connect to socks5 proxy with IKEv2 certificate using golang 1.10.2 - go

I use Go 1.10.2 for my client application.
I'm trying to connect to a socks5 proxy that requires username, password and IKEv2 certificate file.
this is what I've got so far:
func socks5(proxyAdress string, url string, user string, password string) {
auth := proxy.Auth{User: user, Password: password}
if proxy, err := proxy.SOCKS5("tcp", proxyAdress, &auth, proxy.Direct); err != nil {
log.Fatalf("error: %v", proxy)
} else {
tr := &http.Transport{Dial: proxy.Dial}
// Create client
myClient := &http.Client{
Transport: tr,
}
if resp, err2 := myClient.Get(url); err2 != nil {
log.Fatalf("error: %v", err2)
} else {
if bodyBytes, err3 := ioutil.ReadAll(resp.Body); err3 != nil {
log.Fatalf("error: %v", err3)
} else {
str := string(bodyBytes)
log.Printf(str)
}
}
}
}
when I execute this function with the proper parameters
I get an error from the server that I don't have permissions to access the web page I requested. that's because I didn't specify the IKEv2 key file.
so.. first.. how do I do that ?
and 2nd... Dial is deprecated.. I'm supposed to use DialContext but has no idea how
thanks ! :)
update
the OS that I use is MacOS High Sierra 10.13.4
the problem is that for example when I execute
socks5("il7.nordvpn.com:1080", "http://ifconfig.me/ip","MY_USER","MY_PASS")
the error that I get is
2018/05/15 23:34:49 error: Get http://ifconfig.me/ip: socks connect tcp ifconfig.me:80->ifconfig.me:80: EOF
I don't know where to provide the IKEv2 certificate

I think you need to set up IPSec on your computer first.
The steps to setup IPSec
Initial configurations (only once at the first time)
Start a VPN connection
Follow here

Related

grpc/go how to set grpc.ssl_target_name_override in grpc.Dial

I am currently trying to test ssl/tls authentication between grpc client and server in go. Not sure how to pass grpc.ssl_target_name_override(https://grpc.github.io/grpc/core/group__grpc__arg__keys.html#ga218bf55b665134a11baf07ada5980825)
while creating the channel on the client side, currently seeing this:
"transport: authentication handshake failed: x509: certificate is valid for xxx.xxx.net, not localhost"
// Create the client TLS credentials
creds, err := credentials.NewClientTLSFromFile("cert.pem", "")
if err != nil {
panic(err)
}
conn, err := grpc.Dial("localhost:8080", grpc.WithTransportCredentials(creds))
if err != nil {
panic(err)
}
I see documentation for other languages: https://grpc.github.io/grpc/cpp/classgrpc_1_1_channel_arguments.html#a42313e3360b50c354c68572e7bf5bccb
I had to set the serverNameOverride value as xxx.xxx.net in NewClientTLSFromFile function and that fixed the issue.
// Create the client TLS credentials
creds, err := credentials.NewClientTLSFromFile("cert.pem", "xxx.xxx.net")
if err != nil {
panic(err)
}

Is there a way to read IP connection header inside server application in go?

Server application supports authentication which demands username and password from the client who is connecting with it. There can be a client from within the machine as well for which I do not want it to be authenticated. Client within the same machine connects with the server with the LOOPBACK address. What I want is that, if I can somehow apply filter for the destination IP of the gRPC connection and decide whether to apply authentication or not. Is there a way? Thanks !
func (s *RShellServer) ExecCmd(stream RShell_ExecCmdServer) error {
# For example, something like this if condition.
if (Conn().destination_ip != LOOPBACK) {
if err, ok := gnmi.AuthorizeUser(stream.Context()); !ok {
return fmt.Errorf("%s", err)
}
}
req, err := stream.Recv()
if err != nil {
return fmt.Errorf("Error reading request: %s", err)
}
}
Your GRPC service should be something like this
func (MyServer) SomeFunction(ctx context.Context,
req *myserver.Request) (resp *myserver.Response, err error)
Then you can use peer library and extract peer information from context like `
p, err := peer.FromContext(ctx)
And get address from peer using
p.Addr

got first record does not look like a TLS handshake when trying to connect to mailtrap smtp

