We Keep Coding

How to connect to remote hashicorp vault server

Let me explain my use-case here,
I wanted to give a try to vault in my local, so I configured VAULT_ADDR as:
$ echo $VAULT_ADDR
http://127.0.0.1:8200
then I started vault in dev mode (vault server -dev) and everything was ok, I was able to connect to the server.
Then I wrote a really simple config file:
$ cat vault.config
backend "inmem" {}
listener "tcp" {
address = "127.0.0.1:8200"
tls_disable = 1
}
disable_mlock = true
and I restarted the server with vault server -config=vault.config, This too worked fine.
Now I want to use vault server which is deployed in remote server (aws ec2 instance). I have changed content my config file to below
backend "inmem" {}
listener "tcp" {
address = "123.456.789.1:8200" (aws ec2 public ip)
tls_disable = 1
}
disable_mlock = true
now this is throwing error
Error checking seal status: Get "http://123.456.789.1:8200/v1/sys/seal-status": dial tcp 123.456.789.1:8200: connect: connection refused'
when i am trying to check connectivity using telnet command, that too failed.
telnet 123.456.789.1 8200
telnet: Unable to connect to remote host: Connection refused
I have opened 8200 port in security group of aws, and both instances are in same vpc. What I am missing here? Any help?

I was able to figure out solution for above issue. Basically I executed below steps.
First I started vault server in above machine ( '123.456.XXX.X' ) by below command
vault server -dev -dev-listen-address="123.456.789.1:8200"
here 123.456.789.1 --> This is private IP of my ec2 instance, where my vault server is running.
Next, In my source machine (the one from which i am invoking vault server in 123.456.XXX.X ), I set below parameters
export VAULT_ADDR='http://123.456.789.1:8200'
export VAULT_TOKEN='*****************'
Now when I am trying to do telnet to 123.456.XXX.X server, it is working as expected
telnet 123.456.789.1 8200
output
Trying 123.456.789.1...
Connected to 123.456.789.1.
Escape character is '^]'.

I had the same problem
I was trying to reach my remote vault server this helps me https://stackoverflow.com/a/67218570/19887897
You just have to start your server like this
vault server -dev  -dev-listen-address="0.0.0.0:8200"

wireguard server in GCP, can connect, but rarely send back data to clien side

I setup a wireguard server in GCP.
The client can connect to server, and there is data tranfered between server and client.
But in client, I can't connect to any internet resource.
Below is the information when client connectted to server.
interface: wg0
public key: Xkb8VO26NmSLjSTDN02CBc7jf5O0VjwytzJByBYXlGE=
private key: (hidden)
listening port: 51820
peer: po7KDbDQlQUNJpdke2y5Dq3P+hx0NtSDM5/cCUGOO2A=
preshared key: (hidden)
endpoint: 116.48.101.165:47232
allowed ips: 10.100.100.0/24
latest handshake: 1 minute, 47 seconds ago
transfer: 489.66 KiB received, 4.87 KiB sent
Before I just changed firewall rule in GCP instant internally.
But the client can't connect to server.
sudo ufw allow 22/tcp
sudo ufw allow 51820/udp
After I add firewall rule to open 51820 port in console.
The client can connect to server.
But serve just send a little data back and client can't access the internet.
Because I can install the software in GCP, so it should have internet connection.
Is there anything I need to setup in GCP for wairguard?
Thanks.

Can't connect to specific domain from ec2 linux instance

I'm trying to connect from an ec2 micro instance to the following domain: http://www.bnm.gov.my but it seems to be blocked.
I have tried doing a simple request using curl.
curl http://www.bnm.gov.my
which gives me the following error:
curl: (7) Failed to connect to www.bnm.gov.my port 80: Connection timed out
I tried wget
wget http://www.bnm.gov.my
and get the following error:
--2018-10-31 14:33:06-- http://www.bnm.gov.my/
Resolving www.bnm.gov.my (www.bnm.gov.my)... 103.6.236.129
Connecting to www.bnm.gov.my (www.bnm.gov.my)|103.6.236.129|:80... failed: Connection timed out.
Retrying.
Also, a traceroute times out.
I can access the website from my computer as well as websites like downforeveryoneorjustme dot com and uptrends to check if there are any issues with the website but it seems to be my amazon instance.
I have access to internet, I can request other websites using curl... but this particular one isn't working...
I appreciate any ideas you may have as to how to fix this!
Current ACL Configuration for VPC. (The instance is running within a VPC)
Outbound
Rule # Type Protocol Port Range Destination Allow/Deny
100 All IPv4 traffic all all 0.0.0.0/0 ALLOW
* All IPv4 traffic all all 0.0.0.0/0 DENY

