Search Results

Search found 786 results on 32 pages for 'tunnel'.

Page 23/32 | < Previous Page | 19 20 21 22 23 24 25 26 27 28 29 30  | Next Page >

  • XCA: sign IPsec certificates with own CA

    - by sbrattla
    I'm trying to establish a LAN to LAN connection through a VPN tunnel. There's a Zywall at the remote office which will be responsible for establishing a connection to a Draytek at the main office. I'm able to establish the connection if I use shared keys, but I'd like to use certificates instead. I've downloaded the XCA application for Ubuntu which allows me to first create a CA certificate, and then sign "certificate signing reqests" using this CA. However, I'm uncertain if I am doing things right. More specifically<, which basic keys/extended keys should the CA certificate and the certificates themselves have? Right now I just skip selecting any keys at all, but is that right? All hints and help appreciated!

    Read the article

  • Create manual IPSec policy on Window (like spdadd and add on Linux)

    - by hapalibashi
    Hello On Linux it is possible to create an a manual IPSec (no IKE etc) tunnel thus: spdadd 192.168.0.10/32[5066] 192.168.0.11/32[5064] udp -P in ipsec esp/transport//require; add 192.168.0.10 192.168.0.11 esp 2222 -m transport -E des-ede3-cbc "123456789012123456789012" -A hmac-md5 "1234567890123456"; I need to do the same on Windows. I am aware of netsh but I don't think its equivalent, I need to specific the SPI (thats the 2222 above) and this seems impossible. Any ideas or alternatives?! Thanks, Stuart.

    Read the article

  • HTTP downloads stop after some time, resuming is not possible

    - by cdauth
    When I try to download a file via HTTP, the downloads sometimes stop after around 30 MB. The download rates goes down to 0 B/s and no data keeps coming. When I stop the download and resume again, the download still hangs. But when I redownload it from byte 0 again, everything works fine up to 30 MB when it stops again. Sometimes, after some hours, it just works again without problems. The position in the file when the download stops is variable, but most of the time it is around 30–35 MB. As a download manager I use wget. The same behaviour happens though using curl and other download managers. The error occurs independently of the server I download from. I have also observed this error on other Linux computers in my network. All computers on my network run Gentoo Linux on x86. All internet connections on my network go through a server on my network which runs a transparent Squid proxy on port 80. That server is connected to a router, which is a Speedport W 700V by Deutsche Telekom AG. That router is connected to the internet using ADSL, with 448 kbit/s down speed and 96 kbit/s up speed. I am almost sure that my transparent proxy is not the problem. I turned that off without resolving the issue. I also connected to the router directly via WLAN without resolving the issue. I also tried to download over another port via HTTP. Furthermore, I tried to download the file using IPv6 with a gateway6 tunnel from my computer, which resulted in exactly the same problem. Now the strange thing is that everything works fine using FTP and HTTPS (also with wget on the same computer). Even more strange: when I resume the download that hanged over HTTP using FTP or HTTPS, download a few bytes that way, stop wget and then resume again using HTTP, it loads data again! But after a few MB, it may stop again. Unfortunately, files downloaded that way are always broken (the MD5 sum is not correct), so at some point, there must have been bogus data. I tried searching for HTML error messages in the downloaded file, but grep -i html does not find anything. (I cannot think of a way to search for GZIP-compressed HTML error messages in the file, so I did not try that.) I tried using strace on wget when it failed to resume a download, you can find the entire output on pastebin. The important lines are repeated every second: clock_gettime(CLOCK_MONOTONIC, {326102, 62176435}) = 0 ) = 1 write(2, "78% [++++++++++++++++++++++++++++"..., 19578% [+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ] 110,683,685 --.-K/s ) = 195 select(4, [3], NULL, NULL, {0, 949999}) = 0 (Timeout) I have absolutely no idea what could be the reason of this problem. It seems like whatever causes the issue speaks HTTP. It seems to speak HTTP that intelligently that it even regognises it in an IPv6-over-IPv4 tunnel. But what could that be and why does it only happen sometimes? The other possibility would be that there is a problem on my computer that is the same on other Gentoo Linux computers as well. Has anyone ever had such a problem? What could be the reason and where do I have to continue investigating to find out more about the issue? Update: I have just run into the problem again and tried to resume the download over the router’s WLAN, and this time it worked. Maybe I did something wrong during my last tests with the WLAN. Now maybe my transparent proxy server is in fact the problem. It is a very basic Squid proxy server that does not cache anything. Maybe the fact is interesting that a second Squid proxy runs on the same computer on another port. Update: A download hung again and this time I turned off all firewall settings and stopped all proxy servers. I failed to resume the download from my network server, which is directly connected to the router. So my proxy server definitely is not the cause the problem. I will try to upgrade the firmware of my router now, although I do not have admin access to it. I will see what I can do.

