Problems w/ VPN Server & Cisco VPN Client on same machine
I really wish that I read about how the developer of the program iVPN no longer supports his work BEFORE I paid for it. It's a great, simple, GUI frontend to the existing Leopard VPN server built in to regular (non-server) OSX...
Anyway, on my Mac that stays @ home:
(1) - I have the iVPN server set up & running to allow me to connect (from my iphone or another computer on the road) to my Mac @ home using L2TP.
(2) - When I'm @ home and need to connect to my company's network, I need to use the Cisco VPN Client (which uses IPSec etc).
So, I found out that when I need to use my Mac to connect to work, I first have to open up the iVPN server to click "Stop Server" (which has me enter my password twice sometimes). Now I close iVPN until I'm done, then open up Activity Monitor for the purpose of finding the still-running process "racoon". I realized this not because it's published info, but because if I don't do this, and try to connect to work using the Cisco VPN Client, it simply will not connect. So, I quit the process "racoon" (which also has me enter my password because it's running as root yada yada). NOW, I can load Cisco VPN Client and successfully connect to my company's network. When I'm finished here, I disconnect the C.V.C., then reopen iVPN Server and restart my server (enter password again).
Is there any way I can make the process "racoon" quit automatically when I turn off the iVPN server? I'd email the developer but I guess that's a lost cause now. It's a shame because he did a fabulous job making iVPN & gave the less computer-networking-literate-user the ability to create their own VPN server without using Terminal.
I thought about the possibility of using iVPN to create a PPTP connection instead of L2TP - thinking that would allow me to keep my iVPN PPTP server running at all times, even when I wanted to use the CVC to connect OUT to work - but:
(1) - I would like the increased security of L2TP.
(2) - When I tried running a PPTP server, and connecting to it from iPhone or other computer, I was NOT able to access the other devices on my network, or the internet. I couldn't even open up a webpage to check whatismyip.com (while sending all traffic over VPN). And yes, the IP Address Range that I have iVPN handing out is within my normal home network's range.
My end goal for all of this when using my Mac is to be able to leave my iVPN server running at all times, while still being able to run the Cisco VPN CLIENT to connect to my company's network.
Or, at least not having to open up Activity Monitor to quit the process racoon... let alone having to enter my password 3 times after opening up iVPN, again to stop the server, again to quit the process racoon. Then a forth when I'm all done and need to start the iVPN server again.
Am I going about this the wrong way? Is there an easier way to accomplish these secure connections? There is a slight possibility of me upgrading and running a dedicated Mac Mini server of some sort perhaps with the real OSX Server. But not right now. I think I'm over complicating this. I mean, my needs are pretty simple:
(1) - Need to connect TO my Mac from IPhone / someone else's Mac or PC for: VNC over SSH, SSH/SFTP file level access, in the future shared network volumes (time capsule). I'd use Back To My Mac for all of this but I don't always connect FROM a Mac.
(2) - Need to connect FROM my Mac to work VPN for: VNC to my work PC to access our company's Windows-only program (dual booting into boot camp or using a virtual machine is out of the question), using Mocha for AS400 access, thinking about using file sharing on work PC but not needed so far.
So it's really just VNC and sometimes SFTP. The "S" being important to me. That's why I don't like the idea of doing away with my iVPN server and just forwarding the outside ports. I use the Vine VNC Server which when checked, only allows access over SSH. The only other remote-logins are used from my iphone using an app called BriefCase (SSH to browse files on remote machine), or using an SFTP client on a computer.
Thank you for reading all of this, and in advance for any insight you can offer.
If the two servers need the same ports, then hosting two different VPN packages on the same box usually won't work.
A firewall-based VPN service can be an option; that external box can deal with NAT and routing and other such and can field incoming or LAN-to-LAN VPNs, and your internal Mac boxes located "behind" that box can be free to initiate outbound VPNs.
Similar Messages
-
X64 Server and x32 Client on Same Machine
I have a 32-bit application I need to run on 64-bit machine (Windows). The application crashes as it can't load the 64-bit oci.dll.
Would I be able to install the 32-bit Oracle client on this machine to get this application to work?
Note that the client will be on the same machine as the server.According to certification matrix (metalink) 32bit clients (9.2 and higher) are supported on 64bit servers. Of course in their own ORACLE_HOME.
Werner -
Installation of different versions of GUI clients on same machine
Hi All,
Is there any document about how to install different versions of MDM GUI clients on same Machine.
we have different version of MDM server in Sandbox and Developement environment. I know we can install different versions of GUI Clients by specifying different locations. But i am looking for some standard document / SAP note. Please if anyone has this information, it will be very helpful.
