VPN program messed up Windows Server on Kimsufi

VPN program messed up Windows Server on Kimsufi

rudolphdrudolphd Member
edited March 20 in Help

I somehow messed up my Windows 10 server on Kimsufi.

I installed PureVPN, after the installation something happened and I got disconnected from the RDP. Probably because PureVPN installed some weird network adapters that could have been set up as default or something. I don't know exactly.

And now I'm having a trouble connecting to this server, I have restarted many times, in rescue mode it shows 100% OK.

I'm pinging this server it shows that it's off (Request timed out.), so this VPN must have ruined some startup/LAN settings for this Windows Kimsufi.

Is there a way to fix this without reinstalling ?

I'm currently thinking of transferring all the data from this server to another server through SFTP, and reinstalling, and sending back all 2TB of data.

Comments

  • This will because when you connect to a VPN for example it usually stops network activity going through LAN for example. The client tries to re-route all connections through a VPN which works but you no longer get RDP etc cause the ports don't forward through.

    If you've set it to run on startup you're in a pretty sticky situation.

    Jr System Administrator

    Thanked by 2rudolphd netomx
  • myhkenmyhken Member

    First, do you have an active monitor on that server? If so, you have to turn it off, or else Kimsufi will think there is something wrong with your server, since Windows do not accept ping default.

    So there is nothing wrong that you can't ping your server. I can't ping any of my 6 Kimsufi servers running Windows. (or my OVH server or my Hetzner server).

    As you say PureVPN must have installed some network stuff, that block you access, if it not just so simple that you have autologon and that when your server start, the VPN also start, and then you have to connect via the VPN IP and not the server IP.

    Kenneth Myhre WindowsTemplate.com - free Windows templates for OVH/Hetzner/Kimsufi/Online.net

    Powered by Hetzner.com, backed up by OVH, Kimsufi and VULTR.com

    Thanked by 1rudolphd
  • figurefigure Member

    For future reference, I always install Teamviewer before I do anything else on windows kimsufi, to have a way in if it goes belly up.

  • The easiest way I can think of (if you're pretty sure it's the VPN) is to boot into rescue mode, mount the Windows FS and just rename the relevant executable (or the entire VPN folder) which will then result in missing path/executable and so the VPN wont auto start and tada... you'll be all set :-)

  • FalzoFalzo Member

    @HyperSpeed said: This will because when you connect to a VPN for example it usually stops network activity going through LAN for example. The client tries to re-route all connections through a VPN which works but you no longer get RDP etc cause the ports don't forward through.

    I agree that the VPN itself rerouting all traffic is most likely the problem here.

    don't know much about purevpn but maybe you can disable connections inside your account or change the password needed for the login or something like that so that the purevpn client will simply timeout after you restartet your server?

    Netcup DE KVM specials: 1vC 1GB 18,88€ or 4vC 4GB 42,88€ yearly with 5€ off 1st order: 36nc15005674359 / 36nc15008174830 UltraVPS.eu KVM in US/NL/DE, 15% off 6months: 1GB & HDD from 2,55€ or 2GB & SSD from 3,83€

  • figurefigure Member

    Do you use RDP Defender or similar to block people trying to login to your windows kimsufi as admin?

  • @Falzo said:

    @HyperSpeed said: This will because when you connect to a VPN for example it usually stops network activity going through LAN for example. The client tries to re-route all connections through a VPN which works but you no longer get RDP etc cause the ports don't forward through.

    I agree that the VPN itself rerouting all traffic is most likely the problem here.

    don't know much about purevpn but maybe you can disable connections inside your account or change the password needed for the login or something like that so that the purevpn client will simply timeout after you restartet your server?

    Simplistic. I like it. In theory if the psssword is incorrect it shouldn't connect as you've mentioned so that should / would be the easiest way I could think of but you'd probably need to reboot to force a disconnection.

    Hats off for thinking outside of the box!

    Jr System Administrator

    Thanked by 1Falzo
  • rudolphdrudolphd Member
    edited March 22

    @nullnothere said: The easiest way I can think of (if you're pretty sure it's the VPN) is to boot into rescue mode, mount the Windows FS and just rename the relevant executable (or the entire VPN folder) which will then result in missing path/executable and so the VPN wont auto start and tada... you'll be all set :-)

    Is there a way to stop this service from running from rescue mode ? There is an exe file, but I think there may also be some kind of a driver.

    @Falzo - here is the service that is probably launched on startup which as you said is rerouting all traffic.

    EDIT:

    I mounted system drive while in rescue mode. I deleted PureVPN folder, but still I can't connect. So there must be some kind of a driver in %windows% or system32 folder...