Amazon EC2 HTTP connection refused, but HTTP port is open

I created a new Ubuntu T2 Micro instance on EC2.
Created a new Elastic IP and selected "EIP used in: VPC"
Associated the address to my new EC2 Ubuntu instance.
I now have a Private IP and a Public/Elastic IP. No Public DNS.
My security group has SSH port 22 and HTTP port 80 open.
I can connect to the instance just fine through SSH using the Public IP, but when I try to browse to the Public IP through the browser it says connection refused. I can't ping it either.
I'm out of ideas.

Amazon EC2 HTTP connection refused, but HTTP port is open
That's already proven by the fact that you got 'connection refused'. If the port wasn't open it would have been 'connect timeout'.
'Connection refused' means that the service you tried to connect to wasn't listening at that port. Possibly it isn't started at all, or even installed.

You need to install a web server on your machine, such as Apache or Nginx. This is not provided by default in EC2.

go to security groups --> edit inbound rules --> add rule (add a custom TCP port 8888 with 0.0.0.0/0 ).

There are two major things that can happen to your web server.
Connection refused :- Which means there is no service running (http/JBOSS/nginx) on your server which is available to accept connections on port specified (which is 80 in this case)
Connection timed out :- Would mean server is not able to process any incoming connection hitting it at port 80. Once you fix the security group and your NACL (if you don't have a default one), then you need to re-check to see if it's service which is giving out the error, not to forget that the error response will change.

AWS EC2 Passive FTP - Server sent passive reply with unroutable address. Using server address instead

I have pureftp running on an AWS ec2 instance. I'm trying to get it to run in passive mode which I thought was working, however I'm finding it may not be working correctly. I'm receiving the following error in FileZilla
Status: Connected
Status: Retrieving directory listing...
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: Directory listing of "/" successful
The odd part is some people are unable to log in while others are.
I have the following pureftp configuration
Port Range
#Port range for passive connections replies. - for firewalling.
PassivePortRange `50000 50100`
PASV IP
#Force an IP address in PASV/EPSV/SPSV replies. - for NAT.
#Symbolic host names are also accepted for gateways with dynamic IP
#addresses.
ForcePassiveIP `ftp.mydomain.com` "my cname record is mapped to my ec2 public dns"
When I view the local port range on the server, /proc/sys/net/ipv4/ip_local_port_range the following are open.
32768 61000
My ec2 security group has port 50000 - 50100 open
When I view my server logs I don't see much other than this every once in a while.
Feb 5 08:57:41 ip-172-11-42-52 dhclient[1062]: DHCPREQUEST on eth0 to 172.11.32.1 port 67 (xid=0x601547fd)
Feb 5 08:57:41 ip-172-11-42-52 dhclient[1062]: DHCPACK from 172.11.32.1 (xid=0x601547fd)
Feb 5 08:57:43 ip-172-11-42-52 dhclient[1062]: bound to 172.11.42.52 -- renewal in 1417 seconds.
Anybody have any idea where things might be going wrong?

Server sent passive reply with unroutable address. Using server address instead
This solved the error for me to get FTP working on AWS EC2 by adding the following lines to etc/vsftpd.conf
pasv_enable=YES
pasv_min_port=1024
pasv_max_port=1048
pasv_addr_resolve=YES
pasv_address=XX.XX.XX.XX
XX.XX.XX.XX is set to the elastic IP assigned as the public address for the instance.
Ports in range 1024-1048 and 20-21 created as Custom TCP inbound rules allowing connections from anywhere.
FTP server is running vsftpd on an Ubuntu EC2 accessed with Filezilla client.

So I believe I resolved this issue. It appears as if aws was dynamically changing ip addresses. When I was referencing ftp.domain.com for my passiveip the ip that it resolved to didn't match the initial ip tied to the cname record.
The solution was to assign a static elastic ip to my ec2 instance and set my passiveip in pureftp to my static elastic ip. Thus far it appears to have resolved my issue.

I found some solution you can try.
https://serverfault.com/questions/821025/vsftpd-passive-reply-with-0-0-0-0-address-even-with-correct-pasv-address
I solved it by disabling listen_ipv6 and enabling listen in the config.
listen_ipv6=NO
listen=YES

I got the solution by setting vsftpd.conf
listen=YES
listen_ipv6=NO
Reference here https://stackoverflow.com/a/54707769/1336561