Search Results

Search found 5390 results on 216 pages for 'ssl vpn'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 83/216 | < Previous Page | 79 80 81 82 83 84 85 86 87 88 89 90  | Next Page >

  • How to scope access to a service to set of users, using OpenLDAP, and only OUs

    - by JDS
    Okay, here goes. Solving this will solve several problems for me (as I can reapply this knowledge to several extant, similar problems), but luckily I have a very specific, concise problem to describe. Enough preamble. Our hosting partner is setting up VPN access for us and is connecting it to our LDAP server. They are using Cisco VPN, the docs on setting this up are here: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c3c45.shtml#maintask1 Specifically, note the screenshot in (5), under "ASDM" Now, I do NOT want to provide access to all of our users. I only want to provide access to our IT group. But I do not see a configuration option for LDAP groups on that web reference for the Cisco VPN. We are using: OpenLDAP 2.4 Static groups (i.e. "Group has the following members...") Single user OU, "ou=users,dc=mycompany,dc=com" Is it possible to provide an alias of some kind in OpenLDAP that creates another OU, "itusers", say, and lets me alias the members of that OU somehow? Something like: "cn=Jeff Silverman,ou=itusers,dc=mycompany,dc=com" is an alias for "cn=Jeff Silverman,ou=users,dc=mycompany,dc=com" And is NOT a separate, unique user account. Alternatively, should I just create a separate OU and manage it separately? It is a pain, but only 12-15 users will have to be managed that way, with two separate user accounts. But I hate this option - messy, unmanageable, unscalable. You know what I mean. I am open to any options. I've searched and read all over but I can't quite find an directly analagous example. I can't possibly be the only one who's had this problem! Thanks!

    Read the article

  • Windows Server 2008 DHCP with RRAS

    - by Guillermo Prandi
    I have a Windows Server 2008 R2 which is a member of a domain, but is placed in a remote location. The server is directly connected to Internet. Clients need to access a particular insecure TCP service in this server (ports 9730 and 9731). Since clients have dynamic IP addresses I cannot know in advance, I thought it would be nice to have them connected through a VPN in order to access the insecure service, but ONLY to access that service, like this: Client ------> VPN TUNNEL ------> (Insecure service at Server) | \----> (Normal internet access) I'd enable the insecure ports in the firewall only from VPN accesses. For this I configured RRAS in the server and gave it a static IP address range (172.19.1.2 through 172.19.1.254) to serve the clients. First I thought I could use DHCP to assign the addresses, but I cannot use DHCP in my LAN connection (not allowed by the hosting service). I tried configuring DHCP binding it to a Microsoft Loopback Adapter, but that's not supported as a DHCP source by RRAS. What I want to accomplish is to send specific DHCP options to the client (network mask, routing table, etc.). In particular: Prevent the client from having the server as default router (without changing the client's "use default gateway in remote network"). Have it as a route for the server's internal RRAS address only (172.19.1.1). Prevent the client from using a 255.255.0.0 mask for the 172.19.x.x network (a 255.255.255.0 mask would be better). Can I do that with RRAS only? How? Currently, the only solution I can think of is to use DHCP in the LAN adapter, but filter DHCP packets so they don't reach the provider's network. However, I'm not sure if that will work. Any suggestions are welcomed! Guille

    Read the article

  • SSH over HTTPS with proxytunnel and nginx

    - by Thermionix
    I'm trying to setup an ssh over https connection using nginx. I haven't found any working examples, so any help would be appreciated! ~$ cat .ssh/config Host example.net Hostname example.net ProtocolKeepAlives 30 DynamicForward 8118 ProxyCommand /usr/bin/proxytunnel -p ssh.example.net:443 -d localhost:22 -E -v -H "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)" ~$ ssh [email protected] Local proxy ssh.example.net resolves to 115.xxx.xxx.xxx Connected to ssh.example.net:443 (local proxy) Tunneling to localhost:22 (destination) Communication with local proxy: -> CONNECT localhost:22 HTTP/1.0 -> Proxy-Connection: Keep-Alive -> User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32) <- <html> <- <head><title>400 Bad Request</title></head> <- <body bgcolor="white"> <- <center><h1>400 Bad Request</h1></center> <- <hr><center>nginx/1.0.5</center> <- </body> <- </html> analyze_HTTP: readline failed: Connection closed by remote host ssh_exchange_identification: Connection closed by remote host Nginx config on the server; ~$ cat /etc/nginx/sites-enabled/ssh upstream tunnel { server localhost:22; } server { listen 443; server_name ssh.example.net; location / { proxy_pass http://tunnel; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect off; } ssl on; ssl_certificate /etc/ssl/certs/server.cer; ssl_certificate_key /etc/ssl/private/server.key; } ~$ tail /var/log/nginx/access.log 203.xxx.xxx.xxx - - [08/Feb/2012:15:17:39 +1100] "CONNECT localhost:22 HTTP/1.0" 400 173 "-" "-"

