fleetspeak client is unable to communicate with the server

[Ibrahim-cmd1]

Environment

• How did you install GRR? [e.g. from release DEB, HEAD DEB, PIP package, source] from release DEB
• What GRR version are you running?: [e.g. 3.1.2.3] 3.4.5.1
• What operating system does the GRR server run on? [e.g. Ubuntu 18.04] Ubuntu 18.04
• What operating system does the affected GRR client run on, if applicable? [e.g. Windows 10] Windows 10

Describe the issue I am testing the ability of making fleetspeak client communicate with fleetspeak server through a load balancer. However when I run the clients I get an error related to the certificate "x509: certificate is valid for 192.168.100.100, not 192.168.100.102" noting that: 192.168.100.100 ==> GRR server ip 192.168.100.102 ==> loadbalancer ip Please let me know what could be done to solve this issue? or if anything need to be done on the client or the server to make it loadbalancer aware.

Error logs

E1124 11:28:01.524626     596 system_service.go:250] Unable to get revoked certificate list: unable to retrieve file, last attempt failed with: Get "https://192.168.100.102:443/files/system/RevokedCertificates": x509: certificate is valid for 192.168.100.100, not 192.168.100.102

[mbushkov]

Hi @Ibrahim-cmd1 Quick question: what load balancer do you use? Does it implement the proxy protocol? If so, would adding proxy_protocol: true to /etc/fleetspeak-server/server.components.config help? (see https://grr-doc.readthedocs.io/en/latest/fleetspeak/scaling.html#running-the-fleetspeak-server-component)