-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Troubleshooting
This guide has steps that can be tried for troubleshooting Barrier. These steps can help isolate the issue and recommend things to try to resolve the issue. Specific steps for making configuration changes outside of Barrier (i.e. Network, Firewall, Permissions, etc...) are outside the scope of this document and the appropriate references should be used.
- Text in angle brackets
<text>
is input supplied by the user - Text in italics are user interface elements, items on-screen, or filenames
- Text in a
monospaced font
are keyboard shortcuts, prompts, commands, or command output
- The Command Line
- Processes Running
- Server Reachability
- Server Listening
- Multiple Instances
- Fingerprint Trust
Most of the tools used to troubleshoot in this guide are run from a text-based command line. These are some possible steps to get to the command line interface.
Note: None of the below commands should require elevated access (Administrator cmd.exe
, sudo
, su
, doas
, or equivalent) unless specified.
- Press the
(⊞ Win) + R
to open the Run dialog - In the Open: textbox, type
cmd
and click OK
- Press the
(⊞ Win) + R
to open the Run dialog - In the Open: textbox, type
powershell
and click OK
- Press
(⌘ Cmd) + Space
to open Spotlight search - Type
Terminal.app
and pressEnter
There are many ways to open a terminal emulator in the GUI on various linux distributions. If you do not know how to access a terminal emulator (xterm
, konsole
, gnome-terminal
, etc...) the steps for accessing the console are fairly standard. Press Ctrl + Alt
and one of the Function keys (usually F1
through F7
) to switch between back and forth between the GUI and virtual terminals.
Barrier uses multiple process to create the software KVM effect. If using the GUI, check that GUI icon is in the system tray (Windows or some Linux desktops) or on the right side of the menu bar (MacOS). The GUI is only used to configure and control the client or server processes.
- Press
Ctrl + Shift + Esc
to open the Task Manager - Click on the Details tab and click on the Name header to sort by name
- Look for the
barrier.exe
process if the GUI is running - Look for the
barrierd.exe
process - Look for the
barrierc.exe
process on a client - Look for the
barriers.exe
process on a server
ps -ax -o user,pid,command | grep -i [b]arrier
- Look for the
barrier
process if the GUI is running - Look for the
barrierc
process on a client - Look for the
barriers
process on a server
Note: Including the brackets [] in the grep
syntax prevents it from matching instances of grep
in the process list.
Barrier needs network connectivity between machines to work. The easiest way to test this is with the ping or Test-Connection commands.
ping <hostname or IP>
Test-Connection -ComputerName <hostname or IP>
ping -c 4 <hostname or IP>
If successful you should see four replies with the IP address and the time (in milliseconds)
Steps to try if unsuccessful:
- Make sure that both devices are either on the same Local Area Network (LAN) or check that the LANs they are on are connected and routing
- Make sure that ping (ICMP) is being allowed through any software firewalls or hardware firewalls between the devices. (This can be turned back off after troubleshooting is resolved)
- If using a hostname, make sure you are able to resolve that hostname to an IP address (Local DNS Server, mDNS, Avahi, NETBIOS,
/etc/hosts
, or equivalent method). Alternatively, consider using IP addresses instead
The server listens for a network connection on port 24800. You can test connectivity to this port from both the server and its clients. Check connectivity from the server to itself first to make sure it is accepting connections, then check that you can connect to the server across the network from the client.
- Make sure the server has been started in the Barrier GUI or that the required processes are running first
- In the PowerShell window run:
Import-Module NetTCPIP
Test-NetConnection -ComputerName <hostname or IP> -Port 24800
- If you see
TcpTestSucceeded : True
you are able to connect to the server
Note: If you know of an easy way to test SSL connectivity with Windows please feel free to contribute it here. This method only tests connectivity to the port.
The openssl
command used below for Linux/Unix/MacOS to test connectivity and SSL encryption can be obtained for Windows from various third parties distributions. Check the OpenSSL Wiki for more information.
- Use the openssl command in the terminal to connect to the server by hostname:
$ openssl s_client -connect <hostname or ip>:24800 | head
- If you see
CONNECTED
you are able to connect to the server - If you see
Server Certificate
the SSL encryption is working - You may see
verify error:num=18:self signed certificate
. Barrier generates a self-signed certificate, so this is nothing to be concerned about
Steps to try if unsuccessful:
- Make sure the Barrier server process is runnning
- Make sure that port
24800
inbound is being allowed through any software firewalls or hardware firewalls between the devices - Make sure that port
24800
outbound is being allowed through any software firewalls on the client - Instructions for adding Barrier to the Windows firewall can be found here
Multiple instances of the background services that Barrier uses (barriers
on the server, and barrierc
on the client) can cause issues. For example, if another barriers
process is running in the backround it will prevent the current process from binding to port 24800
and you may see incorrect status in the GUI.
- Press
Ctrl + Shift + Esc
to open the Task Manager - Click on the Details tab and click on the Name header to sort by name
- Make sure there is only one
barrier.exe
process if the GUI is running - Make sure there is only one
barriers.exe
and onebarrierd.exe
process if the server is running - Make sure there is only one
barrierc.exe
and onebarrierd.exe
process if the client is running
- Use
grep
andps
to find barrier processes
ps -ax -o user,pid,command | grep -i [b]arrier
- Make sure there is only one
barrier
process if the GUI is running - Make sure there is only one
barriers
process if the server is running - Make sure there is only one
barrierc
process if the client is running
Note: The barrier command line arguments may make a single command wrap on the terminal to more than one line
Steps to try if unsuccessful:
- Try stopping all of the barrier processes (End Task on Windows,
kill <pid>
on Linux/Unix/MacOS) and relaunching the program - Try restarting the computer
Barrier uses fingerprints to validate that a malicious server is not trying to intercept a client connection. These fingerprints may be automatically generated if Auto Config is selected in the client. If your client does not trust the fingerprint it will refuse the connection.
The TrustedServers.txt file should contain the fingerprint found in the Local.txt file on the server.
- Open the main Barrier GUI window
- The SSL Fingerprint: field in the Server section shows the current server fingerprint
- Open File Explorer
- In the path bar enter
%LocalAppData%\Barrier\SSL\Fingerprints
- Double-click either Local.txt for the server fingerprints, or TrustedServers.txt to view the fingerprints trusted by the client
- To view the trusted fingerprints on the client use the more command to view the TrustedServers.txt file:
more ~/Library/Application\ Support/barrier/SSL/Fingerprints/TrustedServers.txt
- To view the server fingerprint on the server use the
more
command again:
more ~/Library/Application\ Support/barrier/SSL/Fingerprints/Local.txt
- To view the trusted fingerprints on the client use the more command to view the TrustedServers.txt file:
more ~/.local/share/barrier/SSL/Fingerprints/TrustedServers.txt
- To view the server fingerprint on the server use the
more
command again:
more ~/.local/share/barrier/SSL/Fingerprints/Local.txt
On Linux or Unix systems the barrier TrustedServers.txt or Local.txt files may not always be in the same place depending on your system configuration. If they are elsewhere, use the find command to locate them.
find / -type f -name '*TrustedServers.txt' 2>/dev/null
find / -type f -name '*Local.txt' 2>/dev/null
Note 1: These find
commands may find other files with the same names. Check that the path includes barrier
Note 2: The 2>/dev/null
is to hide Permission denied errors you would otherwise get from searching directories you do not have permission for as a normal user
Steps to try if unsuccessful:
- Try to copy & paste the contents of Local.txt on the server into the TrustedServers.txt file manually