No Internet Connectivity with Upstream

[16alexanders]

Hey guys, I am running Kali. Did an apt-get update and upgrade to be sure everything was up to date. Cloned into mana, ran the kali-install.sh file. Edited the start-nat-full.sh bash script with my upstream interface wlan0 (built in radio) and set the phy interface to wlan2 (my TP-LINK TL-WN722N). It creates the network but when I connect to it from my Android phone and try and load anything... I have no internet access.

I ran ifconfig while mana was running and it looked like it had disabled wlan0 since it didn't appear in the list. Is that normal? Is that what was killing my connectivity?

[singe]

Hi. The problem is most likely that network-manager is being killed at invocation of the script. The best is to configure network manager to not touch the interface you're using for hostapd and leave it managing wlan0. Alternately, you can manually configure wlan0. I'll add the NM exclusion options.

Thanks for testing!

On 29 Sep 2014, at 11:31 AM, 16alexanders notifications@github.com wrote:

Hey guys, I am running Kali. Did an apt-get update and upgrade to be sure everything was up to date. Cloned into mana, ran the kali-install.sh file. Edited the start-nat-full.sh bash script with my upstream interface wlan0 (built in radio) and set the phy interface to wlan2 (my TP-LINK TL-WN722N). It creates the network but when I connect to it from my Android phone and try and load anything... I have no internet access.

I ran ifconfig while mana was running and it looked like it had disabled wlan0 since it didn't appear in the list. Is that normal? Is that what was killing my connectivity?

— Reply to this email directly or view it on GitHub.

[jmmalcala]

Hi. I have only Internet connection with google sites displaying certicate errors. All other sites are without connection.

I have modified /etc/NetworkManager/NetworkManager.conf and i have added this configuration:

[main] plugins=keyfile

[keyfile] unmanaged-devices=mac:00:11:22:33:44:55;mac:00:c0:ca:6d:ac:89;interface-name:wlan2

But no lucky..My Mana-toolkit is under Kali Linux 1.1.0 in Raspberry Pi. Thanks in advaced.

[singe]

Can you post the output of ifconfig and netstat -rn before you run mana when you have a working connection, and after when it's running and you don't?

[vdb212]

Hi got same problems

[SergeyYurievich]

Hi

start-nat-full.sh works properly (well, only partially - still fighting HSTS) on my configuration:

Asus x501u, updated and upgraded Kali Linux

start-nat-full.sh changes:

upstream=usb0 (My gt-i9250 as 3g-usb-dongle)

/etc/network/interfaces config:

auto lo iface lo inet loopback

auto usb0 allow-hotplug usb0 iface usb0 inet dhcp

iface wlan0 inet dhcp

After i've edited interfaces, i did # sudo ifup usb0 # sudo reboot

[cybehh]

Hi I have been struggling to make Mana-Toolkit run successfuly on my Nexus 7 running Nethunter 2.0 the latest one. I have everything working with Nethunter however, the clients connecting to the Mana AP do not have internet access. Seems upstream is not working. I did change the upstream interface to wlan0.

Upstream: wlan0 phy0: wlan1

Any ideas what else needs to be checked. Also wlan0 interface for my upstream is active and I do get internet access on the Tablet so Network manager is not shutting it down when you run the start-full-nat.sh. The service NetworkManager stop command gives me unrecognised service error.

Unfortunately there is very little community help around for Nethunter and Mana. Mana is working fine on the Kali Linux 2.0 Desktop version with no issues at all. Seriously hoping if somebody can help me out here.

Thanks Cybeh

[binkybear]

@cybehh - This might be more of an issue for Nethunter repo because mana team doesn't deal specifically with Nethunter issues. But I'd be happy to help try to narrow down any issues with you pertaining to Nethunter/android side.

I would first start off by checking your iptables and routes to make sure they are being set correctly in Kali first off. Also, try running start-mana-simple-lollipop manually. Here is the link to the actual script: https://github.com/offensive-security/kali-nethunter/blob/master/utils/manna/start-nat-simple-lollipop.sh. You can see what iptables are being applied (assuming you are on lollipop). Routing tables were added from kitkat to lollipop which changed the way everything was being routed.

