Can't connect to velociraptor ip:8000

Question

Can't connect to velociraptor ip:8000

AH-M-ED opened this issue 3 years ago · comments

Hello,

I installed velociraptor on security onion and everything works fine !
I can access to velociraptor via https://$yourhost/velociraptor
but the problem that when i try to added a client ,it can't connect to the manager:8000 to retrieve the certificate.
and by accessing to manager:8000 manually,it will not respond !
I added a firewall rule using sudo so-firewall includehost velociraptor <IP/CIDR> and still can't connect to port 8000

thanks.

weslambert · Answer 1 · Sun Apr 18 2021 09:03:24 GMT+0800 (China Standard Time)

Is the manager address resolvable by the client? Maybe you could try manually adding to the client machine's hosts file to ensure that is not the issue?

Ahmed · Answer 2 · Sun Apr 18 2021 21:55:08 GMT+0800 (China Standard Time)

yes,the manager address is resolvable by the client! I can ping,i can access to security onion dashboard,i can access to https://$yourhost/velociraptor ,but I can't access to manager:8000 and so the velociraptor client will not connect .
https://pastebin.com/Nak7ZQd6

weslambert · Answer 3 · Wed Apr 21 2021 19:53:22 GMT+0800 (China Standard Time)

Are you able to perform a Test-NetConnection or netcat successfully to the port?

Ahmed · Answer 4 · Thu Apr 22 2021 00:31:36 GMT+0800 (China Standard Time)

Can't netcat to port 8000.

weslambert · Answer 5 · Thu Apr 22 2021 00:55:01 GMT+0800 (China Standard Time)

Sounds like there is a firewall in-between, or the local firewall for SO isn't actually opening the port for the intended address.

You can try running iptables -nL | grep $address (your client address) to see if the allowance exists in iptables.