Give L2TP client IP address based on username
We have L2TP set up on Mac OS X Server 10.5.7. Staff connect to this VPN to access network resources.
For one of the software packages, we have an external company look after this. For this reason they need VPN access to configure the software on this one server.
Problem is: giving them general L2TP access like our staff have, gives them access to all network resources. Ideally, I'd like to put a rule in the firewall for their IP address to be restricted to traffic to that one single server only. To add a firewall rule, they obviously need to be assigned the same IP address every time they connect to the VPN. Is it possible to configure the L2TP VPN server built into Mac OS X Server to do this?
I'm thinking this would be easier to accomplish using a restricted user account and give them access only to the items on the specific server using ACL's. They would be able to see the other servers/resources but not access them.
-Doug
Similar Messages
-
WRT54GC will not give wireless clients IP addresses
Hi, I'm here on a behalf of a friend. I'm working on a WRT54GC wireless router. The issue is that any wireless client wishing to connect to the router (after seeing the SSID) always fail at "Waiting for network" during the connection screen. However, wired clients are able to connect without any problems. I have updated the firmware to the latest one. No security features (WEP/WPA) are enabled. I have tried changing the channel and mode to no avail. MAC address filter is disabled. Wireless card drivers are up to date. I'd like to know what can be done to resolve this issue. Thanks in advance. -Keres
In the non-working computer, temporarily turn off the software firewall, including Windows Firewall, and see it this helps.
Also, give your network a unique SSID. Do not use "linksys". If you are using "linksys" you may be trying to connect to your neighbor's router. Also set "SSID Broadcast" to "enabled". This will help your computer find and lock on to your router's signal.
If you still have trouble, in the computer, go to the wireless adapter software, and go to "Preferred Networks" (sometimes called "Profiles" ), and delete all the networks you find. Reboot computer. Then return to "Preferred Networks" and re-enter your unique network SSID, and set it to "automatic login". Reboot computer. You should connect automatically.
If the above does not fix your problem, download and install the latest driver for your wireless card. -
jute way pc locked up after iTunes update. It says client Mac address 001320 be ad 25 . PXE E53 No boot file name received
pXE MOF. Exiting Broadcom PXE. ROM . How do I unlock my pc?jute way pc locked up after iTunes update. It says client Mac address 001320 be ad 25 . PXE E53 No boot file name received
pXE MOF. Exiting Broadcom PXE. ROM . How do I unlock my pc? -
I downloaded an iTunes update and when ashen I restarted my pc it locked up. It says client Mac address 001320bead25, PXE E53 No boot file name received. PXE MOF. Exiting Broadcom pie rom. How do I get my pc back!
When you installed iTunes on your work computer, then connected your iPad to that computer, it wiped what was on the iPad, then put the iTunes library (nothing) from the work computer onto the iPad. You can try copying the iTunes folder from your home computer over to your work computer, but since the apps were bought with a different account, they may not load or update properly.
-
ASA 5505 L2TP client connect problem
I am trying to connect MS l2tp clients to asa 5505 and am unsuccessful. I have tried the ASDM VPN Wizard as well as CLI and missing something. I have attached my current config. My client hits the interface and logs an error 713048 Error processing payload: Payload ID: 1. I know I am missing something simple, but I just can't see it. HELP!!!! Please
ASA configuration needs to have the following configured ...
- The preshared key needs to match the one configured in the windows client setup.
- The authentication needs to match what you have configured on the client, pap or chap ..
If chap is configured you need to readd the usernames to the ASA with the mschap keyword
at the end .. e.g
SV2-2(config)# username msclient password msclient mschap
- The DefaultRAGroup needs to be configured with the preshared key and point to a policy
that include this vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
The complete config is below ... DefaultRAGroup will be used if the preshared key is
added and nothing is specified on the client..
tunnel-group DefaultRAGroup general-attributes
address-pool vpnpool
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
authentication pap
authentication ms-chap-v2 -
Cisco 851 and "L2TP Client-Initiated Tunnels"
Hi there,
I've got cisco 851 and have to connect it to my local provider.
Unfortunately, I found it doesn't support "L2TP Client-Initiated Tunnels" feature, I couldn't find it in feature list on cisco feature navigator page for cisco 851.
Router is getting IP on wan interface by dhcp and after that must dial out to provider's router by l2tp.
Could somebody help me to configure router for that kind of connection?
Thanks, AlexcCisco 850 Series integrated services routers are fixed-configuration routers that support broadband cable and Asymmetric DSL (ADSL) over analog telephone lines connections in small offices (Figures 1 and 2). They provide the performance needed to run concurrent services, including firewall and encryption for VPNs and optional 802.11b/g for wireless networking. The Cisco Router and Security Device Manager (SDM) Web-based configuration tool simplifies setup and deployment (Figure 3), and centralized management capabilities give network managers visibility and control of router configurations at the remote site.
