Wireguard access devices on client side - wireguard

I am having some issues with wireguard setup. The logic that I want to achieve is that I will be able to connect from Client 1 (laptop) to Client 2 (opensense) subnet 10.88.1.1/24.
For the moment all is OK from Client to Server but no ping or any other access between the Clients.
Current setup is
Main wireguard server (ubuntu server) IP eg. 5.123.456.678
[Interface]
Address = 203.0.113.5/24
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
FwMark = 0xca6c
PrivateKey = XXXXXXXXXXXXXXXXXXXXXXX
[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 203.0.113.13/32
Endpoint = 89.xxx.xxx.xxx:33943
[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 203.0.113.15/32
Endpoint = 46.xxx.xxx.xxx:4109
Client 1 (laptop)
[Interface]
PrivateKey = XXXXXXXXXXXXXXXXXXXXXXX
Address = 203.0.113.15/24
ListenPort = 51820
[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 203.0.113.5/32
Endpoint = 5.123.456.678:51820
PersistentKeepalive = 5
Client 2 (opensense) with subnet 10.88.1.1.
interface: wg0
public key: XXXXXXXXXXXXXXXXXXXXXXX
private key: (hidden)
listening port: 51820
peer: XXXXXXXXXXXXXXXXXXXXXXX
endpoint: 5.123.456.678:51820
allowed ips: 203.0.113.0/24

I have done some more testing and the the logic is that you need to add
subnet or individual IP to the setting in my case setting now looks like this
Server
[Interface]
Address = 203.0.113.5/24
SaveConfig = true
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 51820
FwMark = 0xca6c
PrivateKey = XXXXXXXXXXXXXXXXXXXXXXX
[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 203.0.113.13/32, 10.88.1.0/24
Endpoint = 89.xxx.xxx.xxx:33943
[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 203.0.113.15/32, 10.88.1.0/24
Endpoint = 46.xxx.xxx.xxx:4109
Client 1 (laptop)
[Interface]
PrivateKey = XXXXXXXXXXXXXXXXXXXXXXX
Address = 203.0.113.15/24
ListenPort = 51820
[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXXXXXX
AllowedIPs = 203.0.113.0/24,10.88.1.0/24
Endpoint = 5.123.456.678:51820
PersistentKeepalive = 5
Client 2 (opensense) with subnet 10.88.1.1.
interface: wg0
public key: XXXXXXXXXXXXXXXXXXXXXXX
private key: (hidden)
listening port: 51820
peer: XXXXXXXXXXXXXXXXXXXXXXX
endpoint: 5.123.456.678:51820
allowed ips: 203.0.113.0/24,10.88.1.0/24

Related

Can't access subnet on Android with Wireguard

I have Wireguard standalone server. Hetzner/Ubutnu 20.
Camera and computers lives at home under router with ip's 192.168.0.x
Wireguard has ip's 192.168.88.x
I can access camera from any browser(chrome/firefox) on Ubuntu with enabled Wirguard.
But i can't on Android(chrome/firefox) when Wireguard enabled.
Please help me to fix it.
Android conf:
[Interface]
Address = 192.168.88.4/24
DNS = 8.8.8.8
PrivateKey = *
[Peer]
AllowedIPs = 0.0.0.0/0
Endpoint = 95.x.x.x:50000
PersistentKeepalive = 25
PublicKey = *
Server conf:
Address = 192.168.88.1/24
SaveConfig = false
PostUp = iptables -A FORWARD -i %i -j ACCEPT
PostUp = iptables -A FORWARD -o %i -j ACCEPT
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostUp = ip6tables -A FORWARD -i %i -j ACCEPT
PostUp = ip6tables -A FORWARD -o %i -j ACCEPT
PostUp = ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT
PostDown = iptables -D FORWARD -o %i -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
PostDown = ip6tables -D FORWARD -i %i -j ACCEPT
PostDown = ip6tables -D FORWARD -o %i -j ACCEPT
PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
ListenPort = 50000
FwMark = 0xca6c
PrivateKey = *
[Peer]
PublicKey = *
AllowedIPs = 192.168.88.4/32
Endpoint = *
Best regards, Viktor.
I added this on Android conf and it's work:
AllowedIPs = 0.0.0.0/1, 128.0.0.0/2, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.168.1.0/24, 192.168.2.0/23, 192.168.4.0/22, 192.168.8.0/21, 192.168.16.0/20, 192.168.32.0/19, 192.168.64.0/18, 192.168.128.0/17, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/3
But why routing on Linux works with Allowed 0.0.0.0/0 but does not on Android?

