After connecting to the business network I have no internet access.
route print shows:
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.132.222 192.168.132.166 121
0.0.0.0 0.0.0.0 On-link 10.100.10.26 31
<... snip ...>
Through these commands:
route delete 0.0.0.0 mask 0.0.0.0 192.168.132.222
route add 0.0.0.0 mask 0.0.0.0 192.168.132.222 metric 1
I am able to then access both internet AND the business network.
I am wondering: Is there a way to define that via Shrew Settings?
The answer given by user416930 is correct, but a little unclear, so here it is spelled out a little better.
In Shrew Soft VPN Access Manager, go to Edit > Properties > Policy > Select.
Uncheck "Obtain Topology Automatically or Tunnel All".
Click "Add". Add the network used by your VPN.
If you are unclear what VPN your network is using:
Open command prompt and type "ipconfig /all".
Look for the entry with "Screw Soft Virtual Adapter".
Shrew Soft VPN Acess Manager>Edit>Properties>Policy>Select(Maintain Persistent Security Assosiacations),Add(10.0.0.0,/255.0.0.0)
Related
I have an RB750 with the follow setup:
- Interface 1 = WAN static IP
- Interface 2 = Static IP from a LAN network (LAN provided by another FW)
- MK as a IPSec/L2TP working well providing to clients the subnet x.x.x.x
I would like to redirect all traffic from VPN clients to the LAN network provided in Interface 2.
I mean; User setup in his computer the VPN with success, when connected they need to access the server z.z.z.z located inside the network provided in Interface 2.
Any ideas how to configure it?
You provide not much information, but if im not wrong
you can try NAT for example
/ip firewall nat add chain=srcnat action=masquerade out-interface="your Interface 2" src-address="your l2tp subnet x.x.x.x"
What could explain why an EC2 instance running Windows 10 does not consistently have access to its own metadata or userdata?
I know the userdata is set correctly because the exact same script was used for about thirty launches of t2.nano and c4.xlarge instances: the t2.nano never encountered any issue reading the metadata, but out of three attempts with a c4.xlarge only one had access to it. The script only differed by the name of instance (as per git history at least).
I followed the instructions below, and even from a Powershell, the Uri fails to load (cf. Figure 2).
Any hint is appreciated.
There is a script call InitializeInstance.ps1 that resets some configuration information.
For example, if the instance has changed subnets it might not work correctly due to cached routing rules. The InitializeInstance.ps1 can correct this.
We experienced the same issue on a Windows 2016 server on EC2. We noticed that the default gateway on the 169 IPs routes (persistent) where pointing at a non-existing (old?) gateway IP.
We changed the routes to the default gateway of the primary adapter, after that Instance Metadata started to work and AmazonSSMAgent service is running again.
Old situation:
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.3.129 172.16.3.152 15
....
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
169.254.169.254 255.255.255.255 172.16.0.129 15
169.254.169.250 255.255.255.255 172.16.0.129 15
169.254.169.251 255.255.255.255 172.16.0.129 15
Notice the gateway on the persistent routes for 169 to point at an IP, which is not the default for 0.0.0.0. This 172.16.0.129 is also not pingable.
After changing the routes using route CHANGE:
route CHANGE 169.254.169.254 MASK 255.255.255.255 172.16.3.129 METRIC 15 IF 4 /P
route CHANGE 169.254.169.250 MASK 255.255.255.255 172.16.3.129 METRIC 15 IF 4 /P
route CHANGE 169.254.169.251 MASK 255.255.255.255 172.16.2.129 METRIC 15 IF 4 /P
Where:
172.16.3.129 is the default gateway on the primary network interface. This will be different on each instance.
And 4 at then end METRIC 15 IF 4 is the interface ID of primary adapter, listed in interface list on route PRINT, this could also be different on each instance.
We now have:
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.3.129 172.16.3.152 15
....
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
169.254.169.254 255.255.255.255 172.16.3.129 15
169.254.169.250 255.255.255.255 172.16.3.129 15
169.254.169.251 255.255.255.255 172.16.3.129 15
===========================================================================
This is basically what the for mentioned ProgramData/Amazon/EC2-Windows/Launch/Module/Scripts/Add-Routes.ps1 script does.