Try:
http://www.cisco.com/warp/public/471/ms_route.html
http://www.cisco.com/warp/public/707/cmatrix.shtml -
Same client's address for DDR and Dedicated Line
I need a help with client's access and routing.
On my side there is a 3845 router with Async module.
Clients are of 2 types: dial-up clients and dedicated line clients. All them are authenticated on Radius (chap).
Dial-up client has a computer, they dial on Group-Async (ip unnumbered GigabitEthernet0/0) and receive ip address from pool, configured on cisco (not on Radius). Thats' work perfect.
Now about leased (dedicated) line clients. They access from cisco (mostly 2610).
On my side they have configured ip on LL interface and static routing to that ip.
If this LL connection is broken, they have DDR access (call from their cisco to my Group-Async interface, same as for dial-up_only users).
What I need is to set one (only) ip address to clients with leased line access thus, that it would work for DDR-connection as well as for LL connection.
What I tried and it was successfull is:
interface Async1/0
description DDR
ip unnumbered GigabitEthernet0/0
encapsulation ppp
async mode dedicated
ppp authentication chap
interface Async1/5
description LL
ip address 192.168.1.134 255.255.255.252
encapsulation ppp
async mode dedicated
no peer default ip address
In this case I could ping 192.168.1.133 in both LL and DDR connection.
But if only I configure Async1/0 as a member of Group-Async0, I cannot ping 192.168.1.133 (client's side), interface comes to up though.
interface Group-Async0
ip unnumbered GigabitEthernet0/0
encapsulation ppp
async mode dedicated
peer default ip address pool POOL1
ppp authentication chap
group-range 1/0 1/1
ip local pool POOL1 192.168.1.1 192.168.1.11
Because cisco3845 give to client ip from pool:
*Apr 23 13:22:09.201: As1/0 IPCP: I CONFREQ [REQsent] id 42 len 10
*Apr 23 13:22:09.201: As1/0 IPCP: Address 192.168.1.133 (0x0306C0A80185)
*Apr 23 13:22:09.201: As1/0 IPCP: O CONFNAK [REQsent] id 42 len 10
*Apr 23 13:22:09.201: As1/0 IPCP: Address 192.168.1.1 (0x0306C0A80101)
*Apr 23 13:22:09.201: As1/0 IPCP: I CONFNAK [REQsent] id 1 len 10
*Apr 23 13:22:09.201: As1/0 IPCP: Address 192.168.1.134 (0x0306C0A80186)
*Apr 23 13:22:09.201: As1/0 IPCP: O CONFREQ [REQsent] id 2 len 4
*Apr 23 13:22:09.301: As1/0 IPCP: I CONFREQ [REQsent] id 43 len 4
*Apr 23 13:22:09.301: As1/0 IPCP: O CONFACK [REQsent] id 43 len 4
*Apr 23 13:22:09.309: As1/0 IPCP: I CONFACK [ACKsent] id 2 len 4
*Apr 23 13:22:09.309: As1/0 IPCP: State is Open
*Apr 23 13:22:09.309: As1/0 IPCP: Install route to 192.168.1.1
*Apr 23 13:22:10.077: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async1/0, changed state to up
One important thing is that I need to configure ip addressing for client without involving RADIUS (it will only check username and password).
Or explain me someone that its impossible and stop my sufferings...I cannot agree more with your comments! What a way to frustrate your customers!
I have been having an issue with iCloud on Mac where it kept asking me for my password and sometimes would, sometimes would not continue to access my iCloud mail. Today it just refused to connect to iCloud mail.
I looked in the Mail, Contacts and Calendars in my MacBook Pro settings and discovered that 2 iCloud accounts were present. One with my original Apple ID (a gmail address) and a second with my new iCloud email ( an @me.com address). Having deleted the second account, using the new @me.com address everything is working fine.
So from my viewpoint when I moved over to iCloud I was asked to sign in with my Apple ID (the gmail address) then to create an @me.com address. However, as far as I can see all sign ins to the new @me.com account on Macbook, iPhone and iPad need to be done through the old Apple ID (the gmail address). Is that confusing and just plain crazy???
Further, after creating the new @me.com address I soon found out that this is apparently now forever bound to my old Apple ID and cannot be changed. I mean why can't I delete the iCloud account and start anew with a different @me.com address??? Also, as everybody using iCloud must create an @me.com address why on earth can I not get rid of my old gmail address and have my entire Apple ID accessed through the new @me.com address? Creating a whole new Apple ID will not solve this as we are unable to transfer purchases between accounts.