  • I have no clues on the innards of this VPN client. I'd say that you first disable it and get your (Kimsufi) box back to functional state and experiment with this tool on a local box/VM where you can "risk" being locked out and recover much more easily. You can test things out in terms of settings and then migrate whatever works nicely to the Kimsufi box.

    I assume that since you've taken this screenshot you're back to accessing this server?

    Also, just to clarify, I meant Kimsufi rescue environment (like Linux) where you can mount the Windows FS and just rename/delete the EXE or folder and it should stop this nefarious thing from starting up at boot.

    Thanked by 1netomx
  • There may be a "virtual adapter" that the VPN client installs that you probably have to disable or delete. I'm surprised though that despite you removing the folder/executable's there's still something that's holding on to the network preventing you from connecting (unless it's some sort of a firewall rule).

    Sorry I don't have any specifics to help out in this regard but hopefully @Falzo or other's who may have more Windows ideas may be able to help.

    BTW, a quick Google search points to a "Internet Kill Switch" that comes as part of PureVPN which in effect helps "protect" you by preventing internet traffic if the VPN drops.

    That seems like it's a (Windows) firewall rule - so somehow disabling that rule should at least get you back in.

    Hope this helps.

  • rudolphdrudolphd Member
    edited March 22

    nullnothere said: I assume that since you've taken this screenshot you're back to accessing this server?

    No, I have installed PureVPN on my PC also. And those other screenshots are taken from WinSCP through which I removed the PureVPN folder (which is located on the non-working kimsufi server)

  • Can you try to modify the boot DOT ini file to force a network safe mode boot which should hopefully help you connect via rdp?

    See: http://serverfault.com/questions/55063/remote-restart-into-safe-mode-windows

    [Aargh stupid *Flare is not letting me post...]

  • rudolphdrudolphd Member
    edited March 22

    nullnothere said: That seems like it's a (Windows) firewall rule - so somehow disabling that rule should at least get you back in.

    Windows firewall rules are stored in registry, I think then I'm gonna have to download the whole registry and edit out PureVPN entries on my local PC.

    nullnothere said: Can you try to modify the boot DOT ini file to force a network safe mode boot which should hopefully help you connect via rdp?

    I can't find the boot_ini file somehow, I mounted boot partition, but all files there are in non-text format.

    EDIT:

    [email protected]:~# mount /dev/sda2 /mnt/ -o show_sys_files

    Showed more files, but again, they all are in non-text format..

  • FalzoFalzo Member
    edited March 22

    have you tried changing your purevpn login-data as suggested above, so that the client won't be able to connect at all?

    though I am not familiar with how authentification is done by the purevpn-client, from their wiki it looks like this should be doable

    Netcup DE KVM specials: 1vC 1GB 18,88€ or 4vC 4GB 42,88€ yearly with 5€ off 1st order: 36nc15005674359 / 36nc15008174830 UltraVPS.eu KVM in US/NL/DE, 15% off 6months: 1GB & HDD from 2,55€ or 2GB & SSD from 3,83€

  • @Falzo said: have you tried changing your purevpn login-data as suggested above, so that the client won't be able to connect at all?

    though I am not familiar with how authentification is done by the purevpn-client, from their wiki it looks like this should be doable

    I changed the pw and no, doesn't work. Ping also shows 'timed out'. It might be a firewall rule as the user above mentioned... Or some driver that I don't know about PureVPN has installed...

  • @rudolphd - the boot DOT ini file should be in the C:\ drive or partition (or so I thought) - hopefully you'll be able to find it and edit it. It should be a plain text file AFAIK.

    @Falzo - this PureVPN client has some sort of a "kill" switch (apparently for security) which will result in no internet if the VPN doesn't work/connect - so if that is on (not sure), if the VPN doesn't start, you're toast because the net is locked down.

    I was thinking that somehow boot into rescue/safe mode (with networking) will start things (without any 3rd party stuff) after which things can hopefully be cleaned out from within the Windows interface.

    Hopefully someone can pitch in to help with the boot DOT ini edit.

    HTH.

  • Falco33Falco33 Member

    Try removing/disabling the TAP adapter that PureVPN uses. You can find it under your Device Manager > Network Adapters.

    Thanked by 1netomx
  • @nullnothere said: @rudolphd - the boot DOT ini file should be in the C:\ drive or partition (or so I thought) - hopefully you'll be able to find it and edit it. It should be a plain text file AFAIK.

    @Falzo - this PureVPN client has some sort of a "kill" switch (apparently for security) which will result in no internet if the VPN doesn't work/connect - so if that is on (not sure), if the VPN doesn't start, you're toast because the net is locked down.

