dns2tcp Authentication Error

Coolsonickirby

Well-Known Member
OP
Member
Joined
Dec 6, 2015
Messages
330
Trophies
0
Age
22
Website
coolsonickirby.com
XP
2,454
Country
United States
(Not sure if this is the right section)

Hello, I have a problem with dns2tcp. I'm not sure if it's the hotspot router's fault (MikroTik) or if it's just because my laptop is windows 10, but I got a VPS Server this morning from VirMach (1$ Ubuntu 16), and set up dns2tcp with the help of this video and this guide.

When I try and connect to it, this comes up on the server.

(I replaced the website record with xxxxxxxx.xxxx.xxx)

Code:
Debug requests.c:167    Receive query : aaaaam4taa dns_id = 0x10d3 for domain =auth.xxxxxxxx.xxxx.xxx
Creating session id: 0xedf8 address = 74.125.181.11 (compression  wanted)
Debug rr.c:204  rr_get_reply_length_encode return 259
Debug requests.c:205    Sending [28205] len = 98 dns id = 0x10d3 +O2aam4tAEQxQVJMODU1MURNNlRTUjI
Debug requests.c:167    Receive query : +o2bgaabadqznzgzn0i4mjy0nkmynjeynta1quyznjjbmue5otberei5mkm0ree dns_id = 0x3344 for domain =auth.xxxxxxxx.xxxx.xxx
Creating session id: 0xdcc2 address = 74.125.73.79 (compression  wanted)
Debug rr.c:204  rr_get_reply_length_encode return 179
Debug requests.c:205    Sending [42651] len = 151 dns id = 0x3344 wtybgaabAEpKQzJSQzVaQjBCRjdNMEU
Debug requests.c:167    Receive query : +o24djqbaa dns_id = 0x1eac for domain =resource.xxxxxxxx.xxxx.xxx
Debug rr.c:204  rr_get_reply_length_encode return 253
Debug requests.c:205    Sending [15003] len = 109 dns id = 0x1eac +o24djqbAkF1dGhlbnRpY2F0aW9uIEZhaWxlZA
delete_client 0xedf8 (not authenticated)

delete_client 0xdcc2 (not authenticated)

This comes up one the client (my laptop).

Code:
dns2tcp.exe -z xxxxxxxx.xxxx.xxx 8.8.8.8 -d 3 -k *******
debug level 3
Debug socket.c:233      Create socket for dns : '8.8.8.8'
Debug session.c:46      Request challenge
Debug requests.c:146    Sending dns id = 0xac66
Debug requests.c:97     Query is AAAAAM4TAA.=auth.xxxxxxxx.xxxx.xxx len 34
Debug rr.c:106  rr_decode_next_reply_encode base64 data was = +O2aam4tAEQxQVJMODU1MURNNlRTUjI (reply len = 34)
Debug session.c:53      Challenge = 'D1ARL8551DM6TSR2'
Debug session.c:54      Session created (0xedf8)
Debug session.c:77      Sending response : '437837B82646C2612505AF362A1A990DDB92C4DA' (key = *******)
Debug requests.c:146    Sending dns id = 0xfd07
Debug requests.c:97     Query is +O2BgAABADQzNzgzN0I4MjY0NkMyNjEyNTA1QUYzNjJBMUE5OTBEREI5MkM0REE.=auth.xxxxxxxx.xxxx.xxx len 87
Debug rr.c:106  rr_decode_next_reply_encode base64 data was = wtybgaabAEpKQzJSQzVaQjBCRjdNMEU (reply len = 34)
Debug auth.c:58 Requesting resource
Debug requests.c:146    Sending dns id = 0xc200
Debug requests.c:97     Query is +O24dJQbAA.=resource.xxxxxxxx.xxxx.xxx len 38
Available connection(s) :
Debug rr.c:106  rr_decode_next_reply_encode base64 data was = +o24djqbAkF1dGhlbnRpY2F0aW9uIEZhaWxlZA (reply len = 41)
        Authentication Failed

Here's the dns2tcpd config file.

Code:
listen = 0.0.0.0
port = 53
# If you change this value, also change the USER variable in /etc/default/dns2tcpd
user = nobody
chroot = /tmp
domain = xxxxxxxx.xxxx.xxx
key = *******
resources = ssh:127.0.0.1:22 , smtp:127.0.0.1:25

For some reason I can't find much about dns2tcp or iodine online, so any help would be greatly appreciated.

EDIT: I had my brother who's in America connect to it and it worked for him.

Here's what came up for him.