Apple products are great IMHO, but they do seem to not think things through in a very big way sometimes...... -
Retrieve Client IP Address in a Oracle WebServices Manager Custom Policy
Hi everybody,
For some reasons i had to implement a custom policy in the OWSM, to restrict the access to webservices by Client IP Addresses. I´ve been following the examples for custom policies mentioned in the books: "Oracle Web Services Manager, Oracle Web Services Manager" by Sitaraman Lakshminarayanan, and the "Oracle® Web Services Manager Extensibility Guide 10g (10.1.3.3.0)" by Oracle. I followed the examples mentioned in those books to implement my Custom policy, the policy is successfully deployed to OWSM and it works, only by the issue that when i want to retrieve the Client Ip address it returns null, and following the example by the Oracle Guide, the HttpServletRequest its also returns null, im desperated because in every site that i finally find some info about it, quotes any of these 2 examples in those books, and mine doesnt work! this is the code of the custom policy, i´ve combined the 2 aproaches:
package project1;
import com.cfluent.ccore.util.logging.ILogger;
import com.cfluent.ccore.util.logging.Level;
import com.cfluent.ccore.util.logging.LogManager;
import com.cfluent.pipelineengine.container.MessageContext;
import com.cfluent.policysteps.sdk.AbstractStep;
import com.cfluent.policysteps.sdk.Fault;
import com.cfluent.policysteps.sdk.IMessageContext;
import com.cfluent.policysteps.sdk.IResult;
import com.cfluent.policysteps.sdk.InvocationStatus;
import com.cfluent.policysteps.sdk.Result;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Vector;
import javax.servlet.http.HttpServletRequest;
public class CustomPolicy extends AbstractStep {
private static String CLASSNAME = CustomPolicy.class.getName();
private static ILogger LOGGER = LogManager.getLogger(CLASSNAME);
private String allowedIpAddress = null;
private String allowedRoleName = null;
private String protectedServiceMethodName = null;
public CustomPolicy() {
public void init() throws IllegalStateException {
// nothing to initialize
public void destroy() {
* This is the main method which will validate that the request is coming from
* the correct IP Address and has permission to access the specified metod.
public IResult execute(IMessageContext messageContext) throws Fault {
LOGGER.entering(CLASSNAME, "execute");
Result result = new Result();
result.setStatus(IResult.FAILED); //initialize result
String processingStage = messageContext.getProcessingStage();
LOGGER.log(Level.INFO, "Processing stage is " + processingStage);
HttpServletRequest httpServletRequest = (HttpServletRequest)
messageContext.getProperty("javax.servlet.request");
String remoteAddr = httpServletRequest.getHeader("Host");
LOGGER.log(Level.SEVERE, "Dir IP:"+remoteAddr);
String remoteHost = httpServletRequest.getRemoteHost();
LOGGER.log(Level.INFO, "ADDR" + remoteAddr+ "HOST"+remoteHost);
boolean isRequest =
(IMessageContext.STAGE_REQUEST.equals(messageContext.getProcessingStage()) ||
IMessageContext.STAGE_PREREQUEST.equals(messageContext.getProcessingStage()));
//Execute the step Only when its a Request pipeline else return success
if (!isRequest) {
result.setStatus(IResult.SUCCEEDED);
return result;
MessageContext msgCtxt = (MessageContext)messageContext;
String _MethodName = msgCtxt.getRequest().getMethodName();
LOGGER.log(Level.INFO,
"Writing Allowed IP Addr before creating SOAP header " +
allowedIpAddress);
LOGGER.log(Level.INFO,
"Writing Remote IP Addr before creating SOAP header " +
msgCtxt.getRemoteAddr());
/*LOGGER.log(Level.INFO,
"Writing Remote IP Addr before creating SOAP header " +
remoteAddr);*/
String cadTempo = allowedIpAddress;
