PowerTunnel icon indicating copy to clipboard operation
PowerTunnel copied to clipboard

Published 20 hours ago verified publisher icon krlvm

Not working with FortiGuard blocker

Open TheSparrowB opened this issue 2 years ago • 14 comments

Hi. I ran this software on my workplace PC. I haven't changed any parameters from the plugins. Then, I configured the proxy (as shown) in the firefox browser. imagen

But when I try to enter in a blocked page like cuevana, this thing appears. imagen

Is there a way to make it work to bypass the fortiguard firewall? Am i missing something? Do I need to add an extra plugin?. Please I need help.

TheSparrowB avatar Jun 10 '22 13:06 TheSparrowB

Did FortiGuard install your own certificate for you? Check by opening, for example, GitHub, clicking on the lock icon in the address bar, and viewing certificate details -> issuer.

krlvm avatar Jun 10 '22 13:06 krlvm

Hi. Thanks for the fast response. This is what it shows.

imagen

TheSparrowB avatar Jun 10 '22 14:06 TheSparrowB

Try to visit the desired site via HTTPS image

krlvm avatar Jun 10 '22 14:06 krlvm

Ok. With https the result is the same.

imagen

TheSparrowB avatar Jun 10 '22 14:06 TheSparrowB

You may try to enable SNI Modification, so it will be difficult to detect to which site you are trying to connect. Use, for example, github.com as fake SNI host. You will need to import the certificate (powertunnel.pem) to Firefox: instruction

krlvm avatar Jun 10 '22 14:06 krlvm

Ok. I activated SNI and disabled https chunking. imagen

Then I added some sites in the blacklist. imagen

I installed the certificate in the PC with success. imagen

I imported the .pem file in firefox too. But then when I try to access (i.e. cuevana) then it shows this. imagen

TheSparrowB avatar Jun 10 '22 15:06 TheSparrowB

Change Spoil SNI to Fake SNI and set github.com as fake SNI host.

krlvm avatar Jun 10 '22 15:06 krlvm

Ok. I changed it.

imagen

But no changes from previous result.

imagen

TheSparrowB avatar Jun 10 '22 15:06 TheSparrowB

I think the TLS connection is still being interrupted by the firewall. Something is wrong with the MITM implementation in PowerTunnel >= 2.0, try this version: https://github.com/krlvm/PowerTunnel/releases/tag/v1.14

You will need to install the certificate again

krlvm avatar Jun 10 '22 15:06 krlvm

Ok. I tried the other version and removed both certificates from broser and local machine. Then installed again. The configuration is like this: imagen

The blacklist is the same: imagen

But this time when I activate the proxy on firefox. I don't have access to any webpage. Just localhost. imagen

This is the error. imagen

TheSparrowB avatar Jun 10 '22 16:06 TheSparrowB

The blacklist in the old versions that you showed is not needed to unlock something, but on the contrary, to block something. Shutdown PowerTunnel server, clear the blacklist, uncheck this and try again with cuevana: image

krlvm avatar Jun 10 '22 16:06 krlvm

Ok. Cleared the flags. imagen

Cleared the blacklist. imagen

Now I have access to other pages but still can't access to cuevana. imagen

TheSparrowB avatar Jun 10 '22 16:06 TheSparrowB

Apparently they still use SNI filtering, though I can't confirm this as I don't have anywhere to test it. The last thing worth trying is switching to Erase SNI mode.

krlvm avatar Jun 10 '22 16:06 krlvm

Ohh well, I tried now with the "erase" mode and still no changes. One thing I noted is that now this error appears in most pages now.

imagen

Well, I think the security is heavy in my workplace so, there's nothing more to do. Thanks for all pal.

TheSparrowB avatar Jun 10 '22 17:06 TheSparrowB