Thanks and Regards,
ShivHi Shiv,
You can find this information regarding different Version of GUI Clients on same machine from Standard SAP Installation Guide on Page 51
5.1 Maintaining Multiple Versions of MDM it tells that you can install multiple versions of MDM 5.5 on one host and switch between the versions.This may be useful, for example, when updating the patch level.
Please refer to SAP Installtion guide,
https://websmp201.sap-ag.de/~sapidb/011000358700001119842007E
Also Check SAP Note: 1283687
Best Regards,
Mandeep Saini -
Unable to start weblogic server using another user of same machine
Hi,
I have installed weblogic using my credentials.I am able to start it properly with my credentials.
I am getting error while starting weblogic server from another user of same machine having same admin rights.
It shows following details while starting server and process stops:
<22-Dec-2011 06:15:02 o'clock GMT> <Info> <Security> <BEA-090905> <Disabling C
ptoJ JCE Provider self-integrity check for better startup performance. To enable
this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true
>
<22-Dec-2011 06:15:02 o'clock GMT> <Info> <Security> <BEA-090906> <Changing th
default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To
enable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
Please advice.
Thanks and Regards:
PriyaCan you check the server log file for more details. The server log file is located in the <domain-home>/servers/<server-name>/logs directory.
There probably something wrong with the log rotation or something similar. Usually when certain files that are created during runtime belong
to a certain user, other users do not have rights or they must belong to the same group.
Also note that the messages are only info messages and are not really the cause. -
I am wanting to replace a 2003 (not R2) File Server with a 2012R2 file server and preferably keep the same machine name and IP when finished. For the moment I just need some "high level" guidance, little details can be worked out once I know
which direction I will go. I was considering that DFS might be a way to help get through the process although when finished the 2012R2 Files server will be by itself with no other file server planned at this time. DFS can stay installed for maybe
future purposes but clearly I wouldn't need the DFS Replication with only one machine.
Here's a few details of the environment....
1. DC's are 2012R2 but it is still 2003 DFL because the old 2003 DCs are still present. But likely they will be gone and the DFL elevated before I start on the File Server project
2. Nearly all machines in the facility have a shortcut on the "All Users" Desktop that points to the existing old File Server. Editing or replacing that shortcut would be a major pain,...hence why I want to keep the same machine name at least,
and maybe the same IP if not too much trouble. This way the existing shortcut would continue to work with the new 2012R2 File Server. The UNC path represented in that shortcut is also configured into one or more of our major business applications,
futher emphasizing the need to keep the UNC path the same throughout the process.
3. The facility runs 24/7/365 but is "light" on weekends. The political environment is such that there is little to no tolerance for any down time at all.
4. Would DFS (based from the 2012R2 machine) be a good tool to get where I need to go?
Thanks for any suggestions.
Phillip WindellHi Sharon,
I've done some more reading and have a few new ideas to run past you....
Yes regular DFS wouldn't help and the Namespace would still be different than how it was with just the old server. However I was thinking DFS Replication could replace the purpose of RoboCopy and it would keep the two locations "in sync" until I was ready
to flip over to the new server. DFS Rep can exist independently of a DFS Namespace, so a Namespace is not even needed. It needs a minimum of 2003R2 for the "later & better" DFS Rep but I believe 2003 can do an "in place" upgrade to 2003R2, so I would upgrade
the old server to 2003R2 first. As long as the DFS Rep on 2012R2 and 2003R2 will properly interact I think that will work.
Thanks for the reg info on the Shares. I'm debating if editing that would reg file would really be much better than manually creating the Shares on the new server while the DFS Replication was doing its job. I'll probably export that Key as a
safety move whether I use it or not.
Once the DFS Rep is fully in sync and the Shares are in place on the new server, I figure I would then:
1. Remove the DFS Replication Object (optionally remove DFS Services completely)
2. Rename the old File Server to something else and set it to DHCP
3. Rename the new File Server to the name I want to use and give it the IP the old server had.
How does that sound?
Phillip Windell -
Configure VPN Server Cisco 877W
Hello!
I need to implement VPN Server on a Cisco 877W.
