Search Results

Search found 6523 results on 261 pages for 'route planning'.

Page 55/261 | < Previous Page | 51 52 53 54 55 56 57 58 59 60 61 62  | Next Page >

  • AXway/tumbleweed EMF in exchange 2007

    - by Buckwheat
    Looking for someone who has implemented an axway EMF recently. I'm about to implement an axway SM product for company wide email encryption. I current have an edge transport server and an exchange 2007 server. I want to route email like the follow: the edge picks up internet email to exchange and all out going email will go out the axway. I have two things to figure out: do I only have to build a new send connector on exchange to point to a smarthost (axway) and disable the send connector going to the transport edge server? and two The axway server has to route notifcations to people. Am I looking into something like this? http://msexchangeteam.com/archive/2006/12/28/432013.aspx

    Read the article

  • Is Internet routing (BGP) fully automated?

    - by Adal
    If all the routing tables on the Internet would be erased simultaneously, will the routers be able to rediscover them automatically? I'm having an argument with a colleague who says that the RIPE routing tables are essential, but I remember reading that if the tables disappeared, the BGP protocol will allow routers to rediscover working routes between nodes by querying their neighbors which in turn will query their neighbors until a working route will be detected. Then that route will be used to repopulate the routing tables. After a while, all the routes will be restored (not necessarily the optimal routes). Is that correct?

    Read the article

  • VPN Split Tunneling - Pros and Cons and how to achieve?

    - by Theveloper
    Well this is the dilemma, I want remote clients to connect to my network and only route local access through the VPN. This is split tunneling, the client uses its internet connection for all other internet requests and the VPN tunnel to my network for local requests. There's a couple of issues that arise: split tunneling in Windows is achieved by unticking an option which reads "Use default gateway on remote network" in the TCP/IP settings of the client VPN connection. At any point the user can tick it and route all his internet traffic through my network eating away at my bandwidth and being cloaked by my IP address. This is unacceptable. Issue number 2 is that if the client is split tunneling, he becomes a gateway between the internet and my network, this is also unacceptable. My questions are: how does one achieve split tunneling serverside? And is the latter issue a valid con worthy of worry? Any thoughts would be appreciated!

    Read the article

  • Two NIC cards with the same metric - Internet traffic going out the wrong one

    - by bvanderw
    I have two NIC cards in my computer - one is connected to our corporate network and the Internet, the other is connected to a private LAN through a Linksys WRT54G. Both cards use DHCP. This was never an issue with Windows XP, but with Windows Vista (and Windows 7) the metric for the 0.0.0.0 route is the same (20), and it appears that some network traffic that should go out my main network card are going out my secondary card instead. The solution to date is to delete the 0.0.0.0 route associated with the second NIC card, but I have to do this several times a day. Is there a better solution? --Bruce

    Read the article

  • Routing traffic to another internal network

    - by Jason
    OK, so here is the scenario. I have 4 Locations connected with an MPLS. I have installed an ASA at the primary location which is 10.20.1.0. Traffic is fine internally and to the world, however... I can't route traffic over the MPLS to another network. It is being blocked by an implicit deny rule even though there is a rule to allow any to any less secure interface (it should be using the same interface in/out, right?). I have a static route for the network in and the ASA can ping it - Just not traffic on the internal network of the ASA. -Jason

    Read the article

  • ssl between balancer members?

    - by jemminger
    I have apache running on one machine as a load balancer: <VirtualHost *:443> ServerName ssl.example.com DocumentRoot /home/example/public SSLEngine on SSLCertificateFile /etc/pki/tls/certs/example.crt SSLCertificateKeyFile /etc/pki/tls/private/example.key <Proxy balancer://myappcluster> BalancerMember http://app1.example.com:12345 route=app1 BalancerMember http://app2.example.com:12345 route=app2 </Proxy> ProxyPass / balancer://myappcluster/ stickysession=_myapp_session ProxyPassReverse / balancer://myappcluster/ </VirtualHost> Note that the balancer takes requests under SSL port 443, but then communicates to the balancer members on a non-ssl port. Is it possible to have the forwarding to the balancer members be under SSL too? If so, is this the best/recommended way? If so, do I have to have another SSL cert for each balancer member? Does the SSLProxyEngine directive have anything to do with this?