    Read the article

  • Why do I have a gnomekeyring.IOError when doing "quickly share"?

    - by Agmenor
    When I want to push my app to Launchpad by doing quickly share --verbose, I get the following Gnome Keyring error: Get Launchpad Settings Traceback (most recent call last): File "/usr/share/quickly/templates/ubuntu-application/share.py", line 101, in <module> launchpad = launchpadaccess.initialize_lpi() File "/usr/lib/python2.7/dist-packages/quickly/launchpadaccess.py", line 91, in initialize_lpi allow_access_levels=["WRITE_PRIVATE"]) File "/usr/lib/python2.7/dist-packages/launchpadlib/launchpad.py", line 539, in login_with credential_save_failed, version) File "/usr/lib/python2.7/dist-packages/launchpadlib/launchpad.py", line 342, in _authorize_token_and_login authorization_engine.unique_consumer_id) File "/usr/lib/python2.7/dist-packages/launchpadlib/credentials.py", line 282, in load return self.do_load(unique_key) File "/usr/lib/python2.7/dist-packages/launchpadlib/credentials.py", line 336, in do_load 'launchpadlib', unique_key) File "/usr/lib/python2.7/dist-packages/keyring/core.py", line 34, in get_password return _keyring_backend.get_password(service_name, username) File "/usr/lib/python2.7/dist-packages/keyring/backend.py", line 154, in get_password items = gnomekeyring.find_network_password_sync(username, service) gnomekeyring.IOError ERROR: share command failed Aborting This used to work, so this means that I already have SSH and GPG configured. This is probably part of the explanation: I have this error when I am connected to this machine through a ssh tunnel with X forwarding. But I don't have it when I have physical access to the computer. Could you please give me some indications on what to do?

    Read the article

  • Add a remote printer over ssh on OSX?

    - by GradGuy
    I have a printer at my office that is connected to a local network and my linux box at work can see it on the network. However, it is not visible to the outside world. I was trying to figure out a way to add it on my MacAir and so far have found two options: 1) Using ssh tunnel via CLI: cat file.pdf | ssh user@linuxbox lpr. 2) With Chrome installed on the linux box, using the Google Cloud Print service on the remote box and automator on my MacAir I can add the printer to Cmnd+p dialog box I like the first method since it does not require Chrome be installed and the second one since it allows to use Cmnd+p inside all applications. I was wondering if there is a way to combine by using automator to run the first command line script. What about port forwarding? Is it possible to forward the remote CUPS 631 port to a local port and then add the printer normally? What other methods would you recommend?

    Read the article

  • Howto print from dumb terminals with local print server and remote hosted RDP

    - by Matt
    We have essentially a remote office with about 5 dumb terminals. The terminals are connecting to our office directly over a wireless link. What I want to do is connect all their printers onto a print server. But since the remote office is not actually allowed to see our LAN (since they are actually another company) we don't want a full on open VPN tunnel set up. Naturally the RDP traffic passes through a firewall. Is there an easy way to set up the RDP server so that it can see a print server on a remote LAN?

    Read the article

  • Unknown protocol when trying to connect to remote host with stunnel

    - by RaYell
    I'm trying to set up a stunnel for WebDav on Windows. I want to connect 80 port on my local interface to 443 on another machine in my network. I can ping the machine remote machine. However when I use the tunnel, I'm getting this error all the time SSL state (accept): before/accept initialization SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol There is nothing in the logs on the other machine and here's my stunnel connection config [https] accept = 127.0.0.2:80 connect = 10.0.0.60:443 verify = 0 I've set it up to accept all certificates so this shouldn't be a problem with a self-signed certificate remote host uses. Does anyone knows what might be the problem that this connection cannot be eastablished?

    Read the article

  • Need IPSec help on Windows 2003

    - by user37456
    Hey guys, I am trying to configure IPSec between a web and app server in our environment. I want all traffic between these two servers to use IPsec and be encrypted. These servers are on the same domain so i am currently using Kerebos for security, I have also tried pre-defined keys and nothing changed. When I try and ping between the servers I get "Negotiating IP Security" everytime. I have also confirmed that when I change "Require Security" to "Permit" everything works so IPSec is working, I believe its something with my security setup. Under the security tab both servers have the default 3DES keys first and then DES keys. I have also specified tunnel endpoints (the alternate server's IP). What am I missing? Thanks for any help..

    Read the article

  • How do we keep Active Directory resilient across multiple sites?