Make sure your external interface is also being set up correctly. Kali 2.0 introduced a lot of new features and with it some previous settings have changed so it's possible we might need to narrow down focus.

[cybehh]

@binkybear - Thanks for offering to help, nothing like the creator chipping in to resolve issue...To give you more idea about the setup am not running the stock android rom, am using Resurrection Remix lollipop rom. The kernel and all is correctly flashed so should not be an issue.

The route seems to be an issue, as I do get a warning that no default route present.

And running the start-nat-simple-lollipop.sh did the trick, now I do get the upstream access. Now how to fix the start-nat-full.sh?

I tried the start-nat-full-lollipop.sh and it gives me the same error, there is no upstream internet on the client same with the Kitkat version, so seems to be the route and IP tables issue.

Do you need any log outputs to troubleshoot? And yeah am running all the commands from the Kali shell including modifying the files.

Thanks Cybeh

[binkybear]

Knowing that nat-simple works is a good start. I guess the next thing to do is compare why one isn't working and another is. Here is a diff of the two files (simple on left/full on right).

https://www.diffchecker.com/srpxrymu

You'll notice most of the changes are iptables with the exception of running some other programs (sslstrip/split/dns2proxy). I would check to see if your dns is going out. Looking in wireshark/tcpdump to see if any ports are being blocked/rejected would also help.

[cybehh]

Thanks @binkybear, i had already tried the diff but couldn't find any thing which can cause it to break. Regarding DNS I tried numeric IP address as well for Google but it didn't go through. I suspect the line 50 and 55 in the full script.

Seriously have no idea why it is not working :(

Cybeh

[singe]

@binkybear any updates on this or can I close it?

[veasey]

I had the same issue as @16alexanders. I found, initially, the response by @singe a bit hard to understand at my level - here is that solution, broken down a bit, to the best of my knowledge.

I have a built in wifi adapter (wlan0) used for an upstream. I had a USB wifi adapter (wlan1) used as the phy interface.

After lots of Googling... this is what worked for me.

I commented out the turning off of Network Manager on Line 12 of ./start-nat-full.sh.

i.e.

# service network-manager stop

Then added

iface wlan0 inet manual

to /etc/network/interfaces

Restarted Network-manager and bobs your uncle, I had an upstream.

[demeldoo]

any news how to reslove this situation properly

best wishes dzemal

[MattyQ]

I commented out the turning off of Network Manager on Line 12 of ./start-nat-full.sh.

i.e.

# service network-manager stop

Then added

iface wlan0 inet manual

to /etc/network/interfaces

Restarted Network-manager and bobs your uncle, I had an upstream.

I had to tweak this slightly because I wasn't reading. Lesson learned. I'm on Kali, not sure if the directories will line up for everyone.

I use an internal wireless card for my upstream and a external card for broadcasting. To solve this issue:

1. Edit start-nat-full.sh or start-nat-simple.sh # gedit /usr/share/mana-toolkit/run-mana/start-nat-simple.sh

2. In the file, comment out service network-manager stop, and then save and close the file. #!/bin/bash upstream=wlan0 phy=wlan1 conf=/etc/mana-toolkit/hostapd-mana.conf hostapd=/usr/lib/mana-toolkit/hostapd # service network-manager stop rfkill unblock wlan

3. Edit interfaces # gedit /etc/network/interfaces

4. Add the following line to the bottom of the file, where \ is the broadcasting device. For example, if I use wlan1 to broadcast, I'll want to use that device in this file. iface <device> inet manual

5. Save and close the file, and then reboot the system. # reboot

Assuming you've configured the script and hostapd-mana.conf correctly, you should be good to go.

[davylols]

I had the same problem. Following MattyQ's advice gets things rolling, it looks like, though if I connect as a client I get hammered with HSTS notifications and can't surf. Any advice? Isn't SSLStrip supposed to sidestep this?

[Syslog777]

This mess broke my resolv.conf file