Skip to content

Latest commit

 

History

History
205 lines (154 loc) · 10.6 KB

Troubleshooting.md

File metadata and controls

205 lines (154 loc) · 10.6 KB

Barrier Troubleshooting Steps

This guide has steps that can be tried for troubleshooting Barrier. These steps can help isolate the issue and recommend things to try to resolve the issue. Specific steps for making configuration changes outside of Barrier (i.e. Network, Firewall, Permissions, etc...) are outside the scope of this document and the appropriate references should be used.

Document Conventions

  • Text in angle brackets <text> is input supplied by the user
  • Text in italics are user interface elements, items on-screen, or filenames
  • Text in a monospaced font are keyboard shortcuts, prompts, commands, or command output

Things to Check

Most of the tools used to troubleshoot in this guide are run from a text-based command line. These are some possible steps to get to the command line interface.

Note: None of the below commands should require elevated access (Administrator cmd.exe, sudo, su, doas, or equivalent) unless specified.

Windows Command Prompt

  1. Press the (⊞ Win) + R to open the Run dialog
  2. In the Open: textbox, type cmd and click OK

Windows PowerShell

  1. Press the (⊞ Win) + R to open the Run dialog
  2. In the Open: textbox, type powershell and click OK

MacOS Terminal.app

  1. Press (⌘ Cmd) + Space to open Spotlight search
  2. Type Terminal.app and press Enter

Linux Virtual Terminal

There are many ways to open a terminal emulator in the GUI on various linux distributions. If you do not know how to access a terminal emulator (xterm, konsole, gnome-terminal, etc...) the steps for accessing the console are fairly standard. Press Ctrl + Alt and one of the Function keys (usually F1 through F7) to switch between back and forth between the GUI and virtual terminals.

Back to Top

Barrier uses multiple process to create the software KVM effect. If using the GUI, check that GUI icon is in the system tray (Windows or some Linux desktops) or on the right side of the menu bar (MacOS). The GUI is only used to configure and control the client or server processes.

Windows Processes

  • Press Ctrl + Shift + Esc to open the Task Manager
  • Click on the Details tab and click on the Name header to sort by name
  • Look for the barrier.exe process if the GUI is running
  • Look for the barrierd.exe process
  • Look for the barrierc.exe process on a client
  • Look for the barriers.exe process on a server

Linux/Unix/MacOS

  • Use ps and grep commands to find barrier processes:
ps -ax -o user,pid,command | grep -i [b]arrier
  • Look for the barrier process if the GUI is running
  • Look for the barrierc process on a client
  • Look for the barriers process on a server

Note: Including the brackets [] in the grep syntax prevents it from matching instances of grep in the process list.

Back to Top

Barrier needs network connectivity between machines to work. The easiest way to test this is with the ping or Test-Connection commands.

Windows Command Prompt

ping <hostname or IP>

Windows PowerShell

Test-Connection -ComputerName <hostname or IP>

Linux/Unix/MacOS Command Line

ping -c 4 <hostname or IP>

If successful you should see four replies with the IP address and the time (in milliseconds)

Steps to try if unsuccessful:

  • Make sure that both devices are either on the same Local Area Network (LAN) or check that the LANs they are on are connected and routing
  • Make sure that ping (ICMP) is being allowed through any software firewalls or hardware firewalls between the devices. (This can be turned back off after troubleshooting is resolved)
  • If using a hostname, make sure you are able to resolve that hostname to an IP address (Local DNS Server, mDNS, Avahi, NETBIOS, /etc/hosts, or equivalent method). Alternatively, consider using IP addresses instead

Back to Top

The server listens for a network connection on port 24800. You can test connectivity to this port from both the server and its clients. Check connectivity from the server to itself first to make sure it is accepting connections, then check that you can connect to the server across the network from the client.

  • Make sure the server has been started in the Barrier GUI or that the required processes are running first

Windows PowerShell Test-NetConnection

  • In the PowerShell window run:
Import-Module NetTCPIP
Test-NetConnection -ComputerName <hostname or IP> -Port 24800
  • If you see TcpTestSucceeded : True you are able to connect to the server

Note: If you know of an easy way to test SSL connectivity with Windows please feel free to contribute it here. This method only tests connectivity to the port.