    Read the article

  • Cannot connect on TFS 2012 server through SSL with invalid certificate

    - by DaveWut
    I saw the problem on some forums and even here, but not as specific as mine. So here's the thing, So I've configured a TFS 2012 server, on one of my personnel server at home, and now, I'm trying to make it available through the internet, with the help of apache2 on a different UNIX based, physical server. The thing is working perfectly, I don't have any problem accessing the address https://tfs.something.com/tfs through my browser. The address can be pinged and I do have access to the TFS control panel through it. How does it work? Well, with apache2 you can set a virtual host and set up the ProxyPass and ProxyPassReserver setting, so the traffic can externally comes from a secure SSL connection, through a specified domain or sub-domain, but it can be locally redirect on a clear http session on a different port. This is my current setup. As I already said, I can access the web interface, but when I'm trying to connect with Visual Studio 2012, it can't be done. Here's the error I receive: http://i.imgur.com/TLQIn.png The technical information tells me: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. My SSL certificate is invalid and was automatically generated on my UNIX server. Even if I try to add it in the Trusted Root Certification Authorities either on my TFS server or on my local workstation, it doesn't work. I still receive the same error. Is there's a way to completely ignore certificate validation? If not, what's have I done? I mean, I've added the certificate in the trusted root certificates, it should works as mentioned on some forums... If you need more information, please ask me, I'll be pleased to provide you more. Dave

    Read the article

  • Esx servers in a DMZ

    - by James
    I have two ESX 3.5 servers in a DMZ. I can access these servers on any port from my lan via a VPN. Servers in the DMZ are unable to initiate connections back to the lan, for obvious reasons. I have a vCenter server on my lan and can initially connect to the esx servers fine. However the esx servers then try to send a hearth beat back to the vCenter server on udp/902 obviously this will not get back to the vCenter server, which then marks the ESX servers as not responding and disconnects. There are two broad solutions I can think of; 1) Try to tell vCenter to ignore not getting heart beats. The best I can do here is delay the disconnect by 3 mins. 2) Try some clever network solution. However again I am at loss. Note: The vCenter server is on a lan, and cannot be given a public IP, so firewall rules back will not work. And also I cannot setup a VPN from the DMZ to the lan. **I am adding the following, explanation that I added to the comments Ok maybe this is the bit that I not explaining well. The DMZ is on a remote site, an entirely independent network (network 1). The vCenter server is on our office lan (network 2). Network 2 can connect to any machine on any port on network 1. But network 1 is not allowed to initiate a connection to network 2. Any traffic destined to network 2 from network 1 gets dropped by the firewall as it is traffic to a non-routable address. The only solution I can think of is setting up a VPN from network 1 to network 2, but this is not acceptable So any clever folk out there any ideas? J

    Read the article

  • Windows Server 2003 SBS domain in multiple sites

    - by E3 Group
    We have about 25 employees in our current office and are looking to open up another office in another capital city housing about 15 employees. In our current office, we are running a domain hosted by a 2003 SBS server and I've been tasked by the boss to expand our infrastructure to the new office in the cheapest way possible (cheapest way in the short run that is, because my boss doesn't think more than 6 months ahead). So I'm looking to get a second hand server and have it run Server 2003 Std with exchange server 2003. These are the things that it needs to do: Replicate shared folders that are hosted in the parent LAN. Deliver emails hosted in the parent Exchange Server Somehow link up with the parent domain controller and push the AD to the remote site I'm pretty sure 3 is impossible but the DC would be available if a VPN connection is present, right? On that note, would I be looking at hardware VPN connections? I'm not sure how to deploy the new site as this is my first time doing it and i'm making it especially difficult for myself, seeing as the AD and DC is on an SBS server. Would I first start by establishing a VPN connection and then joining the new server to the domain? Will things 'just work' if I install exchange onto the new server and point outlooks to it? and how would I be able to replicate shared folders?