    Read the article

  • IIS SmtpSVC - Adding remote domains on the fly

    - by Andrej Pintar
    Since I am using SMTPSVC from IIS to send all mail out I have noticed some domains that reject mail regarding LFs and similar SMTP day to day basis problems. So I mostly re route these domains by using smarthosts. Now I aslo read that on IIS7 or most of them when you add a remote domain to domains you must restart SMTPSVC to take effect. I also enabled METABASE editing. So I also hoped that this will help me add remote domains on the fly. But it's not working. Should I use another SMTP: -hmailserver or similar to route DOMAINS by smarthost. We used a smarthost configuration before but ISP smarthost gets a lot on RBL Blacklist so mail comes back. Since DNS MX direct sending is more work because of troublesome domains now I got more work to monitor SMTP logs. Thank you in advance.

    Read the article

  • Can't access VirtualBox host-only network from windows host

    - by Markus Orreilly
    I've got two vms running on a windows host, each with a host-only network and ips in the 192.168.56.XXX range. One of them is running apache and serving some content that I want to access from my windows host. However, the windows host can't access the apache server at all. The server is running on 192.168.56.103. ipconfig from windows says it's ip for the Virtual Box interface is 169.254.143.37. I tried route add to route 192.168.56.XX traffic, but everything I tried didn't work and I was probably using it wrong. Any ideas on how to make this work?

    Read the article

  • Routing only some local IPs through VPN on dd-wrt

    - by bo-inge-ostberg
    Much similar to this entry: http://serverfault.com/questions/94283/using-dd-wrt-to-connect-to-vpn-and-forward-all-traffic-of-certain-devices-through , I have set up my router with dd-wrt + OpenVPN to connect to a VPN. This works fine, and all traffic from behind the router goes through the VPN. How do I route(?) traffic in the router so that only certain IPs from the LAN will go through the VPN, while the others take the "normal" route? Is it also possible to allow traffic from certain local IPs to go ONLY through the VPN, making it impossible for them to use the regular internet connection if the VPN is down? I know this question was answered in the post I linked to, but that just doesn't seem to work for me. The routing table and rules change, but traffic still just goes through the VPN.

    Read the article

  • Linux: multiple network connections - 3G/4G / Wifi / LAN / etc; how can i set a preferred network connection to use?

    - by Alex
    I've been looking at how I can setup a laptop that has multiple network interfaces, but a problem exists if all the connections are active, i.e. 3G, WiFi and LAN are all connected, I would like it to default to LAN. I would like to set "weights" or "priority" to each connection, so that if the LAN is unplugged, it'll default to WiFi - if its in range and working, otherwise, it'll switch and use the 3G dongle; I've been looking around and I can see that the "metric" counter for route isn't being used for recent kernels. I thought that would be able to set the preferred gateway / connections - but according to the man page: man route: OUTPUT Metric The 'distance' to the target (usually counted in hops). It is not used by recent kernels, but may be needed by routing daemons. So I'm confused, are there any scripts / apps / anything that can detect active network connections, and by way of configuration, send my default gateway network traffic through that interface if its active / alive?

    Read the article

  • Using VLANs that are routed together?

    - by dannymcc
    I have a quick question that's bugging me the more I read about VLANs. So far I understand that they are useful for dividing the network into sub-sections, but if you route them together does that not remove any security benefit? As an example, if I created a VLAN on my home network which was simply one computer, one server and one router.if I wanted to divide the network between computers and servers I could put the computer on VLAN 10 and the server on VLAN 20. Then the computer would no longer be able to communicate with the server - unless I added a static route to the router that connected the two together, basically telling VLAN 10 that VLAN 20 exists and how to communicate with it. The VLANs would then be connected in a similar way to a 'flat' network that has no VLANs. Therefore, surely, all security benefits are lost. Am I missing something?

    Read the article

  • How can I express this nginx config as apache2 rewrite rules?

    - by codecowboy
    if (!-e $request_filename){ rewrite /iOS/(.*jpg)$ /$1 last; rewrite /iOS/(.*jpeg)$ /$1 last; rewrite /iOS/(.*png)$ /$1 last; rewrite /iOS/(.*css)$ /$1 last; rewrite /iOS/(.*js)$ /$1 last; rewrite /Android/(.*jpg)$ /$1 last; rewrite /Android/(.*jpeg)$ /$1 last; rewrite /Android/(.*png)$ /$1 last; rewrite /Android/(.*css)$ /$1 last; rewrite /Android/(.*js)$ /$1 last; rewrite ^/(.*)$ /?route=$1 last; } There are some vanity URLs e.g. mysite.com/yourdetails which are handled internally by a router class (its a PHP app with index.php as the entry point) and they seem to work fine on nginx but not Apache :-/ I tried this but the vanity URLs are not working RewriteEngine On RewriteBase / RewriteCond %{REQUEST_URI} !=/favicon.ico RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php?route=$1 [L] I'd like to rule out Apache config first before I get too deep into the code.

    Read the article

  • How to Host Multiple Domains / Web Sites on one IIS6 Server

    - by Josh Stodola
    I currently have an IIS6 server that hosts one web site/domain. I am developing another web site (completely separate) that I want to host on this same server. Both domains were purchased from GoDaddy. I believe I will need a server-side ISAPI rewrite filter to internally route the incoming requests based on the domain name. I plan to use Ionic's ISAPI Rewrite Filter to do this because it is free. I know how to install the ISAPI filter and apply it to a web site in IIS, but I have no clue how I am going to route the incoming requests correctly (based on the domain). Also, I don't know if it is wise to setup multiple "Web Sites" or "Virtual Directories". I am thinking that this will depend on how the configured. How should I go about getting this accomplished?

    Read the article

  • Setting a Static IP Running FreeBSD8 in VirtualBox hosted on Windows 7

    - by gvkv
    I'm using VirtualBox on Windows 7 (host) to run a FreeBSD (guest) based web server. I`ve assigned a static ip of 192.168.80. 1 to the (virtualized) NIC which is run in bridged mode. The problem is that when I ping an external server (such as google.com) I get a No route to host error: dimetro# ping google.com PING google.com (66.249.90.104): 56 data bytes ping: sendto: No route to host ... I can ping the BSD server from both another virtualized machine and my host machine and from the server, I can ping everything on the network. The router ip is 192.168.1.1/16. ADDENDUM: I have the following lines in /etc/rc.conf on the BSD VM to configure networking: defaultrouter="192.168.1.1" ifconfig_em0="inet 192.168.80.1 netmask 255.255.0.0"

    Read the article

  • How do I configure OpenVPN for accessing the internet with one NIC?

    - by Lekensteyn
    I've been trying to get OpenVPN to work for three days. After reading many questions, the HOWTO, the FAQ and even parts of a guide to Linux networking, I cannot get my an Internet connection to the Internet. I'm trying to set up a OpenVPN server on a VPS, which will be used for: secure access to the Internet bypassing port restrictions (directadmin/2222 for example) an IPv6 connection (my client does only have IPv4 connectivity, while the VPS has both IPv4 and native IPv6 connectivity) (if possible) I can connect to my server and access the machine (HTTP), but Internet connectivity fails completely. I'm using ping 8.8.8.8 for testing whether my connection works or not. Using tcpdump and iptables -t nat -A POSTROUTING -j LOG, I can confirm that the packets reach my server. If I ping to 8.8.8.8 on the VPS, I get an echo-reply from 8.8.8.8 as expected. When pinging from the client, I do not get an echo-reply. The VPS has only one NIC: etho. It runs on Xen. Summary: I want to have a secure connection between my laptop and the Internet using OpenVPN. If that works, I want to have IPv6 connectivity as well. Network setup and software: Home laptop (eth0: 192.168.2.10) (tap0: 10.8.0.2) | | (running Kubuntu 10.10; OpenVPN 2.1.0-3ubuntu1) | wifi | router/gateway (gateway 192.168.2.1) | INTERNET | VPS (eth0:1.2.3.4) (gateway, tap0: 10.8.0.1) (running Debian 6; OpenVPN 2.1.3-2) wifi and my home router should not cause problems since all traffic goes encrypted over UDP port 1194. I've turned IP forwarding on: # echo 1 > /proc/sys/net/ipv4/ip_forward iptables has been configured to allow forwarding traffic as well: iptables -F FORWARD iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT iptables -A FORWARD -j DROP I've tried each of these rules separately without luck (flushing the chains before executing): iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to 1.2.3.4 iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE route -n before (server): 1.2.3.4 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 1.2.3.4 0.0.0.0 UG 0 0 0 eth0 route -n after (server): 1.2.3.4 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0 0.0.0.0 1.2.3.4 0.0.0.0 UG 0 0 0 eth0 route -n before (client): 192.168.2.0 0.0.0.0 255.255.255.0 U 2 0 0 wlan0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlan0 0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 wlan0 route -n after (client): 1.2.3.4 192.168.2.1 255.255.255.255 UGH 0 0 0 wlan0 10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0 192.168.2.0 0.0.0.0 255.255.255.0 U 2 0 0 wlan0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 wlan0 0.0.0.0 10.8.0.1 128.0.0.0 UG 0 0 0 tap0 128.0.0.0 10.8.0.1 128.0.0.0 UG 0 0 0 tap0 0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 wlan0 SERVER config proto udp dev tap ca ca.crt cert server.crt key server.key dh dh1024.pem server 10.8.0.0 255.255.255.0 push "redirect-gateway def1" ifconfig-pool-persist ipp.txt keepalive 10 120 tls-auth ta.key 0 comp-lzo user nobody group nobody persist-key persist-tun log-append openvpn-log verb 3 mute 10 CLIENT config dev tap proto udp remote 1.2.3.4 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key ns-cert-type server tls-auth ta.key 1 comp-lzo verb 3 mute 20 traceroute 8.8.8.8 works as expected (similar output without OpenVPN activated): 1 10.8.0.1 (10.8.0.1) 24.276 ms 26.891 ms 29.454 ms 2 gw03.sbp.directvps.nl (178.21.112.1) 31.161 ms 31.890 ms 34.458 ms 3 ge0-v0652.cr0.nik-ams.nl.as8312.net (195.210.57.105) 35.353 ms 36.874 ms 38.403 ms 4 ge0-v3900.cr0.nik-ams.nl.as8312.net (195.210.57.53) 41.311 ms 41.561 ms 43.006 ms 5 * * * 6 209.85.248.88 (209.85.248.88) 147.061 ms 36.931 ms 28.063 ms 7 216.239.49.36 (216.239.49.36) 31.109 ms 33.292 ms 216.239.49.28 (216.239.49.28) 64.723 ms 8 209.85.255.130 (209.85.255.130) 49.350 ms 209.85.255.126 (209.85.255.126) 49.619 ms 209.85.255.122 (209.85.255.122) 52.416 ms 9 google-public-dns-a.google.com (8.8.8.8) 41.266 ms 44.054 ms 44.730 ms If you have any suggestions, please comment or answer. Thanks in advance.

    Read the article

  • How to connect to a Virtualbox guest from the host when network cable unplugged

    - by Greg K
    I'd like to work offline (I'm flying to the US twice this month), to do this I need access to a linux development server. When I work from home I boot a VirtualBox VM and that acts as my dev server for the day (providing Apache, PHP & MySQL to run my server side code). However, I'd like to work with my VM when I'm not connected to a network. I have my Ubuntu VM guest set up with a bridge connection so it can serve HTTP and provide SSH access from inside my local network. I've tried to manually configure my network settings on both Mac OSX (the host) and Ubuntu (the guest) but I can't even ping my own NIC address (127.0.0.1 can, 192.168.21.x I can't) in OS X when I unplug the cable. Manual network settings: $ ifconfig en0 en0: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 ether 00:xx:xx:xx:xx:xx inet 192.168.21.5 netmask 0xffffff00 broadcast 192.168.21.255 media: autoselect (100baseTX <full-duplex,flow-control>) status: active I can ping localhost fine, as well as my VM (.20) and SSH too. $ ping 192.168.21.5 PING 192.168.21.5 (192.168.21.5): 56 data bytes 64 bytes from 192.168.21.5: icmp_seq=0 ttl=64 time=0.085 ms 64 bytes from 192.168.21.5: icmp_seq=1 ttl=64 time=0.102 ms 64 bytes from 192.168.21.5: icmp_seq=2 ttl=64 time=0.100 ms 64 bytes from 192.168.21.5: icmp_seq=3 ttl=64 time=0.094 ms $ ping 192.168.21.20 PING 192.168.21.20 (192.168.21.20): 56 data bytes 64 bytes from 192.168.21.20: icmp_seq=0 ttl=64 time=0.910 ms 64 bytes from 192.168.21.20: icmp_seq=1 ttl=64 time=1.181 ms 64 bytes from 192.168.21.20: icmp_seq=2 ttl=64 time=1.159 ms 64 bytes from 192.168.21.20: icmp_seq=3 ttl=64 time=1.320 ms Network cable unplugged: $ ifconfig en0 en0: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 ether 00:xx:xx:xx:xx:xx media: autoselect status: inactive $ ping 192.168.21.5 PING 192.168.21.5 (192.168.21.5): 56 data bytes ping: sendto: No route to host ping: sendto: No route to host Request timeout for icmp_seq 0 ping: sendto: No route to host Request timeout for icmp_seq 1 Does OS X disable the NIC when the network cable is unplugged? Any way to stop it doing this?