Code:
Debug socket.c:233      Create socket for dns : '8.8.8.8'
Debug session.c:46      Request challenge
Debug requests.c:146    Sending dns id = 0xc06b
Debug requests.c:97     Query is AAAAABgjAA.=auth.xxxxxxxx.xxxx.xxx len 34
Debug rr.c:106  rr_decode_next_reply_encode base64 data was = ipoAABgjAEZUU0RITkY4TTlITzk4U1g (reply len = 34)
Debug session.c:53      Challenge = 'FTSDHNF8M9HO98SX'
Debug session.c:54      Session created (0x9a8a)
Debug session.c:77      Sending response : '17FEFFF1B7899BE87DEFD104EAE6C048FE99C01A' (key = *******)
Debug requests.c:146    Sending dns id = 0xe318
Debug requests.c:97     Query is ipqFgAABADE3RkVGRkYxQjc4OTlCRTg3REVGRDEwNEVBRTZDMDQ4RkU5OUMwMUE.=auth.xxxxxxxx.xxxx.xxx len 87
Debug rr.c:106  rr_decode_next_reply_encode base64 data was = ipqFgAABAA (reply len = 13)
Debug auth.c:58 Requesting resource
Debug requests.c:146    Sending dns id = 0xf102
Debug requests.c:97     Query is iprOBElJAA.=resource.xxxxxxxx.xxxx.xxx len 38
Available connection(s) :
Debug rr.c:106  rr_decode_next_reply_encode base64 data was = g2E2RXt/AHNzaA (reply len = 17)
       ssh
Debug rr.c:106  rr_decode_next_reply_encode base64 data was = g2E2RXt/AHNtdHA (reply len = 18)
       smtp

Note : Compression SEEMS available !

Also, for some reason, it randomly works for me, but only rarely (like twice so far.)
I'm gonna assume it's something with the router, so can anyone tell me what do I need to do? (I already have access to the MikroTik router, just don't know what to do.)
 
Last edited by Coolsonickirby,

Coolsonickirby

Well-Known Member
OP
Member
Joined
Dec 6, 2015
Messages
330
Trophies
0
Age
22
Website
coolsonickirby.com
XP
2,454
Country
United States
UPDATE: So I went into the MikroTik Router then to IP > Hotspot > IP Bindings then added my randomly spoofed MAC Address to the list and set it to bypassed. Ran dns2tcp again and it worked.

Here's what came up.


Code:
dns2tcp.exe -z xxxxxxxx.xxxx.xxx 8.8.8.8 -d 3 -k *******
debug level 3
Debug socket.c:233      Create socket for dns : '8.8.8.8'
Debug session.c:46      Request challenge
Debug requests.c:146    Sending dns id = 0x4517
Debug requests.c:97     Query is AAAAAFwhAA.=auth.xxxxxxxx.xxxx.xxx len 34
Debug rr.c:106  rr_decode_next_reply_encode base64 data was = LIUAAFwhADk1NlZNR1ZJOTVSVVhZMVc (reply len = 34)
Debug session.c:53      Challenge = '956VMGVI95RUXY1W'
Debug session.c:54      Session created (0x852c)
Debug session.c:77      Sending response : '778AAB7145861E9B097B125447C365261EDD014B' (key = *******)
Debug requests.c:146    Sending dns id = 0x4125
Debug requests.c:97     Query is LIWBgAABADc3OEFBQjcxNDU4NjFFOUIwOTdCMTI1NDQ3QzM2NTI2MUVERDAxNEI.=auth.xxxxxxxx.xxxx.xxx len 87
Debug rr.c:106  rr_decode_next_reply_encode base64 data was = LIWBgAABAA (reply len = 13)
Debug auth.c:58 Requesting resource
Debug requests.c:146    Sending dns id = 0x3a72
Debug requests.c:97     Query is LIUPMN0iAA.=resource.xxxxxxxx.xxxx.xxx len 38
Available connection(s) :
Debug rr.c:106  rr_decode_next_reply_encode base64 data was = g7FrpCh/AHNzaA (reply len = 17)
        ssh
Debug rr.c:106  rr_decode_next_reply_encode base64 data was = g7FrpCh/AHNtdHA (reply len = 18)
        smtp
Note : Compression SEEMS available !

I removed my self from the IP Binding, logged back in through the captive portal, then ran it again, but the error came back(Authentication Failed.)