    Read the article

  • Client authentication with RubyLDAP ldap

    - by Marcelo de Moraes Serpa
    Hello all, I'm trying to implement a feature that uses LDAP over SSL (SSL, not TLS), it needs to connect to a SSL-enabled LDAP server (i.e OpenLDAP), bind and then do any additional queries. It also needs to support client-authentication, and this is where things get tricky: The client is a web application written in Ruby, and we are using RubyLDAP (so far we have used it for non-SSL ldap stuff with great success). My question is: Is there a way to load a client certificate and send its data over the wire to the LDAP server when doing a LDAP::SSLConn? I haven't found anything obvious on the API docs (http://ruby-ldap.sourceforge.net/rdoc/) nor while googling around. I know I that I can prevent the server from asking for a certificate by putting the following on slapd.conf (OpenLDAP): TLSVerifyClient never However, this is not an option here. Thanks, Marcelo.

    Read the article

  • Different network response for indentical co-located machines

    - by Santosh
    We have a situation as follows: We have a two different virtual machines (VMs) on some remote server farm. The machines are identical in terms of hardware/software(OS) configurations. We have a J2EE application running on JBoss on each of those two machines. These two applications are of different version sav V1 on VM1 and V2 on VM2. We observed some degraded response time for application V2 when accessed via public URL. When we accessed the application through a secured VPN, there is hardly any difference. The bandwidth test (upload/download speed, ping etc) shows that VM1 is responding better when accessed via secured VPN. We concluded that the application does not seem to have performance issue. Because, it that's the case the performance degradation should also be there when access via VPN. So we concluded its the network problem. But since those two identical VMs are on same network we are looking for the reasons for different responses. My question is, given the above situation, what could be reasons for such a behavior ?

    Read the article

  • IPSec Tunnel to Amazon EC2 - Netkey, NAT, and routing problem

    - by Ernest Mueller
    Hey all, I'm working on getting an IPSec VPN working between Amazon EC2 and my on-premise. The goal is to be able to safely administer stuff, up/download data, etc. over that tunnel. I have gotten the tunnel up in openswan between a Fedora 12 instance with an elastic IP and a Cisco router that's also NATted. I think the ipsec part is OK, but I'm having trouble figuring out how to route traffic that way; there's no "ipsec0" virutal interface because on Amazon you have to use netkey and not KLIPS for the vpn. I hear iptables may be required and I'm an iptables noob. On the left (Amazon), I have a 10. network. Box 1 is privately 10.254.110.A, publically IP 184.73.168.B. Netkey tunnel is up. Box 2 is publically 130.164.26.C, privately 130.164.0.D And my .conf is: conn ni type= tunnel authby= secret left= 10.254.110.A leftid= 184.73.168.B leftnexthop= %defaultroute leftsubnet= 10.254.0.0/32 right= 130.164.26.C rightid= 130.164.0.D rightnexthop= %defaultroute rightsubnet= 130.164.0.0/18 keyexchange= ike pfs= no auto= start keyingtries= 3 disablearrivalcheck=no ikelifetime= 240m auth= esp compress= no keylife= 60m forceencaps= yes esp= 3des-md5 I added a route to box 1 (130.164.0.0/18 via 10.254.110.A dev eth0) but that doesn't do it for predictable reasons, when I traceroute the traffic's still going "around" and not through the vpn. Routing table: 10.254.110.0/23 dev eth0 proto kernel scope link src 10.254.110.A 130.164.0.0/18 via 10.254.110.178 dev eth0 src 10.254.110.A 169.254.0.0/16 dev eth0 scope link metric 1002 Anyone know how to do the routing with a netkey ipsec tunnel where both sides are NATted? Thanks...

