I have wireguard setup on a machine (call it MachineA, with the IP 10.42.0.19). I have my laptop configured with the IP 10.42.0.15, call it LaptopB. I am able to SSH into MachineA from the LaptopB when I connect both peers using ssh root#MachineA. Then, if I wait a while, I can no longer SSH into the MachineA from LaptopB. For example, the same command ssh root#MachineA just hangs.
Using -vvvv shows me this:
$ ssh -vvvv root#10.42.0.19
OpenSSH_8.3p1 Ubuntu-1ubuntu0.1, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /home/xrd/.ssh/config
...
debug2: ssh_connect_direct
debug1: Connecting to 10.42.0.19 [10.42.0.19] port 22.
And, it never connects.
There is a simple fix: from inside the machine, ping any other Wireguard machine on the network. MachineA is a DigitalOcean droplet. If I use the web console to login, and then ping any other peer on the network (say 10.42.0.4), then immediately after the ping starts, the SSH connection completes.
How do I troubleshoot this?
I have not restarted wireguard on either LaptopB nor MachineA. Both appear to be connected.
In my wg0.conf on both ends they are more or less like this:
[Interface]
Address = 10.42.0.19/24
PrivateKey = DontYouWishYouHadThis
DNS = 10.42.0.1,8.8.8.8
[Peer]
PublicKey = SomePublicKeyIsHere
AllowedIPs = 10.42.0.0/24
Endpoint = 33.33.33.33.:51280
Related
I have PostgreSQL running on Ubuntu Server and I want to make remote connection with PostgreSQL running on port 5432.
I've checked if I can ping the public IP of ubuntu server from my machine and that works fine.
Next I've changed two files on ubuntu server first I've changed postgresql.conf which looks as below
#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------
# - Connection Settings -
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)
Next I've added two lines in pg_hba.conf as below
host all all 0.0.0.0/0 trust
host all all ::/0 trust
Finally I checked if firewall is running by running sudo ufw verbose which outputted inactive.
As per my understanding I've allowed PostgreSQL to accept remote connection and firewall is also not present hence nothing is blocking. Still I get the following error.
psycopg2.OperationalError: connection to server at "XXX.XXX.XXX.XXX", port 5432 failed: Connection timed out (0x0000274C/10060)
Is the server running on that host and accepting TCP/IP connections?
How can I fix this error?
Edit
Although I can ping and ssh to the Ubuntu server using public IP but can not telnet.
I checked if port 5432 is open using this link but it turned out to be closed.
i'm facing the following problem.
I've got a PostgreSQL database on a remote server. In order to access it, i need to pass through a SSH Tunnel.
So, the steps of my test are:
create the tunneling
Connect to the db
perform query / queries
I'm able to create the tunnel by using SSHLibrary, and it works:
SSHLibrary.Open Connection 10.xxx.xxx.xx
SSHLibrary.Login MySSH_User MySSH_Password delay=1
SSHLibrary.Create Local SSH Tunnel 9191 ${IP_DATABASE} 22
So i go on by using DatabaseLibrary to perform the connection (and i've checked all the fields are right):
DatabaseLibrary.Connect To Database psycopg2 ${DB_NAME} ${USER_DB} ${PASSWORD_DB} ${IP_DATABASE} ${PORT_DB}
but i get the following error:
OperationalError: could not connect to server: Connection timed out (0x0000274C/10060)
Is the server running on host "10.xxx.xxx.xx" and accepting
TCP/IP connections on port 5432?
How can i solve it? I think i need to specify in some way that the database connection must be done by using the tunnel but i don't know how to do it.
Here's the complete test code:
*** Settings ***
Library DatabaseLibrary
Library SSHLibrary
*** Variables ***
${IP_DATABASE} 10.xxx.xxx.xx
${PORT_DB} 5432
${DB_NAME} MyNameDB
${SCHEMA_DATABASE} MySchemaDB
${USER_DB} MyUserDB
${PASSWORD_DB} MyPasswordDB
*** Keywords ***
*** Test Cases ***
Connect To DB Via SSH
SSHLibrary.Open Connection 10.xxx.xxx.xx
SSHLibrary.Login MySSH_User MySSH_Password delay=1
SSHLibrary.Create Local SSH Tunnel 9191 ${IP_DATABASE} 22
Sleep 2s
DatabaseLibrary.Connect To Database psycopg2 ${DB_NAME} ${USER_DB} ${PASSWORD_DB} ${IP_DATABASE} ${PORT_DB}
I would like to do it by using RF, Anyone can help?
Thank's a lot
Ssh tunnels should work in a way that that you establish SSH connection to another host and expose a PORT in localhost that will then tunnel a traffic from that port in localhost to a IP/PORT in the end point of the tunnel ..