Can't edit John Rotenstein so I'll add it here,
This issue was solved at my end by initialise the instance again,
it happen when you created an image in one subnet or vpc and launch it in a different one.
Warning this would change the admin password, make sure you have access to the required key to get the new password at console.
In order to initialise the instance only once run:
C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\InitializeInstance.ps1 -Schedule
in order to initialise it every boot run
C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\InitializeInstance.ps1 -SchedulePerBoot
the docs: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2launch.html
after running it, reboot the instance, get a new password from the console, rdp inside and you can get metadata and use aws s3 cli / powershell with the attached instance IAM role
Short version of the need:
Pass all traffic of a specific port (TCP) via a proxy
It should be an HTTP proxy with port 8000
Description
I have an application that needs to reach an external IP with a specific port (TCP). But the standard corporate network blocks outbound traffic to this port.
I can, however, access that port when working with the corporate HTTP proxy that works on port 8000.
Alas, my application does not have any proxy settings, and IE's proxy settings are irrelevant.
Port forwarding and tunneling won't do me any good (already tried netsh anyway), since I need not only to reach the proxy, but I need it to actually function as a proxy.
Can anyone recommend on a method / software that will allow me to pass all traffic to port X via a proxy?
It has to be the traffic of a specific port, since there is a web server installed on that machine and I don't want to temper with it.
Thank you!
Windows doesn't route by port. The real answer is send the traffic to a firewall or layer 3 device that can route by port.
But,
If you know the ip address of the destination you could force that traffic to the proxy if the proxy address is on the same subnet. If it's not on the same subnet your computer will try to send the traffic to that as a gateway but it won't be avaiable (it won't be routed). But, it's so simple it's worth a try.
Example....
Computer 192.168.1.10, 255.255.255.0
Proxy 192.168.1.254 255.255.255.0
Destination IP. 68.68.68.68
route add -p 'destination ip' 'destination subnet range' 'where to send traffic, normally the next hop gateway'
Using example addresses (replace the two addreses with yours but keep 255.255.255.255)
Open Command prompt as administrator, Type route add -p 68.68.68.68 255.255.255.255 192.168.1.254
Using 255.255.255.255 forces it to only route one address.
-p will make the route stay after a reboot.
If it doesn't work you can remove the route simply route delete 'destination ip'
Route delete 68.68.68.68
I have a macbook, connected with ethernet, and wifi.
A site (lets call it facebook) is blocked on one of the interface (ethernet)
but is open on the other (wifi), on the other hand eth is better (fastest and more reliable than the wifi) so I use eth as a priority interface (on top of network preferences), but in this way there is no access to the blocked site.
I would know if there is a way to say to the operating system or browser or other
software components that it must use the connection of wifi if and only if a connection on :80 over eth fail. this would be perfect...or any other means to solve the problem..
It's a matter of configuring a proper proxy?
Thanks in advance.
You could modify routing table to pass traffic to given host or network through chosen gateway.
List your routing table:
$ netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 10.0.0.1 UGSc 15 0 en0
default 192.168.0.1 UGScI 1 0 en1
[...]
In this case en1 is wifi. So to use wifi connection to a host x.x.x.x, route traffic to this host through 192.168.0.1 gateway:
sudo route add -host x.x.x.x 192.168.0.1
Or better add routing to entire network used by given service:
sudo route add -net x.x 192.168.0.1
The downside is that it may be difficult to determine an ultimate list of IPs, networks used by the service.
See man route.
I have Hamachi installed on a server (aws-ec2 machine) and I'm trying to open a port on the machine for msmq.
I used the following command:
netsh advfirewall firewall add rule name="open port 1801" dir=in action=allow protocol=TCP localport=1801
I also allowed incoming TCP connections to 1801 in the AWS security groups.
My problem is when I run the command netstat -ao to see what ports are listening, I only see the port listening on the IP address Hamachi has assigned to the computer. But it is not listening on the local private IP address (10.x.x.x).
Anybody have any idea how to get it to listen on the local IP? Been Googling forever with no success for an answer.
Thanks to all who can give me some advice.
It sounds like the issue is that it is not binding to the correct interface. You will likely have to change the binding order of the adapters such that the adapter with the local IP is preferred.
Instructions are here:
http://support.microsoft.com/kb/894564