The idea is as follows:
Access the network from anywhere using the Cisco VPN Client;
The router need receive a minimum 5 simultaneous connections;
Each User would have a login and password;
Cisco 877W (System image file is "flash: C870-advipservicesk9-mz.150-1.M10.bin")
Following script:
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service sequence-numbers
hostname VPN
boot-start-marker
boot-end-marker
logging buffered 10240
enable secret PASS@PASS
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
clock timezone BR -3
dot11 syslog
dot11 ssid ACESSO01
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii PASS@PASS
no ip source-route
ip dhcp pool ODIM
import all
network 192.168.100.224 255.255.255.224
default-router 192.168.100.254
dns-server 10.151.176.80 201.10.120.3 10.151.176.79 201.10.1.2
update arp
ip cef
no ip bootp server
no ip domain lookup
ip domain name local
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall cuseeme
ip inspect name firewall h323
ip inspect name firewall rcmd
ip inspect name firewall realaudio
ip inspect name firewall streamworks
ip inspect name firewall vdolive
ip inspect name firewall sqlnet
ip inspect name firewall tftp
ip inspect name firewall ftp
ip inspect name firewall icmp
ip inspect name firewall sip
ip inspect name firewall esmtp max-data 52428800
ip inspect name firewall fragment maximum 256 timeout 1
ip inspect name firewall netshow
ip inspect name firewall rtsp
ip inspect name firewall pptp
ip inspect name firewall skinny
no ipv6 cef
multilink bundle-name authenticated
archive
path flash:config
write-memory
file verify auto
username suporte privilege 15 secret 5 $1$WdPL$PHwugOutS3fztS8hBUl9g0
ip tcp timestamp
ip ssh version 2
bridge irb
interface ATM0
description #### A D S L - INTERNET ####
no ip address
no ip proxy-arp
load-interval 30
no atm ilmi-keepalive
interface ATM0.1 point-to-point
description #### A D S L - INTERNET ####
pvc 0/35
pppoe-client dial-pool-number 1
interface FastEthernet0
description #### I N T R A N E T ####
switchport trunk native vlan 100
switchport mode trunk
load-interval 30
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface Dot11Radio0
no ip address
no ip proxy-arp
load-interval 30
encryption mode ciphers aes-ccm tkip
ssid ACESSO01
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
station-role root
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Vlan1
description #### ETH`S ####
no ip address
no ip proxy-arp
load-interval 30
bridge-group 1
bridge-group 1 spanning-disabled
interface Vlan100
description #### I N T R A N E T ####
ip address dhcp
no ip proxy-arp
ip nat outside
ip virtual-reassembly
interface Dialer0
description #### I N T E R N E T ####
ip address negotiated
ip access-group Traffic-Permit-IN in
no ip redirects
no ip unreachables
ip mtu 1492
ip nat outside
ip inspect firewall out
ip virtual-reassembly
rate-limit input access-group 100 16000 8000 8000 conform-action transmit exceed-action drop
encapsulation ppp
load-interval 30
dialer pool 1
dialer-group 1
ppp authentication pap chap callin
ppp chap hostname user@user
ppp chap password pass@pass
ppp pap sent-username user@user password pass@pass
ppp ipcp dns request
ppp ipcp wins request
ppp ipcp route default
no cdp enable
interface BVI1
description #### BRIDGE Vlan1/Dot11Radio0 ####
ip address 192.168.100.254 255.255.255.224
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
ip policy route-map PBR
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source route-map ADSL interface Dialer0 overload
ip nat inside source route-map INTRANET interface Vlan100 overload
ip route 0.0.0.0 0.0.0.0 Dialer0 name ADSL
ip route 0.0.0.0 0.0.0.0 10.48.50.1 name INTRANET
ip access-list extended ADSL
deny ip any 10.0.0.0 0.255.255.255
permit ip any any
deny ip any host 192.168.100.255
deny udp any any eq tftp log
deny ip any 0.0.0.0 0.255.255.255 log
deny ip any 127.0.0.0 0.255.255.255 log
deny ip any 169.254.0.0 0.0.255.255 log
deny ip any 172.16.0.0 0.15.255.255 log
deny ip any 192.0.2.0 0.0.0.255 log
deny ip any 192.168.0.0 0.0.255.255 log
deny ip any 198.18.0.0 0.1.255.255 log
deny udp any any eq 135 log
deny tcp any any eq 135 log
deny udp any any eq netbios-ns log
deny udp any any eq netbios-dgm log