    - by Alistair Bell
    I handle much of the IT for a company of around 100 people, spread across about five sites worldwide. We're using Active Directory for authentication, mostly served to Linux (CentOS 5) systems via LDAP. We've been suffering through a spate of events where the IP tunnel between the two major sites goes down and the secondary domain controller at one site can't contact the primary domain controller at the other. It seems that the secondary domain controller starts denying user authentication within minutes of losing connectivity to the primary. How do we make the secondary domain controller more resilient to downtime? Is there a way for it to cache the entire directory and/or at least keep enough information locally to survive a multi-hour disconnection? (We're all in a single organizational unit if that makes any difference.) (The servers here are Windows Server 2003; don't assume that we set this up correctly. I'm a software engineer, not an IT specialist.)

    Read the article

  • Exposing a WebServer behind a firewall without Port Forwarding

    - by pbreault
    We are deploying web applications in java using tomcat on client machines across the country. Once they are installed, we want to allow a remote access to these web applications through a central server, but we do not want our clients to have to open ports on their routers. Is there a way to tunnel the http traffic so that people connected to the central server can access the web applications that are behind a firewall ? The central server has a static ip address and we have full control over it. Right now, it is a windows box but it could be changed to a linux box if necessary. Our clients are running windows xp and up. We don't need to access the filesystem, we only want to access the web application through a browser. We have looked at reverse ssh tunneling but it shows scaling problem since every packet would have to pass through the central server.

    Read the article

  • Windows Server 2012 Essentials - Trying to setup "Anywhere Access" but the "Computer Access" list for users is blank

    - by tetranz
    I have a new installation of Windows Server 2012 Essentials and I'm trying to setup "Anywhere Access" for both VPN and remote desktop. The basic setup is all working. Shared folders is working but remote desktop has no computers available. On the server, if I edit a user with the Essentials Dashboard and go to "Computer access", the list is empty. The desktop computers have been joined to the domain. I can see them in AD under "Computers". I think our mistake was that we didn't use the connector tool to join the domain. We moved from a previous domain and went to Computer / Properties, changed the domain and started with a new profile. Is there something I can do now to make these desktops available for remote desktop? I can access a desktop directly no problem by going directly to it with the RDP client on port 3389. I do that from the outside world through an SSH tunnel.

    Read the article

  • Setting up dante socks server

    - by skerit
    I want to tunnel all my internet traffic through my vps, so I'm trying to install a proxy server. However: I can't seem to browse the internet through Dante. I get the ERR_EMPTY_RESPONSE error. This is my config: logoutput: stderr /home/user/dantelog internal: eth1 port=1080 external: eth1 method: username pam user.privileged: proxy user.notprivileged: nobody user.libwrap: nobody client pass { from: 10.0.0.0/8 port 1-65535 to: 0.0.0.0/0 } Do I really have to run 2 proxy servers: one for http and one for socks? or is there something else I can do?

    Read the article

  • Site to site VPN using RRAS from an untrusted network?

    - by DrZaiusApeLord
    Our remote office will be moving to a new space where internet will be provided. They'll be behind a router doing NAT (I do not have admin rights to this router). They will be sharing a printer with the other people on the LAN, but will need VPN to our network for email and file shares. I was thinking of just having them run the windows VPN client and connecting via PPTP like they do when they are off-site, but I have read that multiple PPTP connections from the same NAT'd address to the same destination doesn't work well or at all. I am thinking some kind of site-to-site VPN is needed so there is just one tunnel. Can I just put in a VPN gateway, set it to connect to our RRAS/PPTP server, and have them use it as their default gateway? Perhaps even use the local default gateway for internet traffic. If so, what VPN gateway/device is recommended for this? Or other solutions? Thanks.

    Read the article

  • How to protect an OS X Server from an anautorized physical connection?

    - by GJ
    Hi I have an OS X 10.6 server, which I administer via SSH and VNC (via SSH tunnel). I can't leave it at the login window since then VNC connections are refused. Therefore I currently leave it logged with my user account. Since it doesn't have a monitor attached, it doesn't go into screen saver mode, which means it doesn't require a password to retake control. This means it is very easy for anyone connecting a keyboard/mouse and monitor to take control of the system. The screen saver password protection, which I can't get to activate, unlike the system's login window, is perfectly compatible with VNC connections. How could I prevent such direct access to the server without connecting a monitor and without blocking my ability to connect with VNC? Thanks!