how to Iterate an Array List inside 2 bash loops

I have 2 arrays in bash.
Array number 1 is the vlan subnet without the last octet.
Array number 2 is a list of octets i want to ignore, while scanning the subnet with Nmap.
lets assume every subnet has 254 pingable ip's (class c subnet)
I want the script to scan each subnet, and exclude ip's that ends with 1,2,3,252,253,254 which are Usually routers / firewalls / switches.
I manages to run 2 iterations, but failed on the if [[ $host == $host."${ignore[#]" ]] to identify the relevant ip (sunbet + ignore string)
Would really appreciate your help.
#!/bin/bash
# lets assume each subnet has 254 ips and all ignore ip's like 10.6.114.1 10.6.115.1 and 10.5.120.1
declare -a vlans=(
10.6.114
10.6.115
10.5.120
)
declare -a ignore=(
1
2
3
252
253
254
)
for vlan in "${vlans[#]}"; do
nmap -sn "$vlan" | grep Nmap | awk "{print $5}" | sed -n '1!p' | sed -e "$d" | sort > /tmp/vlan_ips.txt
readarray -t hosts < /tmp/vlan_ips.txt
for host in "${hosts[#]}"; do
check=$(echo "$host" | cut -d"." -f1-3)
if [ $host == $check."${ignore[#]}" ]; then
echo 'skipping record'
fi
done
done
This might work for you:
for vlan in "${vlans[#]}"; do
for ign in "${ignore[#]}"; do
printf '%s.%s\n' "$vlan" "$ign"
done >/tmp/ignore
nmap -n -sn "$vlan.0/24" -oG - 2>/dev/null |
grep -vwFf /tmp/ignore |
awk '/Host:/{print $2}' |
while read -r host; do
echo "$host"
done
done

Generating YAML by parsing systemd-resolve output

I am trying to create 2 arrays with bash.
array1 called DNSSERVERS : with all DNS Servers; output should be like this: 1.1.1.1,2.2.2.2,3.3.3.3,4.4.4.4
and
array2 called DNSSERVERSSEARCH.with all DNS Domain; output should be like this: local.domain.net,domain.net
all this information comes from: systemd-resolve --status.
Then I would like to put this array to a bash script called: bounding-netplan.sh
And the things is that today we have 4 DNS Server and 2 DNS domain.
but tomorrow it could be 1 DNS Server and 4 DNS Domain. The script must be flexible.
I tried to set with awk. but without success.
anyone can help me on this. will be very appreciated.
Thank you very much in advance.
# systemd-resolve --status
Global
DNS Servers: 1.1.1.1
2.2.2.2
3.3.3.3
4.4.4.4
DNS Domain: local.domain.net
domain.net
DNSSEC NTA: 10.in-addr.arpa
16.172.in-addr.arpa
168.192.in-addr.arpa
17.172.in-addr.arpa
18.172.in-addr.arpa
19.172.in-addr.arpa
20.172.in-addr.arpa
21.172.in-addr.arpa
22.172.in-addr.arpa
23.172.in-addr.arpa
24.172.in-addr.arpa
25.172.in-addr.arpa
26.172.in-addr.arpa
27.172.in-addr.arpa
28.172.in-addr.arpa
29.172.in-addr.arpa
30.172.in-addr.arpa
31.172.in-addr.arpa
corp
home
internal
intranet
lan
local
private
test
cat bounding-netplan.sh
#!/bin/bash
MAJORRELEASE=$( lsb_release -sr | cut -d\. -f1 )
STROS=$( lsb_release -si )
# Ubuntu 18.04
if [ $STROS == Ubuntu ] && [ $MAJORRELEASE -ge 18 ] ; then
if [ -d /etc/netplan ]; then
DNSSERVERS=``
DNSSERVERSSEARCH=``
cat <<EOF | tee /etc/netplan/01-netcfg.yaml
network:
version: 2
renderer: networkd
ethernets:
switchports:
match: {name: "enp*"}
bonds:
bond0:
interfaces: [switchports]
addresses: [${IP}]
gateway4: ${ROUTE}
nameservers:
search: [${DNSSERVERSSEARCH}]
addresses: [${DNSSERVERS}]
EOF
fi
fi
I think found a way here:
$ systemd-resolve --status | sed -e 's#[\t ]##g' | awk -F\: 'BEGIN{section=""}{if($2!=""){section=$1; print $1" "$2}else {print section" "$1}}' | awk '{if($1=="DNSServers") print $2}' | sort -u | tr '\n' ',' | sed -e 's#,$##'
1.1.1.1,2.2.2.2,3.3.3.3,4.4.4.4
The former only work when it's only IPv4, this work for both IPv4 and IPv6:
$ systemd-resolve --status | sed -e 's/: /=/' | sed -e 's#[\t ]##g' | awk -F= 'BEGIN{section=""}{if($2!=""){section=$1; print $1" "$2}else {print section" "$1}}' | awk '{if($1=="DNSServers") print $2}' | sort -u | tr '\n' ',' | sed -e 's#,$##'
8.8.4.4,8.8.8.8,fd80::7a98:e8ff:fe46:4328,fe80::1