I have following code for creating an SMTP connection:
func NewSMTPClient(host, username, password string, port int) (*smtp.Client, error) {
tlsConfig := &tls.Config{ServerName: host}
conn, err := tls.Dial("tcp", fmt.Sprintf("%s:%d", host, port), tlsConfig)
if err != nil {
return nil, fmt.Errorf("smtp client: tcp dial: %s", err.Error())
}
c, err := smtp.NewClient(conn, host)
if err != nil {
return nil, fmt.Errorf("smtp client: new client: %s", err.Error())
}
auth := smtp.PlainAuth("", username, password, host)
if err = c.Auth(auth); err != nil {
return nil, fmt.Errorf("smtp client: get auth: %s", err.Error())
}
return &c, nil
}
This code works very well with Yandex SMTP server. But when I tried to test it with MailTrap in my unit tests (since I didn't want to actually send email to people every time I test the code), I got this error:
smtp client: tcp dial: tls: first record does not look like a TLS handshake
EDIT 1:
I have tried to set InsecureSkipVerify to true, but still got the same error; though the MailTrap configuration says that I should be able to use TLS:
TLS: Optional (STARTTLS on all ports)
Probably the SMTP server you are trying to connect to doesn't support STARTTLS.

SSH through bastion host

I've just started to use Go and I am trying to setup an ssh connection through a bastion host, i successfully authenticate to the bastion host, but fail on the LAN host. I've read a number of posts, the answer to this i've found very helpful. But i'm not sure what would be in that persons config. My code is as follows. I'm trying to do with with PublicKeys only and if its important i'm starting on a mac, authenticate to linux, then fail to make the second connection to another linux host. Plain ssh works fine
package main
import (
"fmt"
"golang.org/x/crypto/ssh"
"io/ioutil"
"log"
"os/user"
)
const TCP = "tcp"
const PORT = "22"
func bastionConnect(bastion string, localh string) *ssh.Client {
var usr, _ = user.Current()
var homeDir = usr.HomeDir
fmt.Printf("home is %v\n", homeDir)
key, err := ioutil.ReadFile(homeDir + "/.ssh/id_rsa")
if err != nil {
fmt.Print("i'm dying at reading ssh key")
panic(err)
}
signer, err := ssh.ParsePrivateKey(key)
if err != nil {
fmt.Print("i'm dying at parsing private key")
panic(err)
}
fmt.Printf("I'm returning public keys for %v", signer.PublicKey())
config := &ssh.ClientConfig{
User: usr.Username,
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
Auth: []ssh.AuthMethod{
ssh.PublicKeys(signer),
},
}
bClient, err := ssh.Dial(TCP, bastion+":22", config)
if err != nil {
log.Fatal(err)
}
fmt.Print("passed bastion host\n")
// Dial a connection to the service host, from the bastion
conn, err := bClient.Dial(TCP, fmt.Sprintf("%s:%s", localh, PORT))
if err != nil {
log.Fatal(err)
}
ncc, chans, reqs, err := ssh.NewClientConn(conn, fmt.Sprintf("%s:%s", localh, PORT), config)
if err != nil {
fmt.Printf("Error trying to conntect to %s via bastion host\n%v\n", localh, err)
log.Fatal(err)
}
sClient := ssh.NewClient(ncc, chans, reqs)
return sClient
}
func main() {
var bastion = "jumpdev.example.org"
var lanHost = "devserver01"
bastionConnect(bastion, lanHost)
}
The last log line i see is Error trying to connect to devserver01 via bastion host with an error of
2020/02/03 14:40:17 ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey]
Pardon all the Printfs needed to see what's up.
In the second connect could the public key config be messing it up? I have also checked out this project, but seems like overkill.
The above code was fine, i was running into an authorized_keys issue on a box that i always connect to but forgot about my local .ssh/config :(
I wanted to expand on this a bit so it was not just whoops, i messed up post. For a full bastion to lanhost agent connection, I have updated a gist here

Go net.dial issue

I'm having some issues connecting to a local golang TLS server via tls.dial or net.dial. The server ist started with the address localhost:10001 and I am able to connect to it with netcat (simply netcat localhost 10001 ) but trying it with golangs's dial method doesn't work (connection refused). What could be the reason for this? One important thing to point out is that I'm testing it on a Debian VM where I deinstalled the network manager so I could configure the network interfaces myself (static ip). My guess is that net.dial has some issues finding the right interface but what does netcat do that golang's methods don't? I tried all different kinds of addresses on both sides (server on localhost, ::1, 127.0.0.1; client same). On my windows host system it works (so the issue is probably not with the server).
Thanks in advance.
conn, err := tls.Dial("tcp", h.IP+":"+h.Port, conf)
if err != nil {
log.Println(err)
return empty
}
// do cleanup
defer conn.Close()
d := Craft_PKG( data )
//write package
WriteChunks( conn, d )
this is the client code and this
ln, err := tls.Listen("tcp", "localhost:"+(*port), config)
if err != nil {
log.Println(err)
return err
}
defer ln.Close()
for {
conn, err := ln.Accept()
if err != nil {
log.Println(err)
continue
}
// start the handler for every incoming connection
go h(conn)
}
the server code. It is all very straightforward and works with netcat and in my Host system as I mentioned.

Resources