So, lets say you have a host at 192.168.100.10 where your robotframework is running and it needs to connect to a database in 192.168.50.100:
If the postgres is accessible via ssh directly:
Connect To DB Via SSH
${IP_DATABASE}= 192.168.50.100
${DB_PORT}= 5432
SSHLibrary.Open Connection ${IP_DATABASE}
SSHLibrary.Login MySSH_User MySSH_Password delay=1
SSHLibrary.Create Local SSH Tunnel ${DB_PORT} ${IP_DATABASE} ${DB_PORT}
DatabaseLibrary.Connect To Database psycopg2 ${DB_NAME} ${USER_DB} ${PASSWORD_DB} 127.0.0.1 ${PORT_DB}
Now, if you have to use ssh jump host, eg, connect to a ssh server that will then connect to another server where postgres is running, all you need to do is change the tunnel ip address where the traffic will be forward to:
Connect To DB Via SSH
${IP_DATABASE}= 192.168.50.100
${IP_SSH_JUMPHOST}= 192.168.50.1
${DB_PORT}= 5432
SSHLibrary.Open Connection ${IP_JUMPHOST}
SSHLibrary.Login MySSH_User MySSH_Password delay=1
SSHLibrary.Create Local SSH Tunnel ${DB_PORT} ${IP_DATABASE} ${DB_PORT}
DatabaseLibrary.Connect To Database psycopg2 ${DB_NAME} ${USER_DB} ${PASSWORD_DB} 127.0.0.1 ${PORT_DB}
I have created a VM with virtual box that runs windows 10, and installed SQL Server.
Using Consume Adapter Service in Visual Studio for BizTalk 2020
Configured: SQLBinding AS: mssql://DESKTOP-T2G7B3A/MSSQL15.MSSQLSERVER/AFBizTalkTest?InboundId=ID
Click Connect:
Failure 26 - Error Locating Server/Instance Specified
Items tried or checked:
Ran PortQry on Virtual Box:
Starting portqry.exe -n 10.0.2.15 -e 1433 -p TCP ...
Querying target system called:
10.0.2.15
Attempting to resolve IP address to a name...
IP address resolved to DESKTOP-T2G7B3A
querying...
TCP port 1433 (ms-sql-s service): LISTENING
portqry.exe -n 10.0.2.15 -e 1433 -p TCP exits with return code 0x00000000.
1A. Ran PortQry On Host
Starting portqry.exe -n 10.0.2.15 -e 1433 -p TCP ...
Querying target system called:
10.0.2.15
Attempting to resolve IP address to a name...
Failed to resolve IP address to name
querying...
TCP port 1433 (ms-sql-s service): FILTERED
portqry.exe -n 10.0.2.15 -e 1433 -p TCP exits with return code 0x00000002.
1B. Verified the IP address on Virtual Box is 10.0.2.15. Failed to ping on Host, Successful ping on Virtual Box.
TCP/IP Enabled in SQL Server instance.
Changed Server name to ip address - Error Locating Server/Instance Specified
Verified SQL Server Browser is running.
Verified Server Name from Error Log.
On Centos7, following nrpe plugin install steps, when testing the connection between the Nagios server and the remote agent, I got this error...
/usr/local/nagios/libexec/check_nrpe -H 192.168.50.5
CHECK_NRPE: Error - Could not connect to 192.168.50.5: Connection reset by peer
In /etc/xinetd.d/nrpe, I added the Nagios server's IP address to the only_from field.
# default: off
# description: NRPE (Nagios Remote Plugin Executor)
service nrpe
{
disable = no
socket_type = stream
port = 5666
wait = no
user = nagios
group = nagios
server = /usr/local/nagios/bin/nrpe
server_args = -c /usr/local/nagios/etc/nrpe.cfg --inetd
only_from = 127.0.0.1 ::1 {server_IP}
log_on_success =
}
I then restarted the xinetd service; however, upon checking the service status this error log message appeared...
Aug 09 09:32:21 localhost.localdomain xinetd[1448]: bind failed (Address already in use (errno = 98)). service = nrpe
Aug 09 09:32:21 localhost.localdomain xinetd[1448]: Service nrpe failed to start and is deactivated.
The solution was to not only to include the server IP in /etc/xinetd.d/nrpe, but also to stop the nrpe service before restarting the xinetd service.
systemctl stop nrpe
systemctl restart xinetd
It seems restarting xinetd on its own failed to load the nrpe service because it the ports conflicted with the existing nrpe service.
I have an apache2/httpd install on centos fronting a tomcat instance and I want it to trust all client certificates.
How should I go about it?
There is no such thing as 'SSL Passthrough' with Apache since Apache needs to handle the SSL negotiation. Things I may think of are
Do not use Apache but perform TCP forwarding, using a NAT rule for instance (/sbin/iptables -I PREROUTING -t nat -p tcp -d test.server.ip --dport 443 -j DNAT --to :8443). If you have two IP addresses assigned to the machine, your NAT rule can redirect based on the destination IP.
You could configure a virtual host in Apache dedicated to test where you set SSLVerifyClientto none. This Virtual Host has a reverse proxy rule mapping directly to the non SSL http port of your Tomcat instance, or maps to the HTTP/S port and then you set the SSLProxyMachineCertificateFile with certs that Apache can present to authenticate to Tomcat