Code:
dns2tcp.exe -z xxxxxxxx.xxxx.xxx 8.8.8.8 -d 3 -k *******
debug level 3
Debug socket.c:233      Create socket for dns : '8.8.8.8'
Debug session.c:46      Request challenge
Debug requests.c:146    Sending dns id = 0xe537
Debug requests.c:97     Query is AAAAAHgmAA.=auth.xxxxxxxx.xxxx.xxx len 34
Debug rr.c:106  rr_decode_next_reply_encode base64 data was = MVKaahgmAFcwQ0VMRFU5REpYQ1JSQkk (reply len = 34)
Debug session.c:53      Challenge = 'W0CELDU9DJXCRRBI'
Debug session.c:54      Session created (0x5231)
Debug session.c:77      Sending response : '0BFDAAD53AC71AA8605F5A40AA18C9DB652A842D' (key = *******)
Debug requests.c:146    Sending dns id = 0xbb3d
Debug requests.c:97     Query is MVKBgAABADBCRkRBQUQ1M0FDNzFBQTg2MDVGNUE0MEFBMThDOURCNjUyQTg0MkQ.=auth.xxxxxxxx.xxxx.xxx len 87
Debug rr.c:106  rr_decode_next_reply_encode base64 data was = YG0bgaabAFBaRzhRWU1KRzNIUVI3SUE (reply len = 34)
Debug auth.c:58 Requesting resource
Debug requests.c:146    Sending dns id = 0x27d
Debug requests.c:97     Query is MVIYUW0MAA.=resource.xxxxxxxx.xxxx.xxx len 38
Available connection(s) :
Debug rr.c:106  rr_decode_next_reply_encode base64 data was = mviyuw0mAkF1dGhlbnRpY2F0aW9uIEZhaWxlZA (reply len = 41)
        Authentication Failed

Note : Compression SEEMS available !

If anyone here understands MikroTik routers, can someone please explain to me what's going on? A few things to note

-There's nothing wrong with the server as it always works for my brother in America and it works for me whenever my MAC is bypassed.

-Here is some pics of the firewall I don't understand at all
ErxfCB.jpg
s4Zu0v.jpg
Pogneu.jpg
aXvGCb.jpg
That's all I guess (the other tabs were empty.) If anyone here understands firewalls or NAT Servers, can you explain to me tf is going on? Thanks.
 
Last edited by Coolsonickirby,

Coolsonickirby

Well-Known Member
OP
Member
Joined
Dec 6, 2015
Messages
330
Trophies
0
Age
22
Website
coolsonickirby.com
XP
2,454
Country
United States
(PARTIAL) SOLVED: I had to enter the NAT tab and delete the 2 port 53 redirects.
ENx4Uj.jpg
So yeah, now it's working all the time. If you don't have access to the MikroTik router, try your luck with the WinBox Exploit and see if it works (That's how I actually got access.)

Spent 2 whole days trying to figure this out. I hope this thread is useful to somebody in the future. Bai.

EDIT: Changed it to partial because apparently removing those 2 messed up the captive page (either that or the blackout.) I'ma try it again and see if it works this time.
 
Last edited by Coolsonickirby,

Coolsonickirby

Well-Known Member
OP
Member
Joined
Dec 6, 2015
Messages
330
Trophies
0
Age
22
Website
coolsonickirby.com
XP
2,454
Country
United States
Port 53 is the DNS port, so removing that will screw up domain name resolving.
I know port 53 is the DNS port.

The problem is that when I remove those 2, if any device is still logged in the hotspot, the internet works fine. However, once someone signs out, it won't connect them to the captive portal.
 

Coolsonickirby

Well-Known Member
OP
Member
Joined
Dec 6, 2015
Messages
330
Trophies
0
Age
22
Website
coolsonickirby.com
XP
2,454
Country
United States
SOLVED (For real this time): All you have to do is SSH into the MikroTik Router, then run these commands:
Code:
/ip firewall nat

add action=accept chain=pre-hotspot disabled=no dst-port=53 protocol=udp

add action=accept chain=pre-hotspot disabled=no dst-port=53 protocol=tcp

/ip hotspot walled-garden ip

add action=accept disabled=no dst-port=53 protocol=udp

add action=accept disabled=no dst-port=53 protocol=tcp
Source: Here

The captive portal and dns2tcp should work. This is for MikroTik Routers, so the steps won't be exactly the same if you're on a different router
 
Last edited by Coolsonickirby,

Site & Scene News

Popular threads in this forum

General chit-chat
Help Users
  • No one is chatting at the moment.
    K3Nv2 @ K3Nv2: Sorry for accidentally bending over