deny tcp any any eq 445 log
deny ip any any log
ip access-list extended INTRANET
permit ip any 10.0.0.0 0.255.255.255
deny ip any any
deny ip any host 10.48.50.255
deny udp any any eq tftp log
deny ip any 0.0.0.0 0.255.255.255 log
deny ip any 10.0.0.0 0.255.255.255 log
deny ip any 127.0.0.0 0.255.255.255 log
deny ip any 169.254.0.0 0.0.255.255 log
deny ip any 172.16.0.0 0.15.255.255 log
deny ip any 192.0.2.0 0.0.0.255 log
deny ip any 192.168.0.0 0.0.255.255 log
deny ip any 198.18.0.0 0.1.255.255 log
deny udp any any eq 135 log
deny tcp any any eq 135 log
deny udp any any eq netbios-ns log
deny udp any any eq netbios-dgm log
deny tcp any any eq 445 log
ip access-list extended Traffic-Permit-IN
deny ip 0.0.0.0 0.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 198.18.0.0 0.1.255.255 any
deny ip 224.0.0.0 0.15.255.255 any
deny ip any host 255.255.255.255
permit tcp any any eq 1723
permit gre any any
deny icmp any any echo
deny ip any any log
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any echo
access-list 110 permit ip 192.168.100.224 0.0.0.31 any
dialer-list 1 protocol ip permit
no cdp run
route-map ADSL permit 10
match ip address 110
match interface Dialer0
route-map INTRANET permit 10
match ip address 110
match interface Vlan100
route-map PBR permit 10
match ip address ADSL
set interface Dialer0
route-map PBR permit 20
match ip address INTRANET
set interface Vlan100
control-plane
bridge 1 route ip
line con 0
no modem enable
line aux 0
line vty 0 4
transport input telnet ssh
scheduler max-task-time 5000
endSome Help?
-
Can't access VPN server, only other clients
I am having trouble with my L2TP VPN. I can connect to the VPN server just fine and connect to any other IP address on the network over the VPN connection except the server I am connecting to. The server's address is 192.168.1.1 with a mask of 255.255.255.0. The bottom half of the subnet is reserved for local devices with the upper half dynamically assigned to VPN clients. How can I get my VPN clients talking to the server itself (I want to use Screen Sharing with the server over the VPN)?
The DNS server address was wrong (not 127.0.0.1 but 192.168.10.1) on the en1 interface. I changed that, but it didn't do anything immediately. I flushed DNS caches, double checked changip (which was okay), the name of the server... Then I restarted. And :
"ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
inet 192.168.10.101 --> 192.168.10.1 netmask 0xffffff00 "
(ifconfig from the client). Notice the change of the gateway. Before, it was the public IP, now it's the internal IP. Quite interesting, since I can now ping the server using this address and accessing its services through the VPN. I was very happy, the only thing that didn't work was the DNS. But I don't know whether it's good or not, and it seems to "change" : I tried to reconnect few minutes later and have been given again the public IP from the server as the gateway IP. Strange. I can't get it working again. I restarted again, flushed caches another time... I managed to get this config three times before the server returned to its previous settings.
Setting the gateway address of the client to 192.168.10.1 is maybe the key (I tried to force the change in the client network settings with no success). I'm going to read the logs and try to spot the differences between the two connections. I will then have to allow the server to answer to incoming DNS request, but, as you said, it's not so insecure...
Here are my firewall rules (Four keep-state rules, very general though) :
00001 allow udp from any 626 to any dst-port 626
00010 divert 8668 ip from any to any via en0
01000 allow ip from any to any via lo0
01030 deny log logamount 1000 ip from any to 127.0.0.0/8
01040 deny log logamount 1000 ip from 224.0.0.0/4 to any in
01050 deny log logamount 1000 tcp from any to 224.0.0.0/4 in
12300 allow tcp from any to any established
12301 allow tcp from any to any out
12302 allow tcp from any to any dst-port 22
12302 allow udp from any to any dst-port 22
*12303 allow udp from any to any out keep-state*
*12304 allow tcp from any to any dst-port 53 out keep-state* (DNS ?)
*12304 allow udp from any to any dst-port 53 out keep-state* (DNS ?)
