VPN program messed up Windows Server on Kimsufi

VPN program messed up Windows Server on Kimsufi

rudolphdrudolphd Member
edited March 20 in Help

I somehow messed up my Windows 10 server on Kimsufi.

I installed PureVPN, after the installation something happened and I got disconnected from the RDP. Probably because PureVPN installed some weird network adapters that could have been set up as default or something. I don't know exactly.

And now I'm having a trouble connecting to this server, I have restarted many times, in rescue mode it shows 100% OK.

I'm pinging this server it shows that it's off (Request timed out.), so this VPN must have ruined some startup/LAN settings for this Windows Kimsufi.

Is there a way to fix this without reinstalling ?

I'm currently thinking of transferring all the data from this server to another server through SFTP, and reinstalling, and sending back all 2TB of data.

Comments

  • This will because when you connect to a VPN for example it usually stops network activity going through LAN for example. The client tries to re-route all connections through a VPN which works but you no longer get RDP etc cause the ports don't forward through.

    If you've set it to run on startup you're in a pretty sticky situation.

    Jr System Administrator

    Thanked by 2rudolphd netomx
  • myhkenmyhken Member

    First, do you have an active monitor on that server? If so, you have to turn it off, or else Kimsufi will think there is something wrong with your server, since Windows do not accept ping default.

    So there is nothing wrong that you can't ping your server. I can't ping any of my 6 Kimsufi servers running Windows. (or my OVH server or my Hetzner server).

    As you say PureVPN must have installed some network stuff, that block you access, if it not just so simple that you have autologon and that when your server start, the VPN also start, and then you have to connect via the VPN IP and not the server IP.

    Kenneth Myhre WindowsTemplate.com - free Windows templates for OVH/Hetzner/Kimsufi/Online.net

    Powered by Hetzner.com, backed up by OVH, Kimsufi and VULTR.com

    Thanked by 1rudolphd
  • figurefigure Member

    For future reference, I always install Teamviewer before I do anything else on windows kimsufi, to have a way in if it goes belly up.

  • The easiest way I can think of (if you're pretty sure it's the VPN) is to boot into rescue mode, mount the Windows FS and just rename the relevant executable (or the entire VPN folder) which will then result in missing path/executable and so the VPN wont auto start and tada... you'll be all set :-)

  • FalzoFalzo Member

    @HyperSpeed said: This will because when you connect to a VPN for example it usually stops network activity going through LAN for example. The client tries to re-route all connections through a VPN which works but you no longer get RDP etc cause the ports don't forward through.

    I agree that the VPN itself rerouting all traffic is most likely the problem here.

    don't know much about purevpn but maybe you can disable connections inside your account or change the password needed for the login or something like that so that the purevpn client will simply timeout after you restartet your server?

    Netcup KVM DE: 2vC 2GB 40GB SAS 2,99€ or 2xE5 6GB 320GB SAS 6,99€ | 5€ off 1st order: 36nc14892246254 / 36nc14892246257 UltraVPS.eu KVM in US/NL/DE, 15% off 6months: 2GB & SSD from 4,5€ or 1GB & HDD from 3€

  • figurefigure Member

    Do you use RDP Defender or similar to block people trying to login to your windows kimsufi as admin?

  • @Falzo said:

    @HyperSpeed said: This will because when you connect to a VPN for example it usually stops network activity going through LAN for example. The client tries to re-route all connections through a VPN which works but you no longer get RDP etc cause the ports don't forward through.

    I agree that the VPN itself rerouting all traffic is most likely the problem here.

    don't know much about purevpn but maybe you can disable connections inside your account or change the password needed for the login or something like that so that the purevpn client will simply timeout after you restartet your server?

    Simplistic. I like it. In theory if the psssword is incorrect it shouldn't connect as you've mentioned so that should / would be the easiest way I could think of but you'd probably need to reboot to force a disconnection.

    Hats off for thinking outside of the box!