when use isql,i got this: [IM002][unixODBC][Driver Manager]Data source name not found, and no default driver specified

when i type fllow command: isql dsnOracle -v
i got :
[IM002][unixODBC][Driver Manager]Data source name not found, and no default driver specified
[ISQL]ERROR: Could not SQLConnect
my config file:
[root#localhost lib]# cat /etc/odbc.ini
[dsnOracle]
Description = data source to oracle
Driver = Oracle
Servername = PARA_ORACLE
port = 1521
[root#localhost lib]# cat /etc/odbcinst.ini
[Oracle]
Description = ODBC for Oracle 
Driver  = /usr/lib/libsqora.so.11.1
[root#localhost lib]# cat $TNS_ADMIN/tnsnames.ora
PARA_ORACLE =
(DESCRIPTION =
(ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 172.100.2.13)(PORT = 1521)) )
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = orcl)
)
)
[root#localhost lib]# rpm -qa |grep oracle
oracle-instantclient11.2-odbc-11.2.0.1.0-1.x86_64
oracle-instantclient11.2-basic-11.2.0.1.0-1.x86_64
[root#localhost lib]# rpm -qa |grep ODBC
unixODBC-2.2.14-12.el6_3.x86_64
i have try for a long time ,but i always get :data source name not found .
(it's there any relation with x86 or x64?).
any suggestion is fine for me.
finally i change my /etc/odbc.ini like this and it works.
[dsnOracle]
Application Attributes=T
Attributes=W
BatchAutocommitMode=IfAllSuccessful
BindAsFLOAT=F
CloseCursor=F
DisableDPM=F
DisableMTS=T
Driver=Oracle
DSN=OracleODBC-11g
EXECSchemaOpt=
EXECSyntax=T
Failover=T
FailoverDelay=10
FailoverRetryCount=10
FetchBufferSize=64000
ForceWCHAR=F
Lobs=T
Longs=T
MaxLargeData=0
MetadataIdDefault=F
QueryTimeout=T
ResultSets=T
SQLGetData extensions=F
Translation DLL=
Translation Option=0
DisableRULEHint=T
StatementCache=F
CacheBufferSize=20
UseOCIDescribeAny=F
UserID=userid
ServerName=PARA_ORACLE
Password=password