12305 allow udp from any to any in frag
12306 allow tcp from any to any dst-port 311
12307 allow tcp from any to any dst-port 625
12308 allow icmp from any to any icmptypes 8
12309 allow icmp from any to any icmptypes 0
12310 allow igmp from any to any
*12311 allow udp from any to any in keep-state*
12312 allow icmp from any to any icmptypes 3,4,11,12
12313 allow icmp from any to any
12314 allow tcp from any to any dst-port 59850-59860
12314 allow udp from any to any dst-port 59850-59860
12315 allow tcp from any to any dst-port 25
12315 allow udp from any to any dst-port 25
12316 allow tcp from any to any dst-port 80
12317 allow tcp from any to any dst-port 143
12318 allow tcp from any to any dst-port 465
12319 allow tcp from any to any dst-port 587
12320 allow tcp from any to any dst-port 993
12321 allow tcp from any to any dst-port 443
12322 allow tcp from any to any dst-port 3283,5900
12322 allow udp from any to any dst-port 3283,5900
12323 allow tcp from any to any dst-port 5433
12324 allow tcp from any to any dst-port 5988,5989
12325 allow esp from any to any
12326 allow udp from any to any dst-port 1701
12327 allow udp from any to any dst-port 4500
12328 allow udp from any to any dst-port 500
12329 allow udp from any to any dst-port 5060
12330 allow tcp from any to any dst-port 20-21
12331 allow tcp from any to any dst-port 115
12332 allow tcp from any to any dst-port 53
12332 allow udp from any to any dst-port 53
12333 allow ip from 10.0.0.0/8 to any
12334 allow ip from 192.168.0.0/16 to any
65534 deny log logamount 1000 ip from any to any
65535 allow ip from any to any
I have 5 public IPs, and I can request my ISP to change PTR for me. But I think that this part is already okay (I made them change it two weeks ago to the name of the server for the primary interface). I will try to play a little with firewall rules, to see if it does something.
Thanks again for your help ! -
What is the way of changing 255.255.255.255 mask her client in vpn server to the 255.255.255.0 mask???
Hi............
Go to the other machine where you have made an optional server and open Server Tools.
Select License manager and click on configure security and then put SiteUser and pwd....
Once you enter you just go to other screen.
Put the SQL type and Type the SQL name in that Machine.
on next field put instance as sa and then its pwd and the click on add button.
This will appear your server into the list....
Regards,
Rahul -
SSTP problem on Windows Server 2008 r2, clients getting error 0x8007274C
PROBLEM: Clients keep getting error 0x8007274C when attempting to connect to the VPN server using SSTP.
SYMPTOMS:
- L2TP connections works great
--- L2TP connections generate RemoteAccess events in Event viewer, but none whatsoever for the failed SSTP attempts
- Client CANNOT ACCESS
https://vpn.mycompany.net/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}
- After several attempts to check and recheck RRAS Setup. Added IIS Role (much later) just to prove that cert is valid.
--- If server's RRAS service disabled, IIS enabled, client is able to browse to that VPN server, certificate checks out.
http://vpn.mycompany.net &
https://vpn.mycompany.net.
--- However, if RRAS service is running, IIS would not respond to either HTTP nor HTTPS traffic.
--- SSTP won't work whether or not WWW service is running.
- Port Scanner tests to the VPN Server reveals that port 80 & 443 are not open when RRAS service is running and IIS service stopped.
--- But, when RRAS service is stopped and IIS is running, port 80 & 443 responds.
--- Not sure whether 443 is [b]supposed to be open[/b] when only RRAS is running.
============================================================================
CLIENT:
============================================================================
- Vista SP1 (32-bit), Windows 7 (32-bit), Windows 7 x64 SP1
- CRL entry is resolvable
- vpn.mycompany.net certificate installed in Local Computer > Trusted Root CA
- SSTP Client connecting to FQDN vpn.mycompany.net
- Windows Firewall is DISABLED (for testing purposes)
- No Anti Virus nor Anti Malware protection running (for testing purposes)
- Can access other HTTPS sites
============================================================================
SERVER (Windows 2008 Svr r2; Roles: DNS, AD, RRAS):
============================================================================
- 2 NICS (1 bound to an internal IP, 1 bound to an external IP addr)
-- External NIC bound to a valid ISP IP Address, with a FQDN vpn.mycompany.net
- Windows Firewall Service on Server DISABLED
- No other device in front of the external IP addr NIC
- IPV6 on RRAS DISABLED
- NO RRAS Inbound/Outbound filter at all
- Windows Firewall Service disabled
- Using external Certificate Authority
- Certs bound to port 443 seem to match in registry key HKLM\...\SstpSvc\Parameters
It seems that the VPN server is simply not accepting the SSTP traffic. I don't think we've even gotten to certificate negotiation.
Been trying for a few days now, have consulted many SSTP online resources (MS and others) before posting.
Am stumped. Any help would be greatly appreciated.