    Read the article

  • Teredo and IPV6 web servers

    - by Sandro Antonucci
    Hello, I have two different questions, the first one could be stupid. I was reading about IPV6 and ended up in this site http://test-ipv6.com/ that says that I have a public IPV6 with Teredo tunneling. I don't understand if this Teredo is a software thing, does it have to with my ISP, is it enabled by Windows, how do I get that IPV6 IP, where does it come from? I have windows 7. Second question, I have a VPS with IPV6 connectivity only I can connect to it (apparently thanks to Teredo) and visit pages from the web server using IPV6 IP directly into the browser, is it possibile to host a website on there accessible by the IPV4 network? maybe some dns servers than tunnel traffic from IPV4(user) to IPV6(server)? Thank you

    Read the article

  • How can I solve Windows PPTP VPN issues?

    - by Robin M
    I'm having persistent problems with Windows PPTP VPN connections. The VPN appears up whilst the tunnel won't transfer traffic (ping to a remote IP within the VPN works for a while, and then fails). The client receives routing information via DHCP. When the connection fails, the routing table is still correct so I don't think it's a routing problem. My internet connection is via an ADSL2 line. There's software to deal with PPTP problems, like TunnelRat, but I don't want to install v1.1 of the .NET framework and I'd rather get to the bottom of the problem (I have multiple VPN connections and some are more unreliable than others). What can I do to get to the bottom of this? Alternatively, what can I do to keep the connection alive?

    Read the article

  • How to protect an OS X Server from an unauthorized physical connection?

    - by GJ
    Hi I have an OS X 10.6 server, which I administer via SSH and VNC (via SSH tunnel). I can't leave it at the login window since then VNC connections are refused. Therefore I currently leave it logged with my user account. Since it doesn't have a monitor attached, it doesn't go into screen saver mode, which means it doesn't require a password to retake control. This means it is very easy for anyone connecting a keyboard/mouse and monitor to take control of the system. The screen saver password protection, which I can't get to activate, unlike the system's login window, is perfectly compatible with VNC connections. How could I prevent such direct access to the server without connecting a monitor and without blocking my ability to connect with VNC? Thanks!

    Read the article

  • rpd over https using a linux client

    - by Nils
    My employer switched from vpn and rdp to using what our admin calls "rdp over https". Since that switch I find myself unable to connect to the "new" rdp server. I think the progress is as follows: A rdp gateway-server is connected via tls the requested sever (different from the gateway-server) is then connected through the tls connection. In windows mstsc-settings the server name is the "internal network name" of the machine I wish to connect. And on the last tab (in German it is called "leistung" - could be activity) I go to the "connection from everywhere" settings and set the gateway-server under gateway-server. Now: Is there any way to use this scenario under linux (apart from a virtual machine running Windows)? I am interested in free ideas (e.g. is it possible to create a tls tunnel and connect through that using freerdp/rdesktop?) non-free ideas. As long as they work I'll worry about the costs later. Free ideas would be better :-)

    Read the article

  • Weird behaviour with OpenVPN: can not connect to a few websites

    - by Gaby Solis
    My OpenVPN server is Ubuntu 10.04.4 LTS and openvpn version is 2.x My client is on Win 7. He can access most sites but not Youtube, Facebook, Twitter, groups.google.com, etc My server.conf is: local x.x.x.x port 1194 proto udp dev tun ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server.crt key /etc/openvpn/keys/server.key dh /etc/openvpn/keys/dh1024.pem server 10.8.0.0 255.255.255.0 push "redirect-gateway def1" push "dhcp-option DNS 8.8.8.8" client-to-client keepalive 10 120 comp-lzo persist-key persist-tun status /etc/openvpn/keys/openvpn-status.log verb 4 I can access Youtube etc using SSH Tunnel + SOCKS Proxy, and the Ubuntu server can access all sites. so nothing is wrong with the Ubuntu server. With little information I can provide, I am not looking for a quck solution. How can I debug?

    Read the article

  • Route traffic on vpn to another interface on an ASA 5510

    - by Dave
    I have a ASA 5510 that has about 60-70 vpn tunnels. I have four interfaces on the device: 1)External, 2)192.168.1.0, 3)192.168.2.0, 4) 192.168.3.0 A VPN tunnel is configured from the remote site (192.168.200.0) to the 192.168.2.0 subnet on the ASA. I have remote applications I would like the users at the remote site to be able to access which are hosted on the 192.168.3.0 subnet. I can route traffic between the subnets that are located on the ASA. Any way I can route traffic from the remote site to the 192.168.3.0?

