Hi, I have installed the ferrumgate with help of Install - FerrumGate in our AWS EC2 instance, once installation finished, I found the server went inaccessible via private IP e.g. (172.31.1.10). Only accessible via Public IP.
I did try two times on fresh machine and same problem. Can you pls help what is the issue and how to make it accessible.
Secondly, I would like setup access using this zero trust policy to SSH other AWS E2 instance and databases. thats also not working.
Hi, let’s solve first access problem.
on ferrumgate server, please type netstat -tuplen
this command will show listening ports.
you will show
0.0.0.0:443
::443
0.0.0.0:80
::80
please check them, if ports are listening
If ports are listening,
type on ferrumgate server
curl localhost:80
you will see Found, Redirecting.
if these tests work,
then check your machine firewall etc on aws. also check from other machines if ping works
After solving these problem, I will help to define services.
Also, as I mentioned before installation, I am able to SSH this server from private IP. and I can see 0 0.0.0.0:22 is LISTEN. But don’t know why not able to SSH in private network.
I am fine with even if server is accessiable from public IP.
As my main problem is not able to connect any other resources using VPN [FerrumGate] connect. even not able to ping default DNS IP 172.28.28.1 after connection.
After connecting, client color becomes yellown then green
also please send client logs(there could be some sensitivi data like hostname of ztna). and client status screen
you can delete log files
{“tryCount”:0,“lastTryTime”:1719569500177,“isWorking”:false,“pingErrorCount”:0,“pingTimes”:[],“dnsTimes”:[],“dnsErrorCount”:0,“protocol”:“auto”,“lastError”:“Closed”}}]
[2024-06-28 15:41:55.663] [error] no tunnel created for admin starting new one
[2024-06-28 15:41:56.065] [info] killing process tunnel
[2024-06-28 15:41:56.068] [info] forcing to kill 12068
[2024-06-28 15:41:56.073] [info] process exited
[2024-06-28 15:41:56.267] [error] Command failed: taskkill.exe /F /PID 12068
ERROR: The process “12068” not found.
[2024-06-28 15:41:56.350] [info] executing process command quic
[2024-06-28 15:41:56.354] [info] executing process command “C:\Program Files\FerrumGate\app-1.9.0\resources\app\service\win32\quic_ferrum.exe” --insecure --loglevel info --host yourhost.com:9999
[2024-06-28 15:41:56.359] [info] process started with pid: 23316
[2024-06-28 15:41:56.411] [info] version: 1.1.0
[2024-06-28 15:41:56.531] [info] ferrum_pid:23316
[2024-06-28 15:41:56.536] [info] e[2m2024-06-28T10:11:56.531775Ze[0m e[32m INFOe[0m e[2mcliente[0me[2m:e[0m connecting to [2606:4700:8de9:28c7:3264:0:fa7e:e31a]:9999
your host resolves to ipv6. it is not working. please use ipv4
Yes dns resoultion should be ipv4, don’t resolve ipv6 address, then your client should work. AWS normaly gives ipv4 address, you should use it,we did not test IPV6 yet, make server address ipv4, it should work
I checked your ip,
443 port is accessible.
but 9999 is not accessible,
check get info from 443
nc yourip 443
get /
HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Sat, 29 Jun 2024 07:22:33 GMT
Content-Type: text/html
Content-Length: 155
Connection: close
CF-RAY: -
400 Bad Request
400 Bad Request
cloudflare
as you see, server is cloudflare, probably this ip is behind of cloudflare
please check it
and do you have any endpoint program? → You mean Antivirus program? We have Bitdenfender Endpoint Security. I have checked, there is no blockage on this AV side.
Okay, as suggested… Now I tried in Ubuntu Desktop machine.
Now successfully connected and able to ping Service Assigned IP. But not able to connect SSH/telnet service I have created.