Windows OpenSSL Client Connect

The openssl command used below for Linux/Unix/MacOS to test connectivity and SSL encryption can be obtained for Windows from various third parties distributions. Check the OpenSSL Wiki for more information.

Linux/Unix/MacOS OpenSSL Client Connect

  • Use the openssl command in the terminal to connect to the server by hostname:
$ openssl s_client -connect <hostname or ip>:24800 | head
  • If you see CONNECTED you are able to connect to the server
  • If you see Server Certificate the SSL encryption is working
  • You may see verify error:num=18:self signed certificate. Barrier generates a self-signed certificate, so this is nothing to be concerned about

Steps to try if unsuccessful:

  • Make sure the Barrier server process is runnning
  • Make sure that port 24800 inbound is being allowed through any software firewalls or hardware firewalls between the devices
  • Make sure that port 24800 outbound is being allowed through any software firewalls on the client
  • Instructions for adding Barrier to the Windows firewall can be found here

Back to Top

Multiple instances of the background services that Barrier uses (barriers on the server, and barrierc on the client) can cause issues. For example, if another barriers process is running in the backround it will prevent the current process from binding to port 24800 and you may see incorrect status in the GUI.

Windows

  • Press Ctrl + Shift + Esc to open the Task Manager
  • Click on the Details tab and click on the Name header to sort by name
  • Make sure there is only one barrier.exe process if the GUI is running
  • Make sure there is only one barriers.exe and one barrierd.exe process if the server is running
  • Make sure there is only one barrierc.exe and one barrierd.exe process if the client is running

Linux/Unix/MacOS

  • Use grep and ps to find barrier processes
ps -ax -o user,pid,command | grep -i [b]arrier
  • Make sure there is only one barrier process if the GUI is running
  • Make sure there is only one barriers process if the server is running
  • Make sure there is only one barrierc process if the client is running

Note: The barrier command line arguments may make a single command wrap on the terminal to more than one line

Steps to try if unsuccessful:

  • Try stopping all of the barrier processes (End Task on Windows, kill <pid> on Linux/Unix/MacOS) and relaunching the program
  • Try restarting the computer

Back to Top

Barrier uses fingerprints to validate that a malicious server is not trying to intercept a client connection. These fingerprints may be automatically generated if Auto Config is selected in the client. If your client does not trust the fingerprint it will refuse the connection.

The TrustedServers.txt file should contain the fingerprint found in the Local.txt file on the server.

View the server fingerprint in the GUI

  • Open the main Barrier GUI window
  • The SSL Fingerprint: field in the Server section shows the current server fingerprint

View the fingerprints on Windows

  • Open File Explorer
  • In the path bar enter %LocalAppData%\Barrier\SSL\Fingerprints
  • Double-click either Local.txt for the server fingerprints, or TrustedServers.txt to view the fingerprints trusted by the client

View the fingerprints on MacOS

  • To view the trusted fingerprints on the client use the more command to view the TrustedServers.txt file:
more ~/Library/Application\ Support/barrier/SSL/Fingerprints/TrustedServers.txt
  • To view the server fingerprint on the server use the more command again:
more ~/Library/Application\ Support/barrier/SSL/Fingerprints/Local.txt

View the trusted fingerprints on Linux or Unix

  • To view the trusted fingerprints on the client use the more command to view the TrustedServers.txt file:
more ~/.local/share/barrier/SSL/Fingerprints/TrustedServers.txt
  • To view the server fingerprint on the server use the more command again:
more ~/.local/share/barrier/SSL/Fingerprints/Local.txt

On Linux or Unix systems the barrier TrustedServers.txt or Local.txt files may not always be in the same place depending on your system configuration. If they are elsewhere, use the find command to locate them.

find / -type f -name '*TrustedServers.txt' 2>/dev/null
find / -type f -name '*Local.txt' 2>/dev/null

Note 1: These find commands may find other files with the same names. Check that the path includes barrier

Note 2: The 2>/dev/null is to hide Permission denied errors you would otherwise get from searching directories you do not have permission for as a normal user

Steps to try if unsuccessful:

  • Try to copy & paste the contents of Local.txt on the server into the TrustedServers.txt file manually

Back to Top