    Read the article

  • RRAS with DHCP when the IP pool is on a different subnet

    - by John B
    I run a small business network and the last couple of days I have been setting up some equipment to add VPN capabilities to our network. I've got the following set up: Windows 2008 R2 with RRAS - 172.22.200.50 Cisco RV082 router - 172.22.100.1 / 172.22.200.1 The Cisco router only support DHCP on a single class C network; 172.22.100.0/24. On the Cisco router I have set up an additional subnet; 172.22.200.0/24. The DHCP range is 172.22.100.200-254 When a PPTP connection comes in to the router, it is forwarded to my RRAS at 172.22.200.50. If I configure RRAS to assign IPs from a static pool on the 172.22.200.0/24 subnet everything works fine except the DNS suffix / search domain. However, if I set RRAS to use DHCP I am no longer able to contact any devices on the network. The IP I receive is on a different subnet (172.22.100.0/24). Is it possible to still use DHCP as the method of ip assignment in RRAS, even when the IP adresses assigned are in a different subnet? If yes, what piece of configuration am I missing to fix the VPN connection issues mentioned in the paragraph above. The reason I want RRAS with DHCP to work is because from what I have understood, this is the "only" way to hand out a DNS suffix to VPN clients. Any help on this matter is greatly appreciated!

    Read the article

  • authorizet.net local testing and ssl certificate

    - by Funky Dude
    hi i am integrating authorize.net AIM api into my shopping cart. i have a developer account from auth.net and i am working locally. when i do auth.net api call, i get SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed i assume it's because i dont have ssl on my local machine. how do i get over this so i can test on my local machine? thank you

    Read the article

  • Wildcard SSL and Apache configuration

    - by Nitai
    Hi all, I'm pulling my hard on this configuration, which probably is simply. I have a wildcard ssl certificate which is working. I have the website setup to run on domain.com under SSL. Now, I'm in need to run many subdomains (*.domain.com) on the same server with the same SSL certificate. Shouldn't be that hard, right? Well, I can't get it going. Point is, that the first config is another Tomcat server that serves another site and listens to domain.com and www.domain.com. The other config listens to *.domain.com and pulls the content from another Tomcat server. I already tried this whole setup with mod_rewrite, but simply don't see what I'm doing wrong. Any help very much appreciated. Here is my conf in Apache 2.2: <VirtualHost *:443> SSLEngine on SSLCertificateFile ... SSLCertificateKeyFile ... SSLCertificateChainFile ... ServerName domain.com ServerAlias www.domain.com ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPreserveHost On ProxyPass / ajp://localhost:8010/ ProxyPassReverse / ajp://localhost:8010/ </VirtualHost> <VirtualHost *:443> SSLEngine on SSLCertificateFile ... SSLCertificateKeyFile ... SSLCertificateChainFile ... ServerName domain.com ServerAlias *.domain.com ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPreserveHost On ProxyPass / ajp://localhost:8009/ ProxyPassReverse / ajp://localhost:8009/ </VirtualHost> Thanks.

    Read the article

  • How to access remote network resource from local machine

    - by jerluc
    I just configured VPN access successfully so that I now can connect to my workstation at work from my personal Linux box at home. The problem is that all of my dev files for a server I'm locally running are on my personal box and cannot be transfered to my workstation (at least not in any timely manner over this connection given the amount of data, in addition to the many reconfigurations which would be required for the server to run even if I could somehow get the files across). So essentially, I am able to run my server locally on my personal computer, however, the data-sources required for the back-end are accessible only from within the office's network. But is there some way for me to somehow either access the data-sources directly through a VPN connection or even if I need to be a bit more convoluted by connecting via VPN to my workstation and then somehow connecting to the data-sources through my workstation to my personal computer? And here I could really care less about the speed of the connection from my server to the data-sources since they will probably only be fetched a few times every hour or so. Thanks! Sorry if this a stupid question and/or doesn't make any sense! (And sorry for anyone who read this at stackoverflow, I posted it in the wrong area.)

    Read the article

  • Netgear FVS336G: appropriate solution for today's small businesses?

    - by bwerks
    Hey all, I've been looking into a routers to facilitate a vpn solution for a small business. While the Netgear FVS336G looks good on paper, it appears to have some fairly crippling setbacks that drag down what appears to be some great hardware. First off, the unit has been around for a couple years now, perhaps before 64-bit operating systems were as common as they are now, and complaints are everywhere that claim that SSL or IPsec (or both) VPN connections will not work with 64-bit operating systems. However, most of these claims mention only Vista, which makes me think that these problems could have potentially been solved since then. Unfortunately though, Netgear's support forums seem to be incredibly private, and policed by some troll named jmizuguchi who just closes down public posts in order to marshal them into the private ones. Danger, will robinson. Apparently their firmware upgrade process is a nightmare too, but that's beside the point. My question is this: has anyone configured one a Netgear FVS336G to operate in a server 2008 (or R2)/windows 7 64-bit network? If so, is it possible to use the microsoft vpn client or are third party clients still required? If this thing has just failed the test of time, is there a feature-comparable unit that I've missed, at anywhere near the same price range? Thanks!

    Read the article

  • IPSec Tunnel to Amazon EC2 - Netkey, NAT, and routing issue

    - by Ernest Mueller
    I'm working on getting an IPSec VPN working between Amazon EC2 and my on-premise. The goal is to be able to safely administer stuff, up/download data, etc. over that tunnel. I have gotten the tunnel up in openswan between a Fedora 12 instance with an elastic IP and a Cisco router that's also NATted. I think the ipsec part is OK, but I'm having trouble figuring out how to route traffic that way; there's no "ipsec0" virutal interface because on Amazon you have to use netkey and not KLIPS for the vpn. I hear iptables may be required and I'm an iptables noob. On the left (Amazon), I have a 10. network. Box 1 is privately 10.254.110.A, publically IP 184.73.168.B. Netkey tunnel is up. Box 2 is publically 130.164.26.C, privately 130.164.0.D And my .conf is: conn ni type= tunnel authby= secret left= 10.254.110.A leftid= 184.73.168.B leftnexthop= %defaultroute leftsubnet= 10.254.0.0/32 right= 130.164.26.C rightid= 130.164.0.D rightnexthop= %defaultroute rightsubnet= 130.164.0.0/18 keyexchange= ike pfs= no auto= start keyingtries= 3 disablearrivalcheck=no ikelifetime= 240m auth= esp compress= no keylife= 60m forceencaps= yes esp= 3des-md5 I added a route to box 1 (130.164.0.0/18 via 10.254.110.A dev eth0) but that doesn't do it for predictable reasons, when I traceroute the traffic's still going "around" and not through the vpn. Routing table: 10.254.110.0/23 dev eth0 proto kernel scope link src 10.254.110.A 130.164.0.0/18 via 10.254.110.178 dev eth0 src 10.254.110.A 169.254.0.0/16 dev eth0 scope link metric 1002 Anyone know how to do the routing with a netkey ipsec tunnel where both sides are NATted? Thanks...

    Read the article

  • iphone: is there any secure way to establish 2-way SSL from an application

    - by pmilosev
    Hi I need to establish a HTTPS 2-way SSL connection from my iPhone application to the customer's server. However I don't see any secure way to deliver the client side certificates to the application (it's an e-banking app, so security is really an issue). From what I have found so far the only way that the app would be able to access the certificate is to provide it pre-bundeled with the application itself, or expose an URL from which it could be fetched (http://stackoverflow.com/questions/2037172/iphone-app-with-ssl-client-certs). The thing is that neither of this two ways prevent some third party to get the certificate, which if accepted as a risk eliminates the need for 2-way SSL (since anyone can have the client certificate). The whole security protocol should look like this: - HTTPS 2-way SSL to authenticate the application - OTP (token) based user registration (client side key pair generated at this step) - SOAP / WSS XML-Signature (requests signed by the keys generated earlier) Any idea on how to establish the first layer of security (HTTPS) ? regards

    Read the article

  • How do I Install Intermediate Certificates (in AWS)?

    - by getmizanur
    I have installed private key (pem encoded) and public key certificate (pem encoded) on Amazon Load Balancer. However, when I check the SSL with site test tool, I get the following error: Error while checking the SSL Certificate!! Unable to get the local issuer of the certificate. The issuer of a locally looked up certificate could not be found. Normally this indicates that not all intermediate certificates are installed on the server. I converted crt file to pem using these commands from this tutorial: openssl x509 -in input.crt -out input.der -outform DER openssl x509 -in input.der -inform DER -out output.pem -outform PEM During setup of Amazon Load Balancer, the only option I left out was certificate chain. (pem encoded) However, this was optional. Could this be cause of my issue? And if so; How do I create certificate chain? UPDATE If you make request to VeriSign they will give you a certificate chain. This chain includes public crt, intermediate crt and root crt. Make sure to remove the public crt from your certificate chain (which is the top most certificate) before adding it to your certification chain box of your Amazon Load Balancer. If you are making HTTPS requests from an Android app, then above instruction may not work for older Android OS such as 2.1 and 2.2. To make it work on older Android OS: go here click on "retail ssl" tab and then click on "secure site" "CA Bundle for Apache Server" copy and past these intermediate certs into certificate chain box. just incase if you have not found it here is the direct link. If you are using geo trust certificates then the solution is much the same for Android devices, however, you need to copy and paste their intermediate certs for Android.