Retrying with different port number

I have a program that will ping an IP address, then log the IP to a file if it pings successfully:
Invalid IP: 128.201.166.30
Proxy created: 66.25.173.128:80
Invalid IP: 225.195.111.59
Invalid IP: 249.133.221.70
Invalid IP: 40.21.11.99
Invalid IP: 201.27.136.108
Invalid IP: 152.77.109.45
Invalid IP: 120.76.159.122
Invalid IP: 108.244.67.42
Invalid IP: 73.231.16.193
Proxy created: 146.134.102.95:3128
Invalid IP: 133.216.1.59
Proxy created: 118.75.196.75:3128
Now what I would like to do is have the "good" IP address use each port in the following array: port = %w(80 3128 8080 8090 8888 8898 9999), for example:
Proxy created: 66.25.173.128:80
Proxy created: 66.25.173.128:3128
Proxy created: 66.25.173.128:8080
Proxy created: 66.25.173.128:8090
Proxy created: 66.25.173.128:8888
Proxy created: 66.25.173.128:8898
Proxy created: 66.25.173.128:9999
#Creates an IP with a port extension with each port number
I think I have a general idea on how I could do this:
File.open("example.txt", "a+"){
|s| s.puts("#{ip}:#{port[0]}",
"#{ip}:#{port[1]}",
"#{ip}:#{port[2]}"
#etc...
)}
I'm not entirely sure if that would work the way I'm expecting it to though, and even if it does, I'm 100% sure there's a better way to do, any help with this would be greatly appreciated, thank you.
Source:
require 'colored'
require 'timeout'
def create_possibles
port = %w(80 3128 8080 8090 8888 8898 9999).each do |port|
10.times do
ip = Array.new(4){rand(256)}.join('.')
Timeout::timeout(5) do
ping = `ping -n 1 #{ip}`
if ping =~ /Received = 1/
proxy = "#{ip}:#{port}"
puts "Proxy created: #{proxy}".green.bold
File.open("proxies.txt", "a+") {|s| s.puts(proxy)}
else
puts "Invalid IP: #{ip}".red.bold
next
end
end
end
end
end
create_possibles
EDIT:
I attempted my general idea of how to do this:
require 'colored'
require 'timeout'
def create_possibles
w%(80 3128 8080 8090 8888 8898 9999).each do |port|
1.times do
ip = Array.new(4){rand(256)}.join('.')
Timeout::timeout(5) do
ping = `ping -n 1 #{ip}`
if ping =~ /Received = 1/
# proxy = "#{ip}:#{port}"
puts "[SUCCESS]Proxy created for IP: #{ip}".green.bold
File.open("proxies.txt", "a+") {|s| s.puts("#{ip}:#{port[0]}",
"#{ip}:#{port[1]}",
"#{ip}:#{port[2]}",
"#{ip}:#{port[3]}",
"#{ip}:#{port[4]}",
"#{ip}:#{port[5]}",
"#{ip}:#{port[6]}",
"#{ip}:#{port[7]}")}
else
puts "[ERROR]IP failed to ping: #{ip}".red.bold
next
end
end
end
end
end
create_possibles
When run:
[ERROR]IP failed to ping: 185.105.73.104
[ERROR]IP failed to ping: 93.182.117.11
[ERROR]IP failed to ping: 112.210.73.187
[ERROR]IP failed to ping: 111.109.127.178
[SUCCESS]Proxy created for IP: 201.153.205.131
[ERROR]IP failed to ping: 128.236.57.123
[ERROR]IP failed to ping: 248.84.17.31
It ends up outputting information that looks like this:
201.153.205.131:0
201.153.205.131:0
201.153.205.131:0
201.153.205.131:1
201.153.205.131:1
201.153.205.131:1
201.153.205.131:0
201.153.205.131:1
I figured it out! The problem had to do with the .each do |ports|;
If I take that out like this:
require 'colored'
require 'timeout'
def create_possibles
ports = %w(80 3128 8080 8090 8888 8898 9999)
5.times do
ip = Array.new(4){rand(256)}.join('.')
Timeout::timeout(5) do
ping = `ping -n 1 #{ip}`
if ping =~ /Received = 1/
# proxy = "#{ip}:#{port}"
puts "[SUCCESS]Proxy created for IP: #{ip}".green.bold
File.open("proxies.txt", "a+") {|s| s.puts("#{ip}:#{ports[0]}",
"#{ip}:#{ports[1]}",
"#{ip}:#{ports[2]}",
"#{ip}:#{ports[3]}",
"#{ip}:#{ports[4]}",
"#{ip}:#{ports[5]}",
"#{ip}:#{ports[6]}")}
else
puts "[ERROR]IP failed to ping: #{ip}".red.bold
next
end
end
end
end
create_possibles
Then run it as is, it will output:
[ERROR]IP failed to ping: 111.20.77.200
[SUCCESS]Proxy created for IP: 217.252.149.35
[ERROR]IP failed to ping: 49.214.128.47
[ERROR]IP failed to ping: 116.101.28.115
[ERROR]IP failed to ping: 75.49.120.242
And will log:
217.252.149.35:80
217.252.149.35:3128
217.252.149.35:8080
217.252.149.35:8090
217.252.149.35:8888
217.252.149.35:8898
217.252.149.35:9999

Resources