sbin/ip route add 3.13.170.173/32 via 10.0.2.2 Wed Jul 17 10:48:11 2019 /sbin/ip route add 0.0.0.0/1 via 10.10.10.5 Wed Jul 17 10:48:11 2019 /sbin/ip route add 128.0.0.0/1 via 10.10.10.5 Wed Jul 17 10:48:11 2019 /sbin/ip route add 10.0.0.0/8 via 10.0.2.2 Wed Jul 17 10:48:11 2019 /sbin/ip route add 172.16.0.0/12 via 10.0.2.2 Wed Jul 17 10:48:11 2019 /sbin/ip route add 192.168.0.0/16 via 10.0.2.2 Wed Jul 17 10:48:11 2019 /sbin/ip route add 10.10.10.1/32 via 10.10.10.5 Wed Jul 17 10:48:11 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Wed Jul 17 10:48:11 2019 Initialization Sequence Completed
Any help would be appreciated :)
Thanks
The text was updated successfully, but these errors were encountered: