I am trying to setup an IPSec tunnel on my virtual machine on Google Compute Engine and it seems all my traffic is blocked. Even though I have open the necessary ports on both the Windows Server 2016 server and Google's Firewall. Question I have is it possible to setup the VPN tunnel on the server it self or should I make use of the Hybrid Connectivity VPN or something else? I have the same setup on a dedicated server but just can't get Main Mode and or Quick Mode functioning at all.
PS I have setup many iPSec tunnels on stand alone server just not on a virtual server using Google Compute Engine.
Thanks in advance for your help on this one.
I was able to set up IPSec VPN server with Debian 10 virtual machine, on Google Compute Engine.
Here's what I did:
While creating virtual machine instance (Debian 10 for example), in "Network interface" window set option "IP forwarding" to "ON";
On "VPC network" page create firewall rule with open ports: "udp: 500, 4500";
Use this script to setup VPN software:
wget https://git.io/vpnsetup -O vpnsetup.sh && sudo sh vpnsetup.sh
It will generate credentials needed for next step. They look like this: "Server IP: ****", "IPsec PSK: ****", "Username: ****", "Password: ****".
For client configuration use credentials generated from above step and IPsec/XAuth protocol while setting vpn connection.
Look here if you encounter problems: https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-xauth.md
Check this guide "IPsec VPN Server Auto Setup Scripts" for more information:
https://github.com/hwdsl2/setup-ipsec-vpn
Related
My GCP server is down. It was working last day. I can see the server in VM Instances but can not connect using SSH. All the client websites are down.
Can any one help ?
There is several reasons this could happen:
If your disk is full
sshd deamon isn't configured properly
If OS login is enabled on your instance
A firewall rule block port 20
Sometimes, you see some connection errors in the console, that worth to take a look.
EDIT:
I will need additional information if that still not working;
Take a look to your serial console logs and tell me if you have any relevant logs that can help like a kernel panic, issue with networking, permission denied, etc
Use Cloud Shell and try to connect to your VM instance with these commands:
gcloud compute firewall-rules create --network=default default-allow-ssh --allow tcp:22
gcloud compute ssh YOUR_INSTANCE_NAME --zone YOUR_ZONE -- -vvv
If you can't connect from cloud shell, try to ping your VM instance (internal IP & external IP)
I highly recommend to delete your screenshots showing information about your VM instance (Firewall rules, Project name, nmap scans, etc).
I’ve a question regarding Compute VM and its associated privileges. I have ‘Owner’ privileges at Project level. I created a VM but was not able to assign an external IP address to it. Upon referring to google cloud docs, it appears that I’ll still be able to connect to this VM using VPN or IAP. Upon clicking the SSH link next to the VM, I see that it uses a Cloud-IAP tunnel but the connection fails.
Here is the error message
External IP address was not found; defaulting to using IAP tunneling.
ERROR: (gcloud.compute.start-iap-tunnel) Error while connecting [4003: u'failed to connect to backend'].
ssh_exchange_identification: Connection closed by remote host
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255].
How do I go about connecting to this VM?
Appreciate your help with this
https://hodari.be/posts/2019_09_30_access_private_gke_nodes_with_ssh/
https://cloud.google.com/iap/docs/using-tcp-forwarding
Firewall rules that are configured to allow access from Cloud IAP's TCP forwarding netblock, 35.235.240.0/20, on all ports of your machine. This ensures that connections are allowed from Cloud IAP's TCP forwarding IP addresses to the TCP port of the admin service on your resource. Note that you might not need to adjust your firewall rules if the default-allow-ssh and default-allow-rdp default rules are applied to ports used for SSH and RDP.
As probably you already have default-allow-ssh instead of trying:
gcloud compute start-iap-tunnel stage-es-kibana 5601 --local-host-port=localhost:5601
jump to port via extra ssh layer:
gcloud compute ssh stage-es-kibana -- -N -L 5601:localhost:5601
or open Google Firewall between host/port stage-es-kibana:5601 and subnet 35.235.240.0/20.
This is a permissions issue.
You are trying to ssh into your vm thru google's IAP proxy.
You don't have permissions to create the tunnel from your computer to the proxy server.
You need have the role "roles/iap.tunnelResourceAccessor" to ssh to your vm:
It seems that the GCP CE requires to initialize SSH and other services after its RUNNING status.
I used a workaround by adding a sleep (60 sec) command, after starting the VM and before SSH using the IAP tunnel.
In my case I solved or worked around it by omitting the --tunnel-through-iap parameter that is passed to gcloud compute ssh.
try open Google Firewall subnet 35.235.240.0/20
I have a GCE instance that uses older mysql connection type and in order to connect to a Google Cloud SQL instance, I open an SSH connection through the browser on the GCE instance and run the following:
> cd /
> ./cloud_sql_proxy -dir=/cloudsql -instances=my-gce-instance-name:us-east1:my-sql-instance-name &./cloud_sql_proxy -dir=/cloudsql -
And then it is open for connections. The problem is, when I close the browser window (or even sign into Google with a different user), the connection is lost. Is there any way to persistently run this Unix socket with Google Cloud Engine?
Generally, you can run a command in the background by appending a & to the end of the command. This will start a background process for the proxy. You can stop the proxy with killall cloud_sql_proxy.
Another solution would be to run the proxy as a service. How to do this wildly varies by distro and version. Ubuntu 16 is typically bundled with systemd.
Apologies for the bad english, i'm french. :D
I've been looking for an answer since approximatively 4 days, and I don't know how to fix my issue.