    Read the article

  • Debug HTTPS errors

    - by Murkin
    Hello everyone, When accessing my site, the SSL session is successful while the page loads. A few seconds after the page loaded FireFox shows that SSL is no longer available. I am guessing its some script (all I have is Google Analytics and Facebook). How can I see what caused FireFox (or IE/Chrome) to drop the SSL and why ?

    Read the article

  • How to set up a easy-to-use proxy for the whole system with WinXP client and server?

    - by Pekka
    I am working together intensively with a colleague on the Canary Islands. We speak through live messenger and work together using a RDP software. She has frequent problems with connections to certain big-name and small-name sites (amongst others live.com, google.com, gmx.de) very likely to be caused by the spanish provider (the connections simply time out, this has been going on for weeks already). I have been thinking about setting up my computer as a proxy to make these connections work. I have a DSL connection and am behind a NAT capable router that I control. Does anybody know a simple, "one-click" way to transport ALL network traffic through a remote proxy? Without having to set proxy settings for each application that uses the internet? VPN is not an option, because I am behind a firewall that supports protocol 47 and such, but I have never succeeded in getting an incoming VPN connection to work. I can however redirect normal traffic using NAT. A VPN solution that does not need strange protocols would also be an option.

    Read the article

  • Running HTTP and HTTPS connections for a single domain (say, www.example.com) through a Cisco ACE SS

    - by Paddu
    My web application config has a Cisco ACE load balancing across a server farm and I want to use the ACE as an SSL endpoint as well. To make this work, the network architect has come up with a design where all secure pages have to be served from secure.my-domain.com, while non-secure pages are served up from www.my-domain.com. The reason for this is apparently that the configuring the Cisco ACE to accept HTTPS requests on port 443 for a particular public IP prevents the simultaneous acceptance of HTTP requests on port 80 for the same IP. While I'm not a networking (or Cisco) expert, this seems to be intuitively wrong, as it would prevent any website using the Cisco ACE to serve pages on http://www.my-domain.com and https://www.my-domain.com simultaneously. In this situation, my questions are: Is this truly a limitation of the Cisco ACE when used as an SSL endpoint? If not, then can I assume that we can set up the ACE to accept connections for a particular IP on ports 80 and 443, and function as an SSL endpoint for the incoming requests on 443? Links to appropriate documentation most welcome here. Assuming the setup in the previous question, can I then redirect both sets of requests to the same server farm on the same port?

    Read the article

  • Secure data from a server to a workstation using jumper hosts

    - by apalsson
    Hello. I have a WWW-server, my problem is that the content is sensitive and should not be accessible for people without proper credentials. How can I improve the ease of use but still maintain security following scenario; The Server is accessed through a "jumper host", i.e. the client connects to the jumper using VPN-connection and uses RemoteDesktop to access the jumper. From the jumper he uses RemoteDesktop again to access the Server. Finally on the Server the user can access content using a WWW-browser. All the way from the VPN-client to the WWW-browser requires authentication using a SmartCard-token. This seems quite secure to me. Content only gets mirrored on the RemoteDesktop between Server and jumper, no cached files to worry about. Connection between jumper and client is protected using VPN(ssl), so no eavesdropping. But it is quite cumbersome for the clients with many steps and connections to open. :( So, how can I improve the user experience accessing my server without compromising security? Thanks.

