search

hashicorp / vagrant

Vagrant is a tool for building and distributing development environments.
https://www.vagrantup.com
Other
26.33k stars 4.44k forks source link

Validate VirtualBox hostonly network range is broken in WSL1 #12642

Open jstangroome opened 2 years ago

jstangroome commented 2 years ago

Vagrant version

v2.2.19, bug did not occur in v2.2.18

Host operating system

Windows 11, Version 21H2 (OS Build 22000.376) with Virtualbox 6.1.30 r148432

Guest operating system

ubuntu/focal64

Vagrantfile

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|
  config.vm.define "database" do |machine|
    machine.vm.box = "ubuntu/focal64"
    machine.vm.network :private_network, ip: "10.0.1.100", netmask: "255.255.254.0"
  end
end

Expected behavior

Vagrant should recognize that it is being executed inside the WSL1 (Windows Subsystem for Linux) environment and therefore Virtualbox is running on the Windows host where the hostonly network range is not enforced and there is no /etc/vbox/networks.conf file for Windows hosts.

Actual behavior

Linux Vagrant inside WSL checked for the presence of /etc/vbox/networks.conf inside the WSL filesystem, found it absent, assumed the default Virtualbox network range applies and prevented vagrant up with the error message:

==> database: Clearing any previously set network interfaces...
The IP address configured for the host-only network is not within the
allowed ranges. Please update the address used to be within the allowed
ranges and run the command again.

  Address: 10.0.1.100
  Ranges: 192.168.56.0/21

Valid ranges can be modified in the /etc/vbox/networks.conf file. For
more information including valid format see:

  https://www.virtualbox.org/manual/ch06.html#network_hostonly

Steps to reproduce

  1. Open a WSL1 Ubuntu terminal with linux Vagrant installed matching the Vagrant version on the Windows host
  2. export VAGRANT_WSL_ENABLE_WINDOWS_ACCESS=1
  3. vagrant up

Can be worked around by creating a dummy /etc/vbox/networks.conf file inside the WSL filesystem (which is not used by the host's Virtualbox) and adding the required address range.

The bug also does not exist if vagrant up is executed with the Windows version of Vagrant from a Windows Command Prompt, avoiding WSL1.

References

https://github.com/hashicorp/vagrant/pull/12564

2xyo commented 2 years ago

Same issue here but the workaround does't fix the issue:

Host operating system

Microsoft Windows 11 Professionnel Version 10.0.22000 Build 22000 with Virtualbox Version 6.1.32 r149290 (Qt5.6.2)

$ cat /etc/vbox/networks.conf
0.0.0.0/0 ::/0

$ cat Vagrantfile
Vagrant.configure("2") do |config|

config.vm.define "attack-range-splunk-server" do |config|
  VM_NAME= "attack-range-splunk-server"
  config.vm.box = "generic/ubuntu1804"
  config.vm.hostname = "#{VM_NAME}"
  config.vm.boot_timeout = 600
  config.vm.network "forwarded_port", guest: 8000, host: 8000, protocol: "tcp"
  config.vm.network "forwarded_port", guest: 8089, host: 8089, protocol: "tcp"
  config.vm.network :private_network, ip: "10.0.1.12"

  config.vm.provision "ansible" do |ansible|
      ansible.playbook = "../ansible/splunk_server.yml"
      ansible.config_file = "../ansible/ansible.cfg"
      ansible.compatibility_mode = "2.0"
      ansible.extra_vars = {
        ansible_python_interpreter: "/usr/bin/python3",
        splunk_admin_password: 'I-l1ke-Attack-Range!',
        splunk_url: 'https://download.splunk.com/products/splunk/releases/8.0.2/linux/splunk-8.0.2-a7f645ddaf91-Linux-x86_64.tgz',
        splunk_binary: 'splunk-8.0.2-a7f645ddaf91-Linux-x86_64.tgz',
        s3_bucket_url: 'https://attack-range-appbinaries.s3-us-west-2.amazonaws.com',
        splunk_escu_app: 'DA-ESS-ContentUpdate-latest.tar.gz',
        splunk_asx_app: 'Splunk_ASX-latest.tar.gz',
        splunk_windows_ta: 'splunk-add-on-for-microsoft-windows_800.tgz',
        splunk_cim_app: 'splunk-common-information-model-cim_4180.tgz',
        splunk_sysmon_ta: 'splunk-add-on-for-microsoft-sysmon_1062.tgz',
        caldera_password: 'I-l1ke-Attack-Range!',
        splunk_mltk_app: 'splunk-machine-learning-toolkit_510.tgz',
        splunk_bots_dataset: '0',
        splunk_stream_app: 'splunk-stream_720.tgz',
        splunk_python_app: 'python-for-scientific-computing-for-linux-64-bit_200.tgz',
        install_es: '0',
        install_mltk: '0',
        splunk_es_app: 'splunk-enterprise-security_640.spl',
        splunk_es_app_version: '',
        phantom_app: 'phantom-app-for-splunk_305.tgz',
        phantom_server: '0',
        phantom_server_private_ip: '10.0.1.13',
        phantom_admin_password: 'I-l1ke-Attack-Range!',
        splunk_security_essentials_app: 'splunk-security-essentials_310.tgz',
        punchard_custom_visualization: 'punchcard-custom-visualization_140.tgz',
        status_indicator_custom_visualization: 'status-indicator-custom-visualization_140.tgz',
        splunk_attack_range_dashboard: 'splunk_attack_range_reporting-1.0.5.tar.gz',
        timeline_custom_visualization: 'timeline-custom-visualization_140.tgz',
        install_mission_control: '',
        mission_control_app: '',
        install_dsp: '',
        dsp_client_cert_path: '',
        dsp_node: '',
        splunk_server_private_ip: '10.0.1.12',
        cloud_attack_range: '0'
      }
  end