    Read the article

  • OpenVPN Client timing out

    - by Austin
    I recently installed OpenVPN on my Ubuntu VPS. Whenenver I try to connect to it, I can establish a connection just fine. However, everything I try to connect to times out. If I try to ping something, it will resolve the IP, but will time out after resolving the IP. (So DNS Server seems to be working correctly) My server.conf has this relevant information (At least I think it's relevant. I'm not sure if you need more or not) # Which local IP address should OpenVPN # listen on? (optional) ;local a.b.c.d # Which TCP/UDP port should OpenVPN listen on? # If you want to run multiple OpenVPN instances # on the same machine, use a different port # number for each one. You will need to # open up this port on your firewall. port 1194 # TCP or UDP server? ;proto tcp proto udp # "dev tun" will create a routed IP tunnel, # "dev tap" will create an ethernet tunnel. # Use "dev tap0" if you are ethernet bridging # and have precreated a tap0 virtual interface # and bridged it with your ethernet interface. # If you want to control access policies # over the VPN, you must create firewall # rules for the the TUN/TAP interface. # On non-Windows systems, you can give # an explicit unit number, such as tun0. # On Windows, use "dev-node" for this. # On most systems, the VPN will not function # unless you partially or fully disable # the firewall for the TUN/TAP interface. ;dev tap dev tun # Windows needs the TAP-Win32 adapter name # from the Network Connections panel if you # have more than one. On XP SP2 or higher, # you may need to selectively disable the # Windows firewall for the TAP adapter. # Non-Windows systems usually don't need this. ;dev-node MyTap # SSL/TLS root certificate (ca), certificate # (cert), and private key (key). Each client # and the server must have their own cert and # key file. The server and all clients will # use the same ca file. # # See the "easy-rsa" directory for a series # of scripts for generating RSA certificates # and private keys. Remember to use # a unique Common Name for the server # and each of the client certificates. # # Any X509 key management system can be used. # OpenVPN can also use a PKCS #12 formatted key file # (see "pkcs12" directive in man page). ca ca.crt cert server.crt key server.key # This file should be kept secret # Diffie hellman parameters. # Generate your own with: # openssl dhparam -out dh1024.pem 1024 # Substitute 2048 for 1024 if you are using # 2048 bit keys. dh dh1024.pem # Configure server mode and supply a VPN subnet # for OpenVPN to draw client addresses from. # The server will take 10.8.0.1 for itself, # the rest will be made available to clients. # Each client will be able to reach the server # on 10.8.0.1. Comment this line out if you are # ethernet bridging. See the man page for more info. server 10.8.0.0 255.255.255.0 # Maintain a record of client <-> virtual IP address # associations in this file. If OpenVPN goes down or # is restarted, reconnecting clients can be assigned # the same virtual IP address from the pool that was # previously assigned. ifconfig-pool-persist ipp.txt # Configure server mode for ethernet bridging. # You must first use your OS's bridging capability # to bridge the TAP interface with the ethernet # NIC interface. Then you must manually set the # IP/netmask on the bridge interface, here we # assume 10.8.0.4/255.255.255.0. Finally we # must set aside an IP range in this subnet # (start=10.8.0.50 end=10.8.0.100) to allocate # to connecting clients. Leave this line commented # out unless you are ethernet bridging. ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 # Configure server mode for ethernet bridging # using a DHCP-proxy, where clients talk # to the OpenVPN server-side DHCP server # to receive their IP address allocation # and DNS server addresses. You must first use # your OS's bridging capability to bridge the TAP # interface with the ethernet NIC interface. # Note: this mode only works on clients (such as # Windows), where the client-side TAP adapter is # bound to a DHCP client. ;server-bridge # Push routes to the client to allow it # to reach other private subnets behind # the server. Remember that these # private subnets will also need # to know to route the OpenVPN client # address pool (10.8.0.0/255.255.255.0) # back to the OpenVPN server. ;push "route 192.168.10.0 255.255.255.0" ;push "route 192.168.20.0 255.255.255.0" # To assign specific IP addresses to specific # clients or if a connecting client has a private # subnet behind it that should also have VPN access, # use the subdirectory "ccd" for client-specific # configuration files (see man page for more info). # EXAMPLE: Suppose the client # having the certificate common name "Thelonious" # also has a small subnet behind his connecting # machine, such as 192.168.40.128/255.255.255.248. # First, uncomment out these lines: ;client-config-dir ccd ;route 192.168.40.128 255.255.255.248 # Then create a file ccd/Thelonious with this line: # iroute 192.168.40.128 255.255.255.248 # This will allow Thelonious' private subnet to # access the VPN. This example will only work # if you are routing, not bridging, i.e. you are # using "dev tun" and "server" directives. # EXAMPLE: Suppose you want to give # Thelonious