Vector vect = new Vector();
for (int i = 0; i < allowedIpAddress.length(); i++) {
if (cadTempo.indexOf(",") != -1) {
//vect.add(cadTempo.substring(0, cadTempo.indexOf(",") - 1));
vect.add(cadTempo.substring(0, cadTempo.indexOf(",")));
cadTempo =
cadTempo.substring(cadTempo.indexOf(",") + 1, cadTempo.length());
LOGGER.log(Level.INFO,
"AQUI111");
} else {
if (!cadTempo.equalsIgnoreCase("")) {
vect.add(cadTempo);
LOGGER.log(Level.INFO,
"AQUI222");
break;
for(int i=0;i<vect.size();i++){
String temp = (String)vect.get(i);
if (temp.equals(msgCtxt.getRemoteAddr()) &&
_MethodName.equals(protectedServiceMethodName)) {
LOGGER.log(Level.INFO,
"AQUI333");
result.setStatus(IResult.SUCCEEDED);
break;
} else {
msgCtxt.getInvocationStatus().setAuthorizationStatus(InvocationStatus.FAILED);
LOGGER.log(Level.INFO,
"AQUI444");
/*if(allowedIpAddress!=null){
result.setStatus(IResult.SUCCEEDED);
/*if (allowedIpAddress.equals(msgCtxt.getRemoteAddr()) &&
_MethodName.equals(protectedServiceMethodName)) {
result.setStatus(IResult.SUCCEEDED);
} else {
msgCtxt.getInvocationStatus().setAuthorizationStatus(InvocationStatus.FAILED);
// Set the result to SUCCESS
//result.setStatus(IResult.SUCCEEDED);
return result;
public String getIpAddress() {
return allowedIpAddress;
public void setIpAddress(String IpAddress) {
this.allowedIpAddress = IpAddress;
LOGGER.log(Level.INFO, "IP Address is.. " + allowedIpAddress);
public String getServiceMethodName() {
return protectedServiceMethodName;
public void setServiceMethodName(String serviceMethodName) {
this.protectedServiceMethodName = serviceMethodName;
public String getRoleName() {
return allowedRoleName;
public void setRoleName(String roleName) {
this.allowedRoleName = roleName;
And the xml:
<csw:StepTemplate xmlns:csw="http://schemas.confluentsw.com/ws/2004/07/policy"
name="Custom authenticate step" package="project1"
timestamp="Oct 31, 2005 05:00:00 PM" version="1"
id="0102030405">
<csw:Description>Custom step that authenticates the user against the
credentials entered here. This step requires Extract
credentials to be present before it in the request pipeline.</csw:Description>
<csw:Implementation>project1.CustomPolicy</csw:Implementation>
<csw:PropertyDefinitions>
<csw:PropertyDefinitionSet name="Basic Properties">
<csw:PropertyDefinition name="Enabled" type="boolean">
<csw:Description>If set to true, this step is enabled</csw:Description>
<csw:DefaultValue>
<csw:Absolute>true</csw:Absolute>
</csw:DefaultValue>
</csw:PropertyDefinition>
</csw:PropertyDefinitionSet>
<csw:PropertyDefinitionSet name="Custom Access Rules">
<csw:PropertyDefinition name="IpAddress" type="string" isRequired="true">
<csw:DisplayName>IpAddress</csw:DisplayName>
<csw:Description>IP Address that is allowed access</csw:Description>
<csw:DefaultValue>
<csw:Absolute>192.168.0.1</csw:Absolute>
</csw:DefaultValue>
</csw:PropertyDefinition>
<csw:PropertyDefinition name="ServiceMethodName" type="string"
isRequired="true">
<csw:DisplayName>ServiceMethodName</csw:DisplayName>
<csw:Description>Service Method Name that is Protected (Secured)</csw:Description>
<csw:DefaultValue>
<csw:Absolute>getTime</csw:Absolute>
</csw:DefaultValue>
</csw:PropertyDefinition>
</csw:PropertyDefinitionSet>
</csw:PropertyDefinitions>
</csw:StepTemplate>
Please any tip or idea is welcome, thanks in advance for the help.
Carlos.Hi again
copied your code for testing. And it works fine.
So both the code and policy-step definition is fine, log output below.
What is your log output?
Using soapui to send the request will give the ip of my localhost, using the test client will give the ip of the server, because that is the actual client.
I guess the server ip is 192.168.0.1 in your case, as you are testing from test console.
<b>anyway, results from SOAPUI:</b>
2009-05-19 09:52:15,096 FINE [HTTPThreadGroup-4] CSWComponent - Executing policy step. Policy='SID0003004', Step Name='Custom Policy Step', Step Class='com.*.soa.wsm.CustomPolicy'
2009-05-19 09:52:15,096 FINER [HTTPThreadGroup-4] wsm.CustomPolicy - com.*.soa.wsm.CustomPolicy execute:ENTERING
2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - Processing stage is Request
2009-05-19 09:52:15,096 SEVERE [HTTPThreadGroup-4] wsm.CustomPolicy - Dir IP:hostname.domain:8890
2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - ADDRhostname.domain:8890HOST10.47.89.116
2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - MethodName=getHostNameElement
2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - Writing Allowed IP Addr before creating SOAP header 10.47.89.116, 192.168.0.1
2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - Writing Remote IP Addr before creating SOAP header 10.47.89.116
2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI111
2009-05-19 09:52:15,096 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI222
2009-05-19 09:52:15,097 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI333
2009-05-19 09:52:15,097 FINER [HTTPThreadGroup-4] agent.Agent - com.cfluent.agent.Agent intercept:ENTERING
<b>But if I use the test client the remote IP would be 10.47.137.50 and execution fails, as code is written</b>
<i>
2009-05-19 09:54:12,266 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - Writing Allowed IP Addr before creating SOAP header 10.47.89.116, 192.168.0.1
2009-05-19 09:54:12,266 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - Writing Remote IP Addr before creating SOAP header 10.47.137.50
2009-05-19 09:54:12,267 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI111
2009-05-19 09:54:12,267 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI222
2009-05-19 09:54:12,267 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI444
2009-05-19 09:54:12,267 INFO [HTTPThreadGroup-4] wsm.CustomPolicy - AQUI444
2009-05-19 09:54:12,267 FINE [HTTPThreadGroup-4] CSWComponent - Step execution failed: Policy=[SID0003004] Pipeline=[Request] Step Name=[Custom Policy Step] Step Class=[com.tandberg.soa.wsm.CustomPolicy]
2009-05-19 09:54:12,267 FINER [HTTPThreadGroup-4] common.PrepareForServiceStep - Step PrepareForServiceStep called
</i> -
Duplicate Client IP Address Matching Teamed Adapter on Server
I am experiencing a problem with a client's WLAN and client IP address conflicts.
Basically every wireless client reports a problem that it is having an IP Address conflict with another device on the network (wired).
The device in mention is a Dell Server with Teamed network cards. They have three of them and clients are reporting conflicts with all three.
On investigating further there is no address conflict as the "Teamed Adapter" has a completly different network address (static) and the wireless clients are using the internal WLC DHCP server in a different range. (although it is all one flat network).
The clients report that there is an address conflict, the MAc that it gives is the Teamed Server but the IP address is only its own and not on the Teamed Adapter.
Has anyone seen this before or had a problem with "Teamed Adapters" on servers.
Our environment is:
WLC 4402-50 running 5.2.178
Flat Network.
ThanksHi Roman,
thanks for your reply.
Basically what i have found is that it Servers running Microsoft Windows 2003 or Windows 2000, that have teamed NICs using Broadcom Advanced Server Programs (BASP) in an active/active team, respond to other server's gratuitous ARP packet with an incorrect IP address. The Microsoft Windows server will respond to the other server sending the gratuitous ARP, with the Microsoft Windows server team MAC address, but with the other server's IP address in the sender field of the packet. This causes the other system to respond as if there is a duplicate IP on the network.
Fix is to upgrade to BASP driver version 6.2.32, or newer. This version of the BASP driver was first included with the Broadcom NetXtreme Gigabit Ethernet Software.
An upgrade of the drivers apprently will fix this issue althouh i have tried it on 3 servers with this ocnfiguration and it fixed it for two of them.
The work around is to disable the active/active NIC team and use an active/standby team instead.
Someone else on this forum must of come across this before i am sure?
Anyway if it does resolve the issue i will post it back here so that anyone else in the future with this problem has a resolution!!
thanks -
Changed source address based on destination IP
Hello,
Suppose I had the following configuration in an IOS router
interface <interface type/number>
ip address 1.1.1.3 255.255.255.0 secondary
ip address 1.1.1.2 255.255.255.0
ip route 0.0.0.0 0.0.0.0 1.1.1.1
access-list standard INTERNET_BOUND_ACL
permit <lan subnet-id> <lan wildcard>
ip nat inside source list INTERNET_BOUND_ACL interface <interface type/number> overload
I need to change the source inside global IP address based on the destination outside global IP address.
Example: I need our source IP to be 1.1.1.3 when I ping 8.8.8.8
How would i accomplish this?Hi,
You would need to use two NAT pools and two different ACLs to separate your internal clients depending on the destination they want to communicate with, and to subsequently NAT them using a selected NAT pool. For example:
ip access-list extended NAT_2
permit ip <LAN Network> <Wildcard> <DestinationX> <WildcardX>
ip access-list extended NAT_3
permit ip <LAN Network> <Wildcard> <DestinationY> <WildcardY>
ip nat pool NATPOOL_2 1.1.1.2 1.1.1.2 netmask 255.255.255.0
ip nat pool NATPOOL_3 1.1.1.3 1.1.1.3 netmask 255.255.255.0
ip nat inside source list NAT_2 pool NATPOOL_2 overload
ip nat inside source list NAT_3 pool NATPOOL_3 overload
Exactly one of the ACLs should actually contain an entry saying
permit ip <LAN Network> <Wildcard> any
to make sure that the internal network gets translated to some of the two public addresses even if itt does not communicate with any specific destination IP.
Do you believe this could be a workable solution for you?
Best regards,
Peter -
Hello everybody, I'm a student new with java, I'm developing a little server application - running standalone, and I'm trying to get the client Ip address, have a look on my code snippet:
InetAddress fromcli;
while(true){
welcomeSKT.accept()
fromcli = welcomeSKT.getInetAddress();
System.out.println("The client Ip Address is: " + fromcli.getHostAddress() + '\n');
The sysout println returns the 0.0.0.0 that is the server address, mapped to more than one interface eg:(loopback and eth0) - But if with the getInetAddress() method I get the server address where is the difference with the getLocalHost()? - By the way, anyone has a suggestion to print out the client remote address.
Thank you in advance....
Jeppojeps
Edited by: jeppojeps on Mar 24, 2008 3:36 AMOh, sorry of course welcomeSKT is a ServerSocket, actually the snippet that I put is a part of the code, here below I put the complete program, in order to clarify my question, however I would like to know if it's possible to understand from the server side the client IP address, and if yes how...
Thank you in advance...
* THIS simple TCP server receives some numbers in input by the client and give back the sum - actually the exceptions are managed in a uncomplete way....but this is my first java program...be patient with me...
* @jeppojeps
* @0.1
import java.io.*;
import java.net.*;
public class ServerTCP
// instance variables - replace the example below with your own
public static void main(String[] args) throws Exception
String clientSentence;
String capitalized;
InetAddress fromcli;
String clientIp;
String portIp;
int z=0;
int port=0;
if (args.length == 0 ){
System.out.println("Usage: ServerTCP lport" + '\n');
System.exit(-1);
else
port = Integer.parseInt(args[0]);
if(port <= 1024) {
System.out.println("Remember dude, only root can use a portnumber < 1024" + '\n');
else{
ServerSocket welcomeSKT = new ServerSocket(port);
System.out.println("Server instance started:" + '\n');
while(true){
Socket connectionSocket = welcomeSKT.accept();
BufferedReader InfromClient = new BufferedReader (new
InputStreamReader(connectionSocket.getInputStream()));
DataOutputStream outToClient =
new DataOutputStream(connectionSocket.getOutputStream());
outToClient.writeBytes("Hello give me some numbers and I'll give you the sum" + '\n');
fromcli = welcomeSKT.getInetAddress();
System.out.println("The client Ip Address is: " + fromcli.getHostAddress() + '\n');
clientSentence = InfromClient.readLine();
for(int i = 0 ; i < clientSentence.length() ; i++) {
try {
Character c = new Character(clientSentence.charAt(i));
capitalized = c.toString();
int x = Integer.parseInt(capitalized);
System.out.println("Number digited from the client: " + x + '\n');
z+=x;
catch(NumberFormatException nfe) {
System.out.println("Text: " + clientSentence.charAt(i));
capitalized = Integer.toString(z);
outToClient.writeBytes("The sum of the given number is: " + capitalized + '\n');
welcomeSKT.close();
} -
Reading the client IP address in RESTfull web service
Is it possible to read the IP address of the client accessing a RESTfull webservice built in LV? For example, one might want to identify users from local IP addresses and output different information.
CLD (2014)
Solved!
Go to Solution.InfiniteNothing,
Allright, I think I've found somthing.
Among the Web Wervices VIs, there is a VI called Read Request Variable. One of the variables that you can read is Remote Address and I think this will give you the IP Address. To use these VIs you'll have to use the streaming method of getting data instead of reading terminals (as the example does).
I hope this helps!
Ben Sisney
FlexRIO V&V Engineer
National Instruments -
Apple wireless clients authenticated but show no username in WLC
Running 7.0.220. There are several 'unknown' users every day reported in WCS. Investigating the connections on the WLC I find the clients are in a run state and passing traffic but there is no username listed on the client detail. (hence the unknown on WCS)
(mcm-189jsoc-wlc1) >show client detail 60:c5:47:07:b6:5a
Client MAC Address............................... 60:c5:47:07:b6:5a
Client Username ................................. N/A
AP MAC Address................................... 00:1e:13:42:16:a0
AP Name.......................................... mcm-208dorm-wap1
Client State..................................... Associated
Client NAC OOB State............................. Access
Wireless LAN Id.................................. 1
BSSID............................................ 00:1e:13:42:16:a0
Connected For ................................... 599 secs
Channel.......................................... 11
Clients in this state are usually Apple products. From initial investigation it looks like the do authenticate with the ACS.
Any ideas for debugs to run, or fixes on the WLC? Perhaps there's a bug on this behavior?
Thanks
Kyle MorrisonKyle:
I suppose you are using PEAP or some EAP that utilizes TLS tunnel.
The username that appears is what cold "outer identity" username. This is sent to the AAA server outside the TLS channel and need not to be the correct username although it can be the same. So I think with macBooks the outer identity is empty. But I don't remember if it appears on the WLC as unknown.
For ipad I can see my username explicitly appearing on my WLC which means the outer identity is same asthe correct username.
What mac devices that you use?
You need no debugs. Wireless packet capture while the client is trying to authenticate should be enough to show what outer identity is used.
HTH
Amjad
p.s: with windows it depends on the supplicant software if an outer identity can be configured or not.
Sent from Cisco Technical Support iPad App -
OS X 10.4 VPN: no response to L2TP client?
OS X 10.4 VPN: no response to L2TP client?
Hi. I have an OS X Server 10.4.7. I've set it up as a VPN server using L2TP with a shared IPSec secret. The server is behind a D-Link DI-808HV router. The router has IPSec passthrough enabled, and I have UDP ports 500, 1701, and 4500 open.
When I try to connect with an OS X Tiger client, I get a "Connecting to VPN Server" message for a while, then "Server did not respond." In the VPN server log, there is no sign that anything occurred - no log entries at all for the attempted connection.
Where else should I look to troubleshoot this?
I've tried PPTP, which at least makes a connection but the fails at the negotiation with the error "Wed Sep 13 13:50:28 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xe9f24d50> <pcomp> <accomp>]" in the log.
Thanks
DavidHi Leif -
In my case, strictly for pptp, I am able to connect, and get assigned an ip number, but the authentication always fails. The log looks like this:
2006-09-14 23:29:04 PDT Incoming call... Address given to client = 192.168.0.251
Thu Sep 14 23:29:04 2006 : Directory Services Authentication plugin initialized
Thu Sep 14 23:29:04 2006 : Directory Services Authorization plugin initialized
Thu Sep 14 23:29:04 2006 : PPTP incoming call in progress from '71.204.113.243'...
Thu Sep 14 23:29:05 2006 : PPTP connection established.
Thu Sep 14 23:29:05 2006 : using link 0
Thu Sep 14 23:29:05 2006 : Using interface ppp0
Thu Sep 14 23:29:05 2006 : Connect: ppp0 <--> socket[34:17]
Thu Sep 14 23:29:05 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x45a3b82e> <pcomp> <accomp>]
Thu Sep 14 23:29:08 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x45a3b82e> <pcomp> <accomp>]
Thu Sep 14 23:29:11 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x45a3b82e> <pcomp> <accomp>]
Thu Sep 14 23:29:14 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x45a3b82e> <pcomp> <accomp>]
Thu Sep 14 23:29:17 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x45a3b82e> <pcomp> <accomp>]
Thu Sep 14 23:29:20 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x45a3b82e> <pcomp> <accomp>]
Thu Sep 14 23:29:23 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x45a3b82e> <pcomp> <accomp>]
Thu Sep 14 23:29:26 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x45a3b82e> <pcomp> <accomp>]
Thu Sep 14 23:29:29 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x45a3b82e> <pcomp> <accomp>]
Thu Sep 14 23:29:32 2006 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x45a3b82e> <pcomp> <accomp>]
Thu Sep 14 23:29:35 2006 : LCP: timeout sending Config-Requests
Thu Sep 14 23:29:35 2006 : Connection terminated.
Thu Sep 14 23:29:35 2006 : PPTP disconnecting...
Thu Sep 14 23:29:35 2006 : PPTP disconnected
2006-09-14 23:29:35 PDT --> Client with address = 192.168.0.251 has hungup
I have done almost everything I know to do - The mac is behind a netgear router, and is set up as the "DMZ". I can access file sharing, ARD, Web Services, FTP directly to the server fine, and have set this type of configuration up several times with no problems.
The only difference here is that this is the first time I have set up OSX Server 10.4.7 on an Intel Mac.
Any ideas you have would be appreciated as I have spent countless hours changing settings - from standalone server, to OD Master, etc. - to try to eliminate that error.
Thanks - Bob
Mac Mini 1.66ghz Mac OS X (10.4.7) Universal 10.4.7 OSX Server -
Capture Client IP address in Oracle Portal
Hi,
I just thought to post the solution I figured out which I can't find anywhere.
The instructions should allow you to add the dynamic page portlet to a page to see the client ip address:
1. Login to Portal as an admin.
2. Click on the Navigator link.
3. Create a new page group.
4. Create a new page within the page group.
5. In the page region, click on the add portlet icon.
6. In the Available Portlets, click on Portlet Builders > Additional Portlet Builders > Dynamic Page Portlet
7. This will place the Dynamic Page Portlet on the page. You can then click on Define to customize the dynamic page.
8. In the HTML section of the dyamic page portlet wizard (after clicking define and giving it a name), enter code like the following:
<HTML>
<HEAD>
<TITLE>Welcome User</TITLE>
</HEAD>
<BODY>
<ORACLE>DECLARE
l_curr_cgi_ip varchar2(30) := owa_util.get_cgi_env('remote_addr') ;
l_curr_ip varchar2(30) := portal.wwctx_api.get_ip_address;
BEGIN
htp.p('<H3>OWA_UTIL.GET_CGI_ENV returns =>' || l_curr_cgi_ip || '</H3>');
htp.p('<H3>WWCTX_API.GET_IP_ADDRESS returns =>' || l_curr_ip || '</H3>');
END;
</ORACLE>
</BODY>
</HTML>
9. Finish the wizard (you can take defaults).
10. Display the page. The portlet should have the information.
==========
Otherwise you can create a dynamic page under a provider:
1. Login to Portal as an admin.
2. Click on the Navigator link.
3. Click on the Provider tab.
4. Click on Locally Built Providers.
5. Click on Example Application db provider (this is a sample).
6. Once you click on the Example Application, it will list some of the default forms, reports, etc... At the top, there is the following:
Create New... Create New...Form, Create New...Report, Create New...Chart, Create New...Calendar, Create New...Dynamic Page, Create New...XML Component, Create New...Hierarchy, Create New...Menu, Create New...URL, Create New...Frame Driver, Create New...Link, Create New...List of Values, Create New...Data Component
Click on dynamic page.
7. Give it a name and click next.
8. Replace the sample HTML with:
<HTML>
<HEAD>
<TITLE>Welcome User</TITLE>
</HEAD>
<BODY>
<ORACLE>DECLARE
l_curr_cgi_ip varchar2(30) := owa_util.get_cgi_env('remote_addr') ;
l_curr_ip varchar2(30) := portal.wwctx_api.get_ip_address;
BEGIN
htp.p('<H3>OWA_UTIL.GET_CGI_ENV returns =>' || l_curr_cgi_ip || '</H3>');
htp.p('<H3>WWCTX_API.GET_IP_ADDRESS returns =>' || l_curr_ip || '</H3>');
END;
</ORACLE>
</BODY>
</HTML>
9. Finish the wizard. This should show the portlet and the value. You can then add this portlet to a page.
Note: portal.wwctx_api.get_ip_address will fetch your read client IP address.
If the page you uses a UI template, you might get Error WWC-50003 When Clicking On The Portlet Define Link
Then you have to add #PAGE.BASE# in the <HEAD> of the template and you can define the dynamic page portlet.
It is tricky to pass the IP address inside the code, I solved the issue with the help of JavaScript.
<HTML>
<HEAD>
<TITLE>Welcome User</TITLE>
</HEAD>
<BODY>
<ORACLE>
DECLARE
l_curr_ip varchar2(30) := portal.wwctx_api.get_ip_address;
BEGIN
htp.p('<script type="text/javascript">');
htp.p('ipClient(''' || l_curr_ip || ''');');
htp.p('</script>');
END;
</ORACLE>
</BODY>
</HTML>
I delared a hidden variable in the portlet I need the IP address & have set that value i the javascript function which I call in between <oracle></oracle>
function ipClient(ipAddr){
document.getElementById('clientIP').value = ipAddr;
Once I set the variable I can easily get it any where.
Hope this helps to solve your issue.
Thanks,
Sowji.You could have found it here:
http://www.morganslibrary.org/reference/owa_util.html
and another solution here:
http://www.morganslibrary.org/reference/sys_context.html
Both part of the library at:
http://www.morganslibrary.org/library.html
you might want to bookmark the page.
Maybe you are looking for
-
How to send the jsp page with the data as attachment
hi my application is to display all the datas from the database.In the same page. i'm having a option to select mail address from the combo box and to send the page with the same format thru mail as an attachment . <% String from="192.168.10.1";
-
Problem with interpretation of Expression Language
Hi everyone, I have installed the JSTL 1.1 runned by Tomcat 5x. But in the HTML code produced, I still have : ${var} whereas it should be interpreted ? I don't understand ... Thanks for your help. David
-
Windows 7 Home Premium, Dell XPS desktop. First problems with AI in a LONG time. Used to be able to go to the control panel for programs and "repair" the installation, now can only un-install. This file is originally from a previous version of AI,
-
Auto Settlement rule creation problem at the time of PM order release
In SPRO, for order type GEN, already customization available as "Madatory for Release" for order type. But still automatically settlement rule is not being created in IW31/IW32 at the time of release. If I go to Settlement rule in GO TO option-Settle
-
Esql conversion from Ingres 6.4 to Oracle
When I downloaded the ESQL Conversion toolkit, the readme indicates that there should be 17 files. There are only 4 files in the tar that I am getting. Can anyone provide insight?