So:
I want to virtualize two servers using virtualBox on Windows7 and i want them all on the same local network.
My VMs are running on Ubuntu 16.04
On the first VM I installed a lamp web server with MySQL 5.7 and i add phpmyadmin.
On the second VM I installed Jira standalone
--> I need to connect to my Database from my Jira server
So I used the Bridge adapter on each machine:
network configuration
network configuration
Ip adresses are attributed with the DHCP protocol.
The SQL machine ip is 192.168.6.80
The Jira machine ip is 192.168.6.101
The Host machine ip is 192.168.6.87
I'm able to ping each machine so there is no problem.
SQL server
When I start the machine everything seems to work, i can access from my SQL server:
localhost : home page of apache 2 saying "It Works"
localhost:5671 :
[���
5.7.18-0ubuntu0.16.04.1� ���UKBeM�ÿ÷�ÿ����������T(DGKg1hwd=�mysql_native_password���ÿ„Got
packets out of order
localhost/phpmyadmin : the index page where I can connect perfectly with root.
Host Machine (Windows)
192.168.6.80 : home page of apache 2 saying "It Works"
192.168.6.80:5671 :
[���
5.7.18-0ubuntu0.16.04.1� ���UKBeM�ÿ÷�ÿ����������T(DGKg1hwd=�mysql_native_password���ÿ„Got
packets out of order
192.168.6.80/phpmyadmin : the index page where I can connect perfectly with root.
Jira server
Here when i start the machine it works during approximatively 2-3 minutes,
I'am able to connect via:
mysql -u root -p -h 192.168.6.80 -P 5671
I am perfectly connected and i can also access to all the other adresses.
And then it stop working on this machine only.
Unable to connect
Firefox can’t establish a connection to the server at 192.168.6.80.
The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer’s network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
And when i re-try to connect via mysql on terminal I get the Error 2003 (HYOOO)
This happen only when i use the connection of my work, at home it works perfectly without stopping!!
I have few leads:
problems of proxy authentication
problems of firewall configuration
i am in a private network with a domain name called something.eu
And when i launch firefox the proxy shows up automatically:
and-etc-ha.something.eu:9090
So i'm invited to enter my id and password.
My id is : luc.myName#something.eu
After that i'm connected to internet with firefox but not in terminal when i want to use apt.
I search on the web and i found this:
export http_proxy="http://Username:password#proxyip:port/"
and
export http_proxy="http://Domain\user:pasword#proxyip:port/"
So I tried different ways and i was able to download with apt. But the internet connexion with firefox was unstable. But if I use firefox on my host machine the connexion is perfect.
I also tried with settings -> network -> network proxy -> method manual
http: and-etc-ha.something.eu port: 9090
I don't know if I was understandable, tell me!^^
If you have any ideas to help me to solve this problem let me know.
Bye!
I found the cause: In fact there was a ip conflict inside the LAN because the DHCP was giving in-use ip address.
I decide to use the NAT connection with Port Forwarding on VirtualBox.
With that configuration I'm able to access my VMs on my LAN using the host ip address followed by the port of my choice.
I am a very basic user in Google Cloud Platform.
Is it possible to use a GUI of my VM instance ? I am currently using Centos7 VM.
You can use VNC to connect to VMs on Google Compute Engine. Here's a detailed tutorial for how to set this up.
For added security:
use a long, complex password (though note that VNC limits passwords to 8 characters)
instead of opening up port 5901 to the Internet, consider using an SSH tunnel. This is more complex, and depending on your Internet connection, may slow down your graphics refresh rate, but will be more secure.
To use the alternative approach with an SSH tunnel, here are the differences from the tutorial you need to follow:
don't open port 5901 in the Google Compute Engine firewall
create an SSH tunnel from your desktop/laptop to GCE VM via:
gcloud compute ssh \
${VM_INSTANCE} \
--project $PROJECT \
--zone $ZONE \
--ssh-arg "-L ${LOCAL_PORT}:localhost:5901"
where you need to provide the right parameters for ${VM_INSTANCE}, $PROJECT, and $ZONE that match your configuration. You can choose ${LOCAL_PORT} to be 5901 if you wish, but if you decide to VNC into several different GCE VM instances, you'll have to choose unique ports for your local machine.
You need to keep this connection open to use VNC. If this connection is closed, you will lose VNC access as well.
Instead of connecting to your VM using its external IP, connect via localhost:${LOCAL_PORT} with ${LOCAL_PORT} same as selected earlier in step #2
My need was to connect a Windows TightVNC client to Google Compute Engine Cloud Instance of Debian 10 (Buster). The various tutorials I have worked through omitted one important step: make sure the vnc server is not restricted to localhost.
The essential steps for Google Cloud are summarized as
confirm you have a running VM instance and that you have ssh access.
I explicitly disabled enable-oslogin (how to disable oslogin)
and loaded my own Puttygen-created SSH certificate.
in VPC Networks > Network Interface Details > Firewall and routes > Rules add a rule to allow ingress for ip range 0.0.0.0/0 (or a
known limited range), for tcp:5900-5920 (this allows for up to 20
VNC instances)
set up the VNC server (tutorials here and for debian 9
here and for debian 10 here and more complete and recent
here for debian 10
after doing this, I could not get past "Connection refused."
Missing step: make sure -localhost no is included as argument when starting the vncserver:
vncserver -localhost no
Once all these conditions were satisfied, I had desktop access.