  config.vm.provider "virtualbox" do |vb, override|
    vb.gui = true
    vb.name = "#{VM_NAME}"
    vb.customize ["modifyvm", :id, "--memory", 6144]
    vb.customize ["modifyvm", :id, "--cpus", 4]
    vb.customize ["modifyvm", :id, "--nic1", "hostonly", "--hostonlyadapter1", "VirtualBox Host-Only Ethernet Adapter"]
    #vb.customize ["modifyvm", :id, "--nic1", "natnetwork"]
    #vb.customize ["modifyvm", :id, "--nat-network1", "NatNetwork"]
  end
end

config.vm.define "attack-range-windows-domain-controller" do |config|
  VM_NAME_WIN_DC= "attack-range-windows-domain-controller"
  config.vm.box = "d1vious/windows2016"
  config.vm.hostname = "dc"
  config.vm.boot_timeout = 600
  config.vm.communicator = "winrm"
  config.winrm.transport = :plaintext
  config.winrm.basic_auth_only = true
  config.winrm.timeout = 300
  config.winrm.retry_limit = 20
  config.vm.network "forwarded_port", guest: 5985, host: 6000
  config.vm.network :private_network, ip: "10.0.1.14"
  config.vm.synced_folder '.', '/vagrant', disabled: true

  config.vm.provision "ansible" do |ansible|
      ansible.extra_vars = {
        ansible_port: 6000,
        ansible_winrm_scheme: 'http',
        splunk_server: "1",
        splunk_indexer_ip: "10.0.1.12",
        caldera_server_ip: '10.0.1.12',
        win_password: 'I-l1ke-Attack-Range!',
        splunk_uf_win_url: 'https://download.splunk.com/products/universalforwarder/releases/8.0.2/windows/splunkforwarder-8.0.2-a7f645ddaf91-x64-release.msi',
        nxlog_url: '',
        install_dsp: '',
        win_sysmon_url: 'https://attack-range-appbinaries.s3-us-west-2.amazonaws.com/Sysmon.zip',
        win_sysmon_template: 'AttackRangeSysmon.xml',
        splunk_admin_password: 'I-l1ke-Attack-Range!',
        capture_attack_data: '',
        win_timezone: 'GMT Standard Time',
      }
      ansible.playbook = "../ansible/windows_dc.yml"
      ansible.config_file = "../ansible/ansible.cfg"
      ansible.compatibility_mode = "2.0"
  end

  config.vm.provider "virtualbox" do |vb, override|
    vb.gui = true
    vb.name = "#{VM_NAME_WIN_DC}"
    vb.customize ["modifyvm", :id, "--memory", 2048]
    vb.customize ["modifyvm", :id, "--cpus", 1]
    vb.customize ["modifyvm", :id, "--vram", "32"]
    vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
    vb.customize ["setextradata", "global", "GUI/SuppressMessages", "all" ]
  end
end

$ vagrant up
Bringing machine 'attack-range-splunk-server' up with 'virtualbox' provider...
Bringing machine 'attack-range-windows-domain-controller' up with 'virtualbox' provider...
==> attack-range-splunk-server: Checking if box 'generic/ubuntu1804' version '3.6.8' is up to date...
==> attack-range-splunk-server: Clearing any previously set network interfaces...
The IP address configured for the host-only network is not within the
allowed ranges. Please update the address used to be within the allowed
ranges and run the command again.

  Address: 10.0.1.12
  Ranges:

Valid ranges can be modified in the /etc/vbox/networks.conf file. For
more information including valid format see:

  https://www.virtualbox.org/manual/ch06.html#network_hostonly

From project https://github.com/splunk/attack_range_local

jstangroome commented 2 years ago

Same issue here but the workaround does't fix the issue:

$ cat /etc/vbox/networks.conf
0.0.0.0/0 ::/0

@2xyo your networks.conf is misformatted. Should have a leading asterisk and space:

$ cat /etc/vbox/networks.conf
* 0.0.0.0/0 ::/0

https://www.virtualbox.org/manual/ch06.html#network_hostonly

mukhtaroni commented 1 year ago

I am also faced with the same challenge above with the same error message, my question is which directory are we creating the /etc/vbox/networks.conf file? Is it in the VirtualBox directory or in the Vagrant directory?