Month: December 2016

After the Global Protect is disconnected, wireless adapters are unable to restore the DNS configuration.

Here is an issue that has been observed with Palo Alto Network’s Global Protect VPN.
A] Problem Description :
      ==================
— Users use wireless network for successful global protect connection.
— After the GP is disconnected, wireless adapters are unable to restore the DNS configuration.
— I have tested the working with GP Agents 2.3.4, 3.1.0 , 3.1.1, 3.1.2, 3.1.3 and 3.1.4. All of these versions show same behavior.
— References Release Notes:
Issue Identifiers : Release Note
102244 : 3.1.1
100000 : 3.1.2
GPC-3363 : 3.1.3
GPC-3431 : 3.1.4

B] Expected behavior should be : After GP is disconnected, the DNS configurations pushed from the FW should be flushed.

C] This is a known bug, however here is a work around that I came up with.

  1.  Configure a batch script to set the dns of the wireless adapters to dhcp.(Filename: SetDNSScript.bat).
    setdnsscript
  2. Customize the Global Protect msi installer to run the script after GP disconnects.
    You can do this using msiexec – a windows Installer program. Open the command prompt and type the following :
    ” msiexec /i GlobalProtect64.msi PREVPNDISCONNECTCOMMAND=”C:\SetDNSScript.bat” PREVPNDISCONNECTCONTEXT=”admin” PREVPNDISCONNECTFILE=”%userprofile%\SetDNSScript.bat” PREVPNDISCONNECTERRORMSG=”Failed executing post-vpn-connect action” “
  3. You may create a create a batch file to perform deployment(Filename: DeployGP.bat).
  4. This resolved the issue.

    NOTE :
    a) The problem here is we need admin rights or the admin credentials to set the dns of the wireless adapters to dhcp. Practically this wont be possible if the issue is being face by large number of users (users with out admin rights).

    b) DeployGP.bat :
    —————-
    msiexec /i GlobalProtect64.msi PREVPNDISCONNECTCOMMAND=”C:\SetDNSScript.bat” PREVPNDISCONNECTCONTEXT=”admin” PREVPNDISCONNECTFILE=”%userprofile%\SetDNSScript.bat” PREVPNDISCONNECTERRORMSG=”Failed executing post-vpn-connect action”

    SetDNSScript.bat :
    —————
    psexec -u <admin_name> -p <admin_password> netsh interface ip set dns “<Name of Adapter 1>” dhcp
    psexec -u <admin_name> -p <admin_password> netsh interface ip set dns “<Name of Adapter 2>” dhcp
    psexec -u <admin_name> -p <admin_password> netsh interface ip set dns “<Name of Adapter 3>” dhcp
    psexec -u <admin_name> -p <admin_password> netsh interface ip set dns “<Name of Adapter 4>” dhcp
    psexec -u <admin_name> -p <admin_password> netsh interface ip set dns “<Name of Adapter 5>” dhcp
    ipconfig /renew
    pause

Create a new user with sudo permission in Kali Linux 2

  1. Open the terminal and type in the command :
    useradd -m username
    ## -m creates a home directory for the user.
    useradd
  2. Set the password for the above user :
    passwd username
    ## This will prompt you to enter a password.
    userpassword
  3. At this point we have added a new user. But we need to put this user in “sudoers” group so that this user can use “sudo” commandto perform administrative tasks.

    Type in the command :
    usermod -a -G sudo Testuser
    ## -a means add
    ## -G sudo means to add the user to sudoers group
    usersudoersgroup

  4. Atlast we have to specify the shell for the new user.
    Excecute the following command:
    chsh -s /bin/bash username

    NOTE :
    a. You can delete the user using the following command :
    userdel username

    b. In the above screenshots the commands are preceeded by “sudo” because these have been executed by a non root user.