a fixed VPN IP address of 10.9.0.1. # First uncomment out these lines: ;client-config-dir ccd ;route 10.9.0.0 255.255.255.252 # Then add this line to ccd/Thelonious: # ifconfig-push 10.9.0.1 10.9.0.2 # Suppose that you want to enable different # firewall access policies for different groups # of clients. There are two methods: # (1) Run multiple OpenVPN daemons, one for each # group, and firewall the TUN/TAP interface # for each group/daemon appropriately. # (2) (Advanced) Create a script to dynamically # modify the firewall in response to access # from different clients. See man # page for more info on learn-address script. ;learn-address ./script # If enabled, this directive will configure # all clients to redirect their default # network gateway through the VPN, causing # all IP traffic such as web browsing and # and DNS lookups to go through the VPN # (The OpenVPN server machine may need to NAT # or bridge the TUN/TAP interface to the internet # in order for this to work properly). push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8" # Certain Windows-specific network settings # can be pushed to clients, such as DNS # or WINS server addresses. CAVEAT: # http://openvpn.net/faq.html#dhcpcaveats # The addresses below refer to the public # DNS servers provided by opendns.com. ;push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" # Uncomment this directive to allow different # clients to be able to "see" each other. # By default, clients will only see the server. # To force clients to only see the server, you # will also need to appropriately firewall the # server's TUN/TAP interface. ;client-to-client # Uncomment this directive if multiple clients # might connect with the same certificate/key # files or common names. This is recommended # only for testing purposes. For production use, # each client should have its own certificate/key # pair. # # IF YOU HAVE NOT GENERATED INDIVIDUAL # CERTIFICATE/KEY PAIRS FOR EACH CLIENT, # EACH HAVING ITS OWN UNIQUE "COMMON NAME", # UNCOMMENT THIS LINE OUT. ;duplicate-cn # The keepalive directive causes ping-like # messages to be sent back and forth over # the link so that each side knows when # the other side has gone down. # Ping every 10 seconds, assume that remote # peer is down if no ping received during # a 120 second time period. keepalive 10 120 # For extra security beyond that provided # by SSL/TLS, create an "HMAC firewall" # to help block DoS attacks and UDP port flooding. # # Generate with: # openvpn --genkey --secret ta.key # # The server and each client must have # a copy of this key. # The second parameter should be '0' # on the server and '1' on the clients. ;tls-auth ta.key 0 # This file is secret # Select a cryptographic cipher. # This config item must be copied to # the client config file as well. ;cipher BF-CBC # Blowfish (default) ;cipher AES-128-CBC # AES ;cipher DES-EDE3-CBC # Triple-DES # Enable compression on the VPN link. # If you enable it here, you must also # enable it in the client config file. comp-lzo # The maximum number of concurrently connected # clients we want to allow. ;max-clients 100 # It's a good idea to reduce the OpenVPN # daemon's privileges after initialization. # # You can uncomment this out on # non-Windows systems. ;user nobody ;group nogroup # The persist options will try to avoid # accessing certain resources on restart # that may no longer be accessible because # of the privilege downgrade. persist-key persist-tun # Output a short status file showing # current connections, truncated # and rewritten every minute. status openvpn-status.log # By default, log messages will go to the syslog (or # on Windows, if running as a service, they will go to # the "\Program Files\OpenVPN\log" directory). # Use log or log-append to override this default. # "log" will truncate the log file on OpenVPN startup, # while "log-append" will append to it. Use one # or the other (but not both). ;log openvpn.log ;log-append openvpn.log # Set the appropriate level of log # file verbosity. # # 0 is silent, except for fatal errors # 4 is reasonable for general usage # 5 and 6 can help to debug connection problems # 9 is extremely verbose verb 3 # Silence repeating messages. At most 20 # sequential messages of the same message # category will be output to the log. ;mute 20 I've tried on multiple computers by the way. The same result on all of them. What could be wrong? Thanks in advance, and if you need other information I'll gladly post it. Information for new comments root@vps:~# iptables -L -n -v Chain INPUT (policy ACCEPT 862K packets, 51M bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 3 packets, 382 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 4641 298K ACCEPT all -- * * 10.8.0.0/24 0.0.0.0/0 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT 1671K packets, 2378M bytes) pkts bytes target prot opt in out source destination And root@vps:~# iptables -t nat -L -n -v Chain PREROUTING (policy ACCEPT 17937 packets, 2013K bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 8975 packets, 562K bytes) pkts bytes target prot opt in out source destination 1579 103K SNAT all -- * * 10.8.0.0/24 0.0.0.0/0 to:SERVERIP Chain OUTPUT (policy ACCEPT 8972 packets, 562K bytes) pkts bytes target prot opt in out source destination