    Jr System Administrator

    Thanked by 1Falzo
  • rudolphdrudolphd Member
    edited March 22

    @nullnothere said: The easiest way I can think of (if you're pretty sure it's the VPN) is to boot into rescue mode, mount the Windows FS and just rename the relevant executable (or the entire VPN folder) which will then result in missing path/executable and so the VPN wont auto start and tada... you'll be all set :-)

    Is there a way to stop this service from running from rescue mode ? There is an exe file, but I think there may also be some kind of a driver.

    @Falzo - here is the service that is probably launched on startup which as you said is rerouting all traffic.

    EDIT:

    I mounted system drive while in rescue mode. I deleted PureVPN folder, but still I can't connect. So there must be some kind of a driver in %windows% or system32 folder...

  • I have no clues on the innards of this VPN client. I'd say that you first disable it and get your (Kimsufi) box back to functional state and experiment with this tool on a local box/VM where you can "risk" being locked out and recover much more easily. You can test things out in terms of settings and then migrate whatever works nicely to the Kimsufi box.

    I assume that since you've taken this screenshot you're back to accessing this server?

    Also, just to clarify, I meant Kimsufi rescue environment (like Linux) where you can mount the Windows FS and just rename/delete the EXE or folder and it should stop this nefarious thing from starting up at boot.

    Thanked by 1netomx
  • There may be a "virtual adapter" that the VPN client installs that you probably have to disable or delete. I'm surprised though that despite you removing the folder/executable's there's still something that's holding on to the network preventing you from connecting (unless it's some sort of a firewall rule).

    Sorry I don't have any specifics to help out in this regard but hopefully @Falzo or other's who may have more Windows ideas may be able to help.

    BTW, a quick Google search points to a "Internet Kill Switch" that comes as part of PureVPN which in effect helps "protect" you by preventing internet traffic if the VPN drops.

    That seems like it's a (Windows) firewall rule - so somehow disabling that rule should at least get you back in.

    Hope this helps.

  • rudolphdrudolphd Member
    edited March 22

    nullnothere said: I assume that since you've taken this screenshot you're back to accessing this server?

    No, I have installed PureVPN on my PC also. And those other screenshots are taken from WinSCP through which I removed the PureVPN folder (which is located on the non-working kimsufi server)

  • Can you try to modify the boot DOT ini file to force a network safe mode boot which should hopefully help you connect via rdp?

    See: http://serverfault.com/questions/55063/remote-restart-into-safe-mode-windows

    [Aargh stupid *Flare is not letting me post...]

  • rudolphdrudolphd Member
    edited March 22

    nullnothere said: That seems like it's a (Windows) firewall rule - so somehow disabling that rule should at least get you back in.

    Windows firewall rules are stored in registry, I think then I'm gonna have to download the whole registry and edit out PureVPN entries on my local PC.

    nullnothere said: Can you try to modify the boot DOT ini file to force a network safe mode boot which should hopefully help you connect via rdp?

    I can't find the boot_ini file somehow, I mounted boot partition, but all files there are in non-text format.

    EDIT:

    [email protected]:~# mount /dev/sda2 /mnt/ -o show_sys_files

    Showed more files, but again, they all are in non-text format..

  • FalzoFalzo Member
    edited March 22

    have you tried changing your purevpn login-data as suggested above, so that the client won't be able to connect at all?

    though I am not familiar with how authentification is done by the purevpn-client, from their wiki it looks like this should be doable

    Netcup KVM DE: 2vC 2GB 40GB SAS 2,99€ or 2xE5 6GB 320GB SAS 6,99€ | 5€ off 1st order: 36nc14892246254 / 36nc14892246257 UltraVPS.eu KVM in US/NL/DE, 15% off 6months: 2GB & SSD from 4,5€ or 1GB & HDD from 3€

  • @Falzo said: have you tried changing your purevpn login-data as suggested above, so that the client won't be able to connect at all?

    though I am not familiar with how authentification is done by the purevpn-client, from their wiki it looks like this should be doable

    I changed the pw and no, doesn't work. Ping also shows 'timed out'. It might be a firewall rule as the user above mentioned... Or some driver that I don't know about PureVPN has installed...