    Read the article

  • How to forward UDP and TCP traffic from one IP to another

    - by Rishabh Agnihotri
    Well i have a server with two LAN Card Installed.I have a server in U.S and one in India.I have created a GRE tunnel to route all traffic from U.S Server to my Indian Server.My Traffic has UDP,TCP,HTTP,etc Traffic.Now i have two LAN Card on my Indian Server.Well i have configured two IPs on the system for some of my needs on the system.One is a /30 and another is a /24.Well now i want the /30 IP to talk to my /24 IP.Lets take a e.g the IPs are 180.151.130.34 - /30 and 103.243.19.254 -/24 I want to forward all the TCP,UDP,HTTP,etc like traffic coming to 180.151.130.34 to 103.243.19.254.In the sense i want to make them talk to each other in a way if a TCP/UDP Packet comes to 180.151.130.34 it should be forwarded to 103.243.19.254 and then that packet is sent back by 103.243.19.254 to 180.151.130.34.I am not able to configure this part.Can anyone tell me step by step how to do so? Well i forgot to specify i am using Windows Server 2008. Any help would be greatly appreciated.Thanks in advance.

    Read the article

  • How can I make an infinite cave using stage3d?

    - by ifree
    I want to make an infinite cave in my 3d game using flash stage3d. But I got no idea about how to build that cave. Can anyone can give me some solution or hint? update: I've tried agal fragment shader like squeae tunnel in shader toy code: var fragmentProgramCode:String = AGALUtils.build() .mov("ft0","v0") .div("ft1","ft0.xy","fc3.xy") .mul("ft2","fc6.x","ft1") .sub("ft3","ft2","fc5.x")//vec2 p = -1.0 + 2.0 * gl_FragCoord.xy / resolution.xy; .mul("ft1","ft3.x","ft3.x") .mul("ft2","ft3.y","ft3.y") .pow("ft4","ft1","fc6.z")//float r = pow( pow(p.x*p.x,16.0) + pow(p.y*p.y,16.0), 1.0/32.0 ); .pow("ft5","ft2","fc6.z") .add("ft1","ft4","ft5") .pow("ft4","ft1","fc6.w") .mov("ft5","fc5")//uv .sub("ft1","fc7.x","ft4") .add("ft5.x","fc7.x","ft1")//uv.x = .5*time + 0.5/r; .mov("ft6","fc0")//for atan .atan2("ft5.y","ft3.y","ft3.x",new <String>["fc7.y","fc5.x","fc7.z","fc7.w","fc8.x","fc8.y","fc8.z","fc8.w","fc9.x","fc9.y"],"ft6") .tex("ft0","ft5","fs0","repeat","linear","nomip")//tex .mul("ft1","ft4","ft4") .mul("ft2","ft1","ft4")//r*r*r .mul("ft1","ft0.xyz","ft2") .mov("ft0.w","fc5.x") .mov("oc","ft1").toString() it can only apply one material,but my project requires different types of material (like floor,ceilling). so ,I create a 3d model Is there anyway to make that 3d model render like "infinity cave"? use agal to make each side of cave's texture move? thanks for your help

    Read the article

  • stunnel: SSL-to-SSL? (for smtp/imap)

    - by nonot1
    Hello, How can I configure stunnel to accpet SSL connections, and connect then to an SSL port on a different server? Here is my setup: Our ISP's server, "Mail Server", supports smtp/imap over SSL. (Not starttls. Just over ssl.) But, I have a bunch of client machines that will only trust a specific, internal, root certificate. Thus, they can not connect to "Mail Server". For these client machines, I'd like to make a dedicated "Mail Tunnel" host that uses stunnel to listen with an in-house signed SSL certificate, and just forward data to "Mail Server" using a 2nd SSL connection. Can this be done? What would be the specific steps for Ubuntu Server 10.10? (I'm not too familiar with persistent service configuration.) Thank you

    Read the article

  • Websocket & HTTP proxy with server between two firewalls

    - by Dan
    I have a server ("A") running behind a firewall, which serves HTTP and websockets. I have no control over the firewall, but do have an external server ("B") to which the internal server can connect (note that the reverse connection from B to A is not possible due to the firewall). How can I set up some sort of proxy on B such that an Internet client ("C") can access the resources on A? I'd prefer something lightweight—even a Python program or an SSH tunnel (which I've tried without success)—rather than something more heavyweight but robust.

    Read the article

  • SSH tunneling and NAT

    - by thonixx
    I have a virtual machine with an internal IP address and a running mailserver with IMAP/POP3/SMTP. Everything works fine except: When I do an SSH tunnel to the guest server and want to connect to the mailserver with mail.*. then it does not work. There is a connection timeout. But If i connect to the internal IP 192.168..* then it works. So what can I do to enable the access from the domain name to the virtual machine with SSH tunneling?

    Read the article

< Previous Page | 19 20 21 22 23 24 25 26 27 28 29 30  | Next Page >