Destination net unreachable

I tried on Windows 11 and on macOS Ventura with client 1.4.0. I’m able to authenticate fine on both and FerrumGate client is green but I can’t ping or resolve any dns.

I get Destination net unreachable when I ping or

I tried the example of Google DNS but it doesn’t seem to work.

I also tried unchecking Certificate check because I saw that it couldn’t verify the first certificate in the FerrumGate client log

[error] unable to verify the first certificate

After removing the checkmark I don’t see this error but now I see an error 400 after device posture is
[error] Request failed with status code 400

Am I missing something?

I even tried adding a Device Posture that check for the minimum client version but that doesn’t seem to remove the error 400

please remove Device posture check first.
remove client certificate verify

then add
authentication policy for network connection

for dns resolving or other service access
add authorization rule

lets check if works?

if error occurs, on server you can follow error codes.

docker ps | grep rest | cut -d’ ’ -f1 | xargs docker logs -f

I just tried deploying a brand new server at a different location (I was testing with Debian 11 on an AWS EC2 instance) and I get same result. Now I tested on an Hyper-V server. Other than port 80, 443 and 9999 do I need to open any other port remotely?

The icon of Ferrumgate client is always green but no network is showing up in the status. When I check if a tunnel is connected in the dashboard it always reporting no tunnel connected. I do see active sessions but no tunnel.

Also I get same result of info device posture is and an error 400 right after the report of the information sent from the computer :
[2023-05-18 14:15:54.937] [error] Request failed with status code 400
[2023-05-18 14:15:57.166] [info] executing command at worker
[2023-05-18 14:15:57.167] [info] sync network status 2023-05-18T18:15:57.166Z
[2023-05-18 14:15:57.168] [info] sync network status []

I tried entering what you sent me but it doesn’t seem to like the cut command :

cut: the delimiter must be a single character
Try ‘cut --help’ for more information.
“docker logs” requires exactly 1 argument.
See ‘docker logs --help’.

opened ports must be 80 443 and 9999.
I think problem is about policy rules.
please send policy authentication and policy authorization

for accessing a network,
give permission by authentication rules

for accessing services
give permission by authorization rules

My account is part of the IT group

Please reboot server.
ferrumgate --stop
ferrumgate --start

and when testing on server terminal
please follow logs

docker ps | grep rest | cut -d" " -f1 | xargs docker logs -f

[2023-05-18T19:39:21.640] [WARN] default - captcha settings is empty, please fill it

[2023-05-18T19:39:21.641] [INFO] default - getAccessToken eyJhbG

[2023-05-18T19:39:21.644] [INFO] default - save current user device posture

[2023-05-18T19:39:21.645] [ERROR] default - ErrKeyLengthSmall->Error: length is invalid

at InputService.checkStringLength (/usr/src/app/build/src/service/inputService.js:141:19)

at /usr/src/app/build/src/api/userApi.js:219:24

at process.processTicksAndRejections (node:internal/process/task_queues:95:5)

please type on terminal
send id field value

cat “/Users/YOUR_USER/Library/Application Support/ferrumgate/ferrum.json”

This is the id I get :

Its length must be 16, I fixed the client.
please download and reinstall again.

I seem to go further but the connection get closed right after authentication is successful :

[2023-05-19 10:43:19.941] [info] getting networks
[2023-05-19 10:43:19.968] [info] network: {“items”:[{“id”:“NyTW4tsik69eQaxW”,“name”:“default”,“action”:“allow”,“sshHost”:""}]}
[2023-05-19 10:43:19.968] [error] no tunnel created for default starting new one
[2023-05-19 10:43:19.968] [info] current arch is arm64
[2023-05-19 10:43:19.969] [info] starting new tunnel “/Applications/” -N -F “/Applications/” -w any -o “StrictHostKeyChecking no” -o “UserKnownHostsFile /dev/null” ferrum@ztna.
.com -p9999
[2023-05-19 10:43:19.969] [info] executing process command
[2023-05-19 10:43:19.975] [info] worker disconnected
[2023-05-19 10:43:19.978] [info] ipc server closed

(I removed the URL on purpose)

On Windows I get a different message :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v SearchList\nERROR: The system was unable to find the specified registry key or value.\r\n",“assignedIp”:“”,“serviceNetwork”:“”,“resolvIp”:“”,“resolvSearch”:“”,“tun”:“ferrumTnssYx”,“isMasterResolv”:false,“resolvTunDomains”:[]}}]

I think there is a problem about sshHost ,
it looks like ferrum@ztna. .com . please check sshHost from Network section

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v SearchList\n
did you add device posture check?

on windows command line or powershell
please type
reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v SearchList

ERROR: The system was unable to find the specified registry key or value.

On my Mac I just tried connecting via ssh on port 9999 directly and I can confirm the port is open and answer but when Ferrumgate client connect I always get same error. I tried creating a new network (I deleted the default one) and redid the permissions but same result :

[2023-05-19 13:16:52.521] [error] no tunnel created for aws starting new one
[2023-05-19 13:16:52.521] [info] current arch is arm64
[2023-05-19 13:16:52.521] [info] starting new tunnel “/Applications/” -N -F “/Applications/” -w any -o “StrictHostKeyChecking no” -o “UserKnownHostsFile /dev/null” -p9999
[2023-05-19 13:16:52.521] [info] executing process command
[2023-05-19 13:16:52.527] [info] worker disconnected
[2023-05-19 13:16:52.529] [info] ipc server closed

(I replaced my real domain with mydomain)

please type on macos terminal
“/Applications/” -N -F “/Applications/” -w any -o “StrictHostKeyChecking no” -o “UserKnownHostsFile /dev/null” -p9999