  • @rudolphd - the boot DOT ini file should be in the C:\ drive or partition (or so I thought) - hopefully you'll be able to find it and edit it. It should be a plain text file AFAIK.

    @Falzo - this PureVPN client has some sort of a "kill" switch (apparently for security) which will result in no internet if the VPN doesn't work/connect - so if that is on (not sure), if the VPN doesn't start, you're toast because the net is locked down.

    I was thinking that somehow boot into rescue/safe mode (with networking) will start things (without any 3rd party stuff) after which things can hopefully be cleaned out from within the Windows interface.

    Hopefully someone can pitch in to help with the boot DOT ini edit.

    HTH.

  • Falco33Falco33 Member

    Try removing/disabling the TAP adapter that PureVPN uses. You can find it under your Device Manager > Network Adapters.

    Thanked by 1netomx
  • @nullnothere said: @rudolphd - the boot DOT ini file should be in the C:\ drive or partition (or so I thought) - hopefully you'll be able to find it and edit it. It should be a plain text file AFAIK.

    @Falzo - this PureVPN client has some sort of a "kill" switch (apparently for security) which will result in no internet if the VPN doesn't work/connect - so if that is on (not sure), if the VPN doesn't start, you're toast because the net is locked down.

    I was thinking that somehow boot into rescue/safe mode (with networking) will start things (without any 3rd party stuff) after which things can hopefully be cleaned out from within the Windows interface.

    Hopefully someone can pitch in to help with the boot DOT ini edit.

    HTH.

    I did a 'research' on boot_ini file and all I could find was that it was used in previous windows versions, like XP and Vista. Now instead of boot_ini there is BOOTMGR.

    nullnothere said: this PureVPN client has some sort of a "kill" switch

    Weird that it's still on if I removed PureVPN folder.. It must be the service that is run from PureVPN folder, which doesn't have the .exe file to run anymore ... Or a firewall rule as you said previously.

  • rudolphdrudolphd Member
    edited March 22

    @Falco33 said: Try removing/disabling the TAP adapter that PureVPN uses. You can find it under your Device Manager > Network Adapters.

    How can I do that if I have only access to Windows file system (system drive) ? Is there some particular file for this ?

    So I guess these are the 3 drivers I need to remove ?

    Another device that has been installed at the same time

    So these 2 are from PureVPN:

    Microsoft Hosted Network Virtual Adapter (vwifimp.sys)

    TAP-Windows Adapter V9 (tap0901.sys)

    EDIT: Just tried to find these 2 drivers and they were not in /Windows/System32/drivers

    So the remote server might have crashed right before drivers started installing, as I remember it prompted me to accept TAP driver installation and then suddenly 'connection lost' with remote desktop.

  • @rudolphd - right on the boot dot ini being only in older Win versions. My bad.

    Give hivexsh a try and disable the firewall (and I hope that works). For reference you can look at your own (local) PC's registry to get a couple of clues. Other option is to do clobber the Kimsufi registry with your own local PC registry (or some such drastic measure) but beware that's probably the end of the game.

    One more idea - since you do have PureVPN installed on your own PC, take a look at the Windows Firewall (look at the group policy as well) and you may get the details on the kill switch setting that you can then disable on the Kimsufi.

    See: https://null-byte.wonderhowto.com/forum/editing-windows-firewall-from-linux-0164592/

    Thanked by 1netomx
  • Falco33Falco33 Member

    rudolphd said: How can I do that if I have only access to Windows file system (system drive) ? Is there some particular file for this ?

    Sorry, I thought you had access using rescue mode. :(

Sign In or Register to comment.