    Read the article

  • Only tunnel certain applications via OpenVPN

    - by jinjin
    Hi, I've purchased a VPN solution, it works correctly when I have "redirect-gateway def1" in the configuration file (routing all traffic through the VPN). However when I remove that line from the configuration file, I am still able to ping-out of the machine (ping -I tap0), however I cannot ping the IP assigned to the machine (it's a public ip), i get the error: Destination Host Unreachable. I only want to have certain applications sending traffic through the VPN tunnel (eg: ZNC, irssi), all of which i can select which IP they use. However they can't recieve any data, making the tunnel essentially useless to me when disabling redirect-gateway. Any ideas on how to allow specific applications use the tunnel, without of forcing everything to go through it? My configuration file is as follows: dev tap remote #.#.#.# float #.#.#.# port 5129 comp-lzo ifconfig #.#.#.# 255.255.255.128 route-gateway #.#.#.# #redirect-gateway def1 secret key.txt cipher AES-128-CBC The output of ifconfig -a when the tunnel is connected: tap0 Link encap:Ethernet HWaddr 00:ff:47:d3:6d:f3 inet addr:#.#.#.# Bcast:#.#.#.# Mask:255.255.255.255 inet6 addr: <snip> Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:612 errors:0 dropped:0 overruns:0 frame:0 TX packets:35 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:25704 (25.1 KiB) TX bytes:6427 (6.2 KiB) EDIT: the Bcast:#.#.#.# (ifconfig) is different from route-gateway #.#.#.# (openvpn) if that makes any difference.

    Read the article

  • Having problems VPN'ing into our Windows server network.

    - by Pure.Krome
    Hi folks, When two people (on their notebooks) try to VPN to our office, only the first user gets a connection. the second user always times out. Is it possible for VPN to allow two or more people, using / sharing the same EXTERNAL PUBLIC IP to connect/authenticate? Now for some specifics (cause those two statements are very broad). I'm not in the IT Dept. I'm a developer. Our IT Dept don't really care (sigh) so it's up to me to fix this crap. Our office is all Microsoft shop stuff - servers and clients. We also have a firewall (watchguard brand?) and some other crazy setups (yes i know, it's very vague :( ). So i'm wondering - is it possible for multiple users, from the same public IP, to connect via VPN to a windows server? i'm under the impression - yes. But it is possible that this only happens when the clients (who are all behind the single, public IP .. otherwise they will have their OWN ip's) need to have UPnP running or something? this is killing me and i need to start asking the right questions cause these guys don't know what they are doing and i can't work without this happening. I know this is a vauge question with so many 'if-what's-etc' but maybe some questions/suggestions from you guys might start to lead to solving this problem. EDIT: Network Connection: WAN Miniport (PPTP)

    Read the article

  • LDAP SSL connect problem

    - by juergen
    I set up a test domain for my LDAP SSL tests and it is not working. I am using Windows Server 2008 R2 SP 1. I came so far: 1. i generated and installed my self signed certificate on the test domain controller 2. on the server i can log into ldap over SSL with the MS ldp.exe tool. 3. using ldp.exe on a client that is no in this domain the login fails with error 0x51 = "failed to connect". (i don't have a client computer that is in this domain right now) 4. I testet the certificate by using it in the IIS on the test server and I can reach the default page of the test server over SSL. (from the client that is not in the domain) 5. analysing the traffic between client and server I can see that the server is sending a certificate to the client. why isn't this working on my client computer?

    Read the article

  • Reliable router with good VPN and WAN Throughput [closed]

    - by Asdande
    I have 2 cisco rv180 VPN router. These routers are giving me lots of problems. The webpages wont load correctly, slow response to load webpages plus other many issues. I have several cases pending with cisco. I give up on these routers. I would like to know if you guys can recommend me a reliable router for our 3 branches (NY - main, SC and FL). In NY- main office, we have 55 users. In SC branch, 6 users. In Florida we only have 1 (will grow soon). I need a router capable of support: 3 VPNs Site-to-Site connection VPN throughput of at least 40-50 Mbps WAN throughput at least 100 Mpbs and up PPTP Server for at least 5 PPTP users Web filtering - all users need access to internet Good Firewall Port forwarding for FTP Server - able to show the public IPs of FTP users (rv180 cannot do that, just shows me router's LAN interface IP, opened a case with cisco, now escaleted to level 2, still no answer or workaround) Dual WAN ports for balance or backup internet. Gigabit WAN/LAN ports Price between $400-$500 range. I was thinking on the TP-LINK TL-ER6120 or TL-ER6020 according to the review on smallnetbuilder.com http://www.smallnetbuilder.com/lanwan/lanwan-reviews/31983-tp-link-tl-er6020-safestream-gigabit-dual-wan-vpn-router-reviewed but I don't want to make another mistake as I did when I bought the cisco RV180. Thank you in advance,

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 79 80 81 82 83 84 85 86 87 88 89 90  | Next Page >