- With this version, on a single host, you can create multiple Zero Trust Virtual Networks
- Azure AD/SAML authentication support added.
- rpm package added
If I want to update version 1.8.0 to 1.9.0 can I do so with a docker pull and it will keep current settings?
This version installation is different.
You need to backup config from export.
Then you need a fresh install.
then you can upload your config again.
I suggest keep old one, and install new one, upload config to new one.
If something goes wrong, please write here.
I created a new server. Wouldn’t let me reimport the config but that’s fine I was just starting creating services on the other server. I prefer using the Azure logo too for authentication so I’m fine reconfiguring all services and rules. Working fine so far. I had an issue with version 1.8 for the Fedora client that wouldn’t connect the tunnel but with version 1.9 of the server it seems fine. Windows and Mac clients are also able to connect fine so far.
Can I have let say 2 Zero Trust Network on same server and have same user connect to both of them at the same time? If so how do I assign a Gateway to the second network? I presume I also need to use a different port to connect the second ssh tunnel?
Thanks
on host machine
ferrumgate --create-gateway
will ask for a port. enter an unused port like 9998.
ferrumgate --start-gateway $gatewayIdFromScreen
then refresh ui. you will see gateway.
bind gateway to the network.
you need to give public access to this gateway port
and when saving new network use the ssh config like below
$YOUR_HOST:9998
Thanks working fine now
1 Like
I’m not sure if it’s related to my Mac, to the client version (1.5.0 arm64) or the server itself but when I have 2 network connected at the same time (so 2 ssh tunnels) the connection is dropping often. When I only connect 1 network (so 1 ssh tunnel) at a time it seems stable. I tried both via wifi and Ethernet just to be sure it’s not related to my local network but same behaviour using wifi only, Ethernet only or having both activated at the same time.
I know when the tunnel is dropping because I’m usually connected via RDP to a server via that tunnel so when I get disconnected from RDP, DNS stop working as well but sometime it can take a few minutes before the Ferrumgate client switch to red (so figured I got disconnected)
Both tunnels connect to the same server but on a different port (9999 for the default one and 9998 for the second one)
Mart, please get client logs when connection dropped. Is this happen when connect to two networks ?.
And when connection droped please on server
get logs from ssh server with terminal
docker ps|grep secure.server.ssh|cut -d" " -f1
you will see two id
docker logs -f $id1
docker logs -f $id2
[2023-06-02 09:02:04.382] [info] get tokens
[2023-06-02 09:02:04.382] [info] refresh token
[2023-06-02 09:02:13.872] [error] Error: ping failed
[2023-06-02 09:02:16.873] [error] Error: ping failed
[2023-06-02 09:02:19.868] [error] Error: ping failed
[2023-06-02 09:02:22.873] [error] Error: ping failed
[2023-06-02 09:02:24.642] [error] network cannot reach customers
[2023-06-02 09:02:24.642] [info] removing resolve search customers.mydomainname.zero
[2023-06-02 09:02:24.889] [info] removing resolve ip 172.28.26.1
[2023-06-02 09:02:25.111] [info] killing process tunnel
[2023-06-02 09:02:25.111] [info] forcing to kill 4705
[2023-06-02 09:02:25.112] [info] ferrum_exit:
[2023-06-02 09:02:25.112] [info] tunnel closed
[2023-06-02 09:02:25.112] [error] Command failed: kill -9 4705
/bin/sh: line 0: kill: (4705) - No such process
[2023-06-02 09:02:25.869] [error] Error: ping failed
[2023-06-02 09:02:25.871] [error] Error: ping failed
[2023-06-02 09:02:28.872] [error] Error: ping failed
[2023-06-02 09:02:31.876] [error] Error: ping failed
[2023-06-02 09:02:34.873] [error] Error: ping failed
[2023-06-02 09:02:36.648] [error] network cannot reach aws
[2023-06-02 09:02:36.648] [info] removing resolve search aws.mydomainname.zero
[2023-06-02 09:02:36.948] [error] net::ERR_NETWORK_CHANGED
[2023-06-02 09:02:37.210] [info] removing resolve ip 172.28.28.1
[2023-06-02 09:02:37.874] [error] Error: ping failed
[2023-06-02 09:02:38.073] [info] killing process tunnel
[2023-06-02 09:02:38.073] [info] forcing to kill 4704
[2023-06-02 09:02:38.073] [info] ferrum_exit:
[2023-06-02 09:02:38.073] [info] tunnel closed
we are checking health every 3 seconds. if 5 try gives not success we are droping connection
logs say that ping failed.
please when connection droped
try
ping $publicIP,
ssh ferrum@$publicIp -p9999
By looking at the log of the ssh tunnel I see probably a lot of bots trying to access it. I see a bunch of failed authentication errors. Since it’s hosted on AWS I presume that’s not really a surprise and I should probably consider filtering IPs that can connect to the SSH tunnel. Is there an auto ban feature that could block IP that failed authenticating for like 5 times in a row?
ssh server default has max auth try fail.
we setted it 16.
dont care about hackers trying.
they are also trying on hack.ferrumgate.com.
this is a well hardened open ssh server that only supports our authentication method.
and we disabled all features at code level that we are not using.
and I see from your logs that.
[2023-06-02 09:02:36.648] [info] removing resolve search aws.mydomainname.zero
[2023-06-02 09:02:36.948] [error] net::ERR_NETWORK_CHANGED
if network changes, this version only supports tcp based tunnel.
and tcp will be broken. ( we are developing an udp based tunnel for next versions)
please try to investigate why network changes?
I’ll make more test. I know this morning I had to connect with OpenVPN client to a remote location while I think Ferrumgate client was connected so that’s probably what happened for this one but I lost the connection a few times this morning before I chose to give me access to only 1 of the 2 network and it’s been stable so far.
I know yesterday it was stable when I chose to keep only one of the 2 network card enabled (I’m always on Wifi but when I’m at my desk I connect the docking station to my MacBook Pro and it’s connecting via Ethernet too. I saw that when I make sure only 1 of the 2 is enabled it’s fine. I guess Ferrumgate client is probably having a hard time knowing if it should connect via Wifi or Ethernet when it’s running and both are connected at the same time.
Probably as you said, the problem occurs when Wifi and Ethernet is active.
please test it with disabled/closed wifi when ethernet is active.
Just a quick update, when I have 1 tunnel connected it will stick all day long. As soon as I have 2 tunnels connected, the connection can drop really quick. Ping will eventually fail and the tunnels will get disconnected. I can reconnect and it will stick for a few minutes but will again eventually drop. that’s on my Mac over Wifi. I also tested on a Windows 10 connected over Ethernet and same issue, when I have 1 tunnel no problem it can stay for hours without dropping the connection, as soon as I have 2 tunnels connected it will eventually drop after a few minutes.
if there are 2 networks, please send network ip configs, like below
and
there must be 2 dns services, please send their assigned ip address, like below
