I’m trying to install GSE 20.08 on a brand new Debian9 following this tutorial https://sadsloth.net/post/install-gvm-20_08-src-on-debian/
When I run greenbone-nvt-sync, it goes for some minutes and suddenly it stops with the following messages:
report_formats/f981e68c-c56a-41fa-ab1f-b5fed0e4181b.asc
228 100% 0.34kB/s 0:00:00 (xfr#63748, to-chk=2/64566)
report_formats/f9d5e19c-4f90-11e4-847d-001f29e71d12.asc
230 100% 0.30kB/s 0:00:00 (xfr#63749, to-chk=1/64566)
report_formats/fae2d2f8-2a7a-11e2-b646-001f29eadec8.asc
230 100% 0.30kB/s 0:00:00 (xfr#63750, to-chk=0/64566)
sent 1,217,299 bytes received 293,167,082 bytes 409,720.78 bytes/sec
total size is 287,790,127 speedup is 0.98
rsync: failed to connect to feed.community.greenbone.net (45.135.106.142): Connection refused (111)
rsync: failed to connect to feed.community.greenbone.net (2a0e:6b40:20:106:20c:29ff:fe67:cbb5): Network is unreachable (101)
rsync error: error in socket IO (code 10) at clientserver.c(127) [Receiver=3.1.3]
As per report_formats it’s clear it has download everything before it fine. Then it seems to start a new RSYNC and fails.
I have a NAT and a FW. If it’s them I suppose it would fail right away. I have seen on the internet this error but no clear answer.
Any help would be welcome
Lukas, it’s strange. Because it downloads a series of data and suddenly it fails.
It’s like the script itself it’s not waiting to connect again and them we are blocked
Greenbone community feed server - http://feed.community.greenbone.net/
This service is hosted by Greenbone Networks - http://www.greenbone.net/
All transactions are logged.
If you have any questions, please use the Greenbone community portal.
See https://community.greenbone.net for details.
By using this service you agree to our terms and conditions.
Only one sync per time, otherwise the source ip will be temporarily blocked.
receiving incremental file list
sent 1,124 bytes received 2,612,019 bytes 149,322.46 bytes/sec
total size is 287,923,700 speedup is 110.18
rsync: failed to connect to feed.community.greenbone.net (45.135.106.142): Connection refused (111)
rsync: failed to connect to feed.community.greenbone.net (2a0e:6b40:20:106:20c:29ff:fe67:cbb5): Network is unreachable (101)
rsync error: error in socket IO (code 10) at clientserver.c(127) [Receiver=3.1.3]
So but can you please tell me, if the CERT data (Cert-Bund Advisories and DFN-Cert Advisories) can be downloaded the FW / network settings should be correct, or?
One TCP connection to rsync from one source IP, if you are behind GCN, NAT or a Corp. Firewall you need to ensure that this IP in not allocated … that´s it.
This didn’t solved for me. I cunfigured my Kali with a unused public IP temporary and I still get the same error “rsync: failed to connect to feed.community.greenbone.net (45.135.106.142): Connection refused (111)” and so on.
Guys, it’s not always possible to disable firewalls, eliminate NATs and so on. A simple solution is to add a sleep 5 after each rsync command. Once it is done, it does work.
Would be possible to add it on the sync scripts and get it fix ?
One TCP connection per source IP at the same time, it´s very simple. If you have issues with your network connection there is nothing we can do due to broken NAT or Firewalls.
If you get a FIN-ACK you can build a new connection …
Just create PRs for the scripts in gvmd and openvas with meaningful comments in the code and let me know of them. Not all users can fix their devices so I am open for adding this small sleep timeout.
There are two open PRs adding such sleep timeouts available below.
Note that adding a timeout for all users might cause longer running sync scripts even for the ones not affected by this. But 30 seconds is probably something acceptable for everyone.
It might also worth to mention that all sync scripts (greenbone-nvt-sync and the greenbone-feed-sync with all three types) shouldn’t be running at the same time (check you cronjob or similar) as sleeps won’t help for this case as well.