Question: Am I correctly Configuring Inlets-pro on Windows Box
deathcat05 opened this issue · 3 comments
So, I am trying to setup inlets-pro tcp client on an Active Directory Box. Not doing anything fancy with K8s, docker or anything. Just a basic setup where I have an Azure VM with a public IP (my inlets server), and an on-prem AD (my inlets client).
The documentation suggests using Git Bash for Windows to download inletsctl. However, I ran into an issue with that:
So, I ended up just grabbing the inlets-pro.exe from here, and ensuring that the folder I copied it into (C:\Program Files\inlets-pro) was in my path in my environment variables on the windows box.
The inlets-pro tcp server is on a linux box, and that seems to be up and running fine.
My issue is when I try to run the inlets-pro tcp client command from my Active Dirctory box. This is the command I'm running:
inlets-pro tcp client inlets --auto-tls --url "wss://%EXIT_IP%:8132/connect" --upstream=127.0.0.1 --ports 389,636 --license-file "C:\Program Files\inlets-pro\license.txt"
This is the error I get:
2022/04/14 09:22:27 Licensed to: <email> (Gumroad subscription)
2022/04/14 09:22:27 Upstream server: 127.0.0.1, for ports: 389, 636
Error: unable to download CA from remote inlets server for auto-tls: Get "https://%EXIT_IP%:8132/.well-known/ca.crt": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
For reference, this is the command I used to run the inlets-pro server on my Linux box (which is a VM in Azure with a public IP)
sudo inlets-pro tcp server --auto-tls --auto-tls-san $EXIT_IP
This is the output of the above command:
2022/04/14 16:00:53 Control port: 0.0.0.0
2022/04/14 16:00:53 Data port(s) will bind to: 0.0.0.0
2022/04/14 16:00:53 Wrote: /tmp/certs/ca.crt
2022/04/14 16:00:53 Wrote: /tmp/certs/ca.key
2022/04/14 16:00:53 Wrote: /tmp/certs/server.crt
2022/04/14 16:00:53 Wrote: /tmp/certs/server.key
2022/04/14 16:00:53 TLS: 52.161.70.164, expires in: 2491.999993 days
inlets-pro server. Copyright OpenFaaS Ltd 2021
Any ideas as to what I might be dowing wrong?
Note: I have opened up port 8132 both inbound and outbound on my NSG in Azure
Thank you.
Hi,
Could you try your inlets tunnel client from another machine or off your work network? In that way you may be able to verify that your tunnel server is working correctly.
Did you create your exit server with inletsctl? If so, then with what command?
We do have steps for setting up inlets servers manually: https://docs.inlets.dev/tutorial/manual-http-server/
We have clients that run the TCP client on windows boxes.
Do you need to use a HTTP proxy on your work network?
Also: make sure you use a --token or anyone can connect who has the server IP.
Alex
Hi Alex,
Thanks for responding back, and still answering my question here. Like I mentioned previously, not sure the best form of communication for getting technical help from others in the community. So if there is an active community forum to join, please point me in the right direction so I can ask further questions there.
Thank you for the token information too. I will be sure to add that.
As far as the inlets server, I had a VM with a public IP already spun up. But, I just used the command in the doc to download inletsctl, and then used inletsctl to download inlets-pro. I know the server is working fine because I was able to do the manual install of the server and connect to a PostGres DB via WSL on my windows box.
The only issue now is the Windows client on my AD VM.
As far as the inlets-pro client download. If I can't get it to work on Git Bash for windows then, how should I go about getting the binary, and all required components?
Like I mentioned in my original question, I just grabbed the inlets-pro.exe from the releases, and added the folder I put it in into my environment PATH variable on my windows machine.
When I run inlets-pro on the cmd prompt on my Windows box I do get the following output (which makes me think I grabbed everything I needed from the release page):
C:\Users\Administrator>inlets-pro
�[37m _ _ _ _
(_)_ __ | | ___| |_ ___ __| | _____ __
| | '_ \| |/ _ \ __/ __| / _` |/ _ \ \ / /
| | | | | | __/ |_\__ \| (_| | __/\ V /
|_|_| |_|_|\___|\__|___(_)__,_|\___| \_/
PRO edition�[0m
Connect HTTP and TCP services between networks using a websocket tunnel.
Each tunnel is made up of a client and a server. The server has both a
data-plane where clients will connect to the tunneled service on the
clients network, and a control-plane, where the clients connect.
For TCP and HTTP tunnels, the auto TLS feature can be used to encrypt the
server's control-plane. For HTTP tunnels, you may also wish to run a reverse
proxy on the exit-server to terminate TLS for the data-plane.
Multiple tunnel clients can connect to a server, and with HTTP tunnels,
requests will be load-balanced between connected clients.
From version 0.8.0 and onwards, client forwarding is available for testing.
In this mode, the client can access services on the server's network, which
is the opposite way that inlets has traditionally worked.
Find out more at https://inlets.dev/ or contact@openfaas.com
Usage:
inlets-pro [flags]
inlets-pro [command]
Examples:
# New style commands specify a tcp or http subcommand
inlets-pro tcp client/server
inlets-pro http client/server
# Legacy-style commands for backwards compatibility
# these run a TCP client or server.
inlets-pro client/server
Available Commands:
client Start a TCP tunnel client.
fileserver Start a local HTTP fileserver to share files.
help Help about any command
http Tunnel HTTP traffic
server Start a TCP tunnel server.
status Query the status of a HTTP or TCP tunnel server.
tcp Tunnel TCP traffic
version Display the clients version information.
Flags:
-h, --help help for inlets-pro
Use "inlets-pro [command] --help" for more information about a command.
Hi Alex,
I solved my issue. I had the client listening on 8132 instead of the 8123 port when running my commands.
No issues here :) Thank you!