    Read the article

  • Routing traffic to another internal network

    - by Jason
    OK, so here is the scenario. I have 4 Locations connected with an MPLS. I have installed an ASA at the primary location which is 10.20.1.0. Traffic is fine internally and to the world, however... I can't route traffic over the MPLS to another network. It is being blocked by an implicit deny rule even though there is a rule to allow any to any less secure interface (it should be using the same interface in/out, right?). I have a static route for the network in and the ASA can ping it - Just not traffic on the internal network of the ASA. -Jason

    Read the article

  • Routing for IPSec tunnel

    - by Emre A
    For Juniper NetScreen-NS25, I configured a site-to-site IPSec tunnnel. For the outside interface of remote site, I also needed to go through tunnel which has the same IP as IPSec gateway. Now, when I add static route to route that outside interface IP through tunnel while tunnel is up, there would be no problem at all but if the tunnel is down for some reason, it cannot be re-established as the routing for the IPSec gateway IP which is the same as outside interface IP is set to go through tunnel which it needed to re-etablish at that time. So, packets won't hit that IP. I tried adding another routing entry which has metric 2 through other gateway but it did'nt succeeded. So, what type of routing should I configure to reach that IP when tunnel is down. Thanks in advance.

    Read the article

  • Bridging Network Devices with Multiple IPs

    - by Andy
    I have a small server with a single NIC that I am trying to get a bridge functioning on so that I can run KVM. On this NIC I have a couple IPs statically assigned to it: eth0 = 192.168.1.1 eth0:1 = 192.168.1.2 eth0:2 = 192.168.1.3 eth0:3 -> Assign the bridge to this I am attempting to set up a bridge using the following instructions: sudo brctl addbr br0 sudo brctl addif br0 eth0:3 sudo ifconfig br0 192.168.1.120 netmask 255.255.255.0 up sudo route add -net 192.168.1.0 netmask 255.255.255.0 br0 sudo route add default gw 192.168.1.1 br0 sudo tunctl -b -u root -t tap0 > /dev/null sudo ifconfig tap0 up sudo brctl addif br0 tap0 However, when I do the second command: sudo brctl addif br0 eth0:3 It puts the ENTIRE eth0 device into promiscuous mode. This knocks the server offline and inaccessible by anything other than locally. Is there a way to bridge JUST eth0:3 to br0 and not put the entire device into promiscuous mode?

    Read the article

  • Setting up Windows 2008 with VPN and NAT

    - by Benson
    I have a Windows 2008 box set up with VPN, and that works quite well. NPS is used to validate the VPN clients, who are able to access the private address of the server, once connected. I can't for the life of me get NAT working for the VPN clients, though. I've added NAT as a routing protocol, and set the one on in the VPN address pool as private, and the other as public - but it still won't NAT connections when I add a route through the VPN server's IP on the client side (route add SomeInternetIp IpOfPrivateInterfaceOnServer). I know I can reach the server's private interface (which happens to be 10.2.2.1) with remote desktop client, so I can't think of any issues with the VPN.

    Read the article

  • Migrate apache->tomcat to nginx->tomcat

    - by Slezhuk
    Now we are using apache2 as frontend, and tomcat as backend. We are using mod_proxy_balancer and AJP. Also we are using stickysession by JSESSIONID cookie: <Proxy balancer://backend> BalancerMember ajp://127.0.0.1:8008 min=10 max=100 ping=5 connectiontimeout=40 ttl=60 retry=20 route=node-1 BalancerMember ajp://127.0.0.1:8009 min=10 max=100 ping=5 connectiontimeout=40 ttl=60 retry=20 route=node-2 ProxySet lbmethod=byrequests timeout=30 ProxySet stickysession=JSESSIONID|jsessionid nofailover=Off </Proxy> and using jvmRoute parameter in web.xml to add tail to JSESSIONID cookie: <Engine name="Catalina" defaultHost="localhost" jvmRoute="node-1"> So far i did not found way to do this in nginx. Is there any solution for this? We are not using session replication, so getting sequential requests to same backend is crucial.