    I was thinking that somehow boot into rescue/safe mode (with networking) will start things (without any 3rd party stuff) after which things can hopefully be cleaned out from within the Windows interface.

    Hopefully someone can pitch in to help with the boot DOT ini edit.

    HTH.

    I did a 'research' on boot_ini file and all I could find was that it was used in previous windows versions, like XP and Vista. Now instead of boot_ini there is BOOTMGR.

    nullnothere said: this PureVPN client has some sort of a "kill" switch

    Weird that it's still on if I removed PureVPN folder.. It must be the service that is run from PureVPN folder, which doesn't have the .exe file to run anymore ... Or a firewall rule as you said previously.

  • rudolphdrudolphd Member
    edited March 22

    @Falco33 said: Try removing/disabling the TAP adapter that PureVPN uses. You can find it under your Device Manager > Network Adapters.

    How can I do that if I have only access to Windows file system (system drive) ? Is there some particular file for this ?

    So I guess these are the 3 drivers I need to remove ?

    Another device that has been installed at the same time

    So these 2 are from PureVPN:

    Microsoft Hosted Network Virtual Adapter (vwifimp.sys)

    TAP-Windows Adapter V9 (tap0901.sys)

    EDIT: Just tried to find these 2 drivers and they were not in /Windows/System32/drivers

    So the remote server might have crashed right before drivers started installing, as I remember it prompted me to accept TAP driver installation and then suddenly 'connection lost' with remote desktop.

  • @rudolphd - right on the boot dot ini being only in older Win versions. My bad.

    Give hivexsh a try and disable the firewall (and I hope that works). For reference you can look at your own (local) PC's registry to get a couple of clues. Other option is to do clobber the Kimsufi registry with your own local PC registry (or some such drastic measure) but beware that's probably the end of the game.

    One more idea - since you do have PureVPN installed on your own PC, take a look at the Windows Firewall (look at the group policy as well) and you may get the details on the kill switch setting that you can then disable on the Kimsufi.

    See: https://null-byte.wonderhowto.com/forum/editing-windows-firewall-from-linux-0164592/

    Thanked by 1netomx
  • Falco33Falco33 Member

    rudolphd said: How can I do that if I have only access to Windows file system (system drive) ? Is there some particular file for this ?

    Sorry, I thought you had access using rescue mode. :(

  • rudolphdrudolphd Member
    edited March 24

    Has anyone has any ideas ?

    I'm agreeing with what @nullnothtere said about kill switch, it probably caused all this

    Main option “Activate Internet Kill Switch”: It just stop internet activity if VPN drops and will not redial automatically until you select the sub option “Auto-redial if VPN connection drops”

    After installing it tried to stop the internet connection and did it permanently, now every time I start the server It's not receiving any connections.

    https://support.purevpn.com/internet-kill-switch-what-why-how-to

    After reading the troubleshoot I'm now wondering how to restore network settings defaults if I have no access to the server itself, only through file system. I tried to find firewall folder in registry, but it seems that there are no folders for WindowsFirewall anymore, even on my local pc (win 10).

    cd \Policies\Microsoft\WindowsFirewall\

    Remote 'Windows Server 2016' through SSH

    I found that there are some firewall entries on my PC in

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules

    PureVPN is also there

    {BF8CC8C2-53D3-409F-9714-315CB51F2933} v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files (x86)\PureVPN\vpnclient.exe|Name=PureStealth VPN Client|Desc=PureStealth VPN Client|

    But there is no such folder CurrentControlSet on the remote PC.

    I tried to list all keys in ControlSet001, but there are none.

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules

  • msg7086msg7086 Member

    Try booting your hdd using kvm from your rescue, you can get vnc access from kvm.

  • myhkenmyhken Member

    msg7086 said: Try booting your hdd using kvm from your rescue, you can get vnc access from kvm.

    And you have many Kimsufi servers I see? If you had, you had known that Kimsufi have don't have KVM access.

    Kenneth Myhre WindowsTemplate.com - free Windows templates for OVH/Hetzner/Kimsufi/Online.net

    Powered by Hetzner.com, backed up by OVH, Kimsufi and VULTR.com

  • rudolphd said: [...]

    I'm pretty sure that the firewall rule is there somewhere in the registry and you'll have to use your local PC as a guinea pig and figure out where it is. Once you do that reliably, I think you can nuke it on the remote PC via the same rescue mode editing the registry and then hope it'll come back up nicely.

    What you can try to do is to use one of the sysinternal tools that monitors registry access, and then run whatever to try and disable/enable the firewall rules (group policy as well) and see what it touches/modifies. You can then try to clean that out from the remote system.

    Hope this helps.

Sign In or Register to comment.