    Read the article

  • Cisco IPSec, nat, and port forwarding don't play well together

    - by Alan
    I have two Cisco ADSL modems configured conventionally to nat the inside traffic to the ISP. That works. I have two port forwards on one of them for SMTP and IMAP from the outside to the inside this provides external access to the mail server. This works. The modem doing the port forwarding also terminates PPTP VPN traffic. There are two DNS servers one inside the office which resolves mail to the local address, one outside the office which resolves mail for the rest of the world to the external interface. That all works. I recently added an IPSec VPN between the two modems and that works for every thing EXCEPT connections over the IPSec VPN to the mail server on port 25 or 143 from workstations on the remote lan. It would seem that the modem with the port forwards is confusing traffic from the mail server destined for a machine on the other side of the IPSec VPN for traffic that should go back to a port forward connection. PPTP VPN traffic to the mail server is fine. Is this a scenario anybody is familiar with and are there any suggestions on how to work around it? Many thanks Alan But wait there is more..... This is the strategic parts of the nat config. A route map is used to exclude the lans that are reachable via IPSec tunnels from being Nated. int ethernet0 ip nat inside int dialer1 ip nat outside ip nat inside source route-map nonat interface Dialer1 overload route-map nonat permit 10 match ip address 105 access-list 105 remark *** Traffic to NAT access-list 105 deny ip 192.168.1.0 0.0.0.255 192.168.9.0 0.0.0.255 access-list 105 deny ip 192.168.1.0 0.0.0.255 192.168.48.0 0.0.0.255 access-list 105 permit ip 192.168.1.0 0.0.0.255 any ip nat inside source static tcp 192.168.1.241 25 interface Dialer1 25 ip nat inside source static tcp 192.168.1.241 143 interface Dialer1 143 At the risk of answering my own question, I resolved this outside the Cisco realm. I bound a secondary ip address to mail server 192.168.1.244, changed the port forwards to use it while leaving all the local and IPSec traffic to use 192.168.1.241 and the problem was solved. New port forwards. ip nat inside source static tcp 192.168.1.244 25 interface Dialer1 25 ip nat inside source static tcp 192.168.1.244 143 interface Dialer1 143 Obviously this is a messy solution and being able to fix this in the Cisco would be preferable.

    Read the article

  • Routing for IPSec tunnel

    - by Emre A
    Hello. For Juniper NetScreen-NS25, I configured a site-to-site IPSec tunnnel. For the outside interface of remote site, I also needed to go through tunnel which has the same IP as IPSec gateway. Now, when I add static route to route that outside interface IP through tunnel while tunnel is up, there would be no problem at all but if the tunnel is down for some reason, it cannot be re-established as the routing for the IPSec gateway IP which is the same as outside interface IP is set to go through tunnel which it needed to re-etablish at that time. So, packets won't hit that IP. I tried adding another routing entry which has metric 2 through other gateway but it did'nt succeeded. So, what type of routing should I configure to reach that IP when tunnel is down. Thanks in advance.

    Read the article

  • Force local IP traffic to an external interface

    - by calandoa
    I have a machine with several interfaces that I can configure as I want, for instance: eth1: 192.168.1.1 eth2: 192.168.2.2 I would like to be able to forward all the traffic to one of these local address trhough the other interface. For instance, all requests to an iperf, ftp, http server at 192.168.1.1 are not just routed internally, but forwarded through eth2 (and the external network will take care of re-routing the packet to eth1). I tried and looked at several commands, like iptables, ip route, etc... but nothing worked. The closest behavior I could get was done with: ip route change to 192.168.1.1/24 dev eth2 which send all 192.168.1.x on eth2, except for 192.168.1.1 which is still routed internally. The goal of this setup is to do interface driver testing without using two PCs. I am using Linux, but if you know how to do that with Windows, I'll buy it!

    Read the article

< Previous Page | 51 52 53 54 55 56 57 58 59 60 61 62  | Next Page >