============================================================================
SERVER CONFIGURATION CHECKLIST:
============================================================================
SERVICE_NAME: remoteaccess
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
============================================================================
SERVICE_NAME: sstpsvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
============================================================================
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 4
TCP 192.168.2.109:3268 192.168.2.116:45443 ESTABLISHED 500
TCP [::]:443 [::]:0 LISTENING
4
UDP 0.0.0.0:59443 *:*
1616
UDP 0.0.0.0:60443 *:*
1616
UDP 0.0.0.0:61443 *:*
1616
============================================================================
SSL Certificate bindings:
IP:port : 0.0.0.0:443
Certificate Hash : 4cbfd1fc43d4fea1cd9dce519a0c0901330a343d
Application ID : {ba195980-cd49-458b-9e23-c84ee0adcd75}
Certificate Store Name : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier :
Ctl Store Name :
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
IP:port : [::]:443
Certificate Hash : 4cbfd1fc43d4fea1cd9dce519a0c0901330a343d
Application ID : {ba195980-cd49-458b-9e23-c84ee0adcd75}
Certificate Store Name : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier :
Ctl Store Name :
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
============================================================================
Selected (some, not all) Info about Certificate bound to SSTP viewed through RRAS MMC:
Version: V3
Valid To: Thursday, August 30, 2012 6:59:59 PM
Subject:
CN = vpn.mycompany.net
OU = nsProtect Secure Xpress
OU = Domain Control Validated
Enhanced Key Usage:
Server Authentication (1.3.6.1.5.5.7.3.1)
Client Authentication (1.3.6.1.5.5.7.3.2)
CRL Distribution Points:
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=http://crl.netsolssl.com/NetworkSolutionsDVServerCA.crl
Thumbprint Algorithm: sha1
Thumbprint: 4c bf d1 fc 43 d4 fe a1 cd 9d ce 51 9a 0c 09 01 33 0a 34 3d
============================================================================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SstpSvc\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
73,00,73,00,74,00,70,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServerURI"="/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/"
"ListenerPort"=dword:00000000
"UseHttps"=dword:00000001
"SHA1CertificateHash"=hex:4c,bf,d1,fc,43,d4,fe,a1,cd,9d,ce,51,9a,0c,09,01,33,\
0a,34,3d
"isHashConfiguredByAdmin"=dword:00000001
"SHA256CertificateHash"=hex:ee,06,d8,78,2a,8c,95,d6,a1,40,d1,80,77,2c,e5,4c,f9,\
83,a1,e4,94,60,82,28,3d,56,49,82,44,bc,1e,a9
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SstpSvc\Parameters\ConfigStore]
"ListenerPort"=dword:000001bb
"UseHttps"=dword:00000001
"V4CertPlumbedBySstp"=dword:00000000
"V6CertPlumbedBySstp"=dword:00000000
============================================================================
SELECTED EVENT VIEWER ENTRIES AFTER RESTART OF RRAS + SUCCESSFUL ATTEMPT OF L2TP (BUT NO ENTRIES AT ALL FOR SSTP CONN ATTEMPTS):
Level Date and Time Source Event ID Task Category
Information 8/31/2011 11:36:42 AM Microsoft-Windows-Time-Service 37 None The time provider NtpClient is currently receiving valid time data from zeus.olympia.local (ntp.d|0.0.0.0:123->192.168.2.114:123).
Information 8/31/2011 11:35:22 AM RemoteAccess 20275 None CoID={075CE235-832C-45FE-BE27-8B41BC765125}: The user with ip address 192.168.2.145 has disconnected
Information 8/31/2011 11:35:22 AM RemoteAccess 20272 None CoID={075CE235-832C-45FE-BE27-8B41BC765125}: The user OLYMPIA\inul connected on port VPN2-15 on 8/31/2011 at 11:34 AM and disconnected on 8/31/2011 at 11:35 AM. The user
was active for 0 minutes 32 seconds. 17264 bytes were sent and 21956 bytes were received. The reason for disconnecting was user request. The tunnel used was WAN Miniport (L2TP). The quarantine state was 'not nap-capable'.
Information 8/31/2011 11:34:57 AM Microsoft-Windows-Iphlpsvc 4200 None Isatap interface isatap.{6E06F030-7526-11D2-BAF4-00600815A4BD} with address fe80::5efe:192.168.2.144 has been brought up.
Information 8/31/2011 11:34:51 AM Microsoft-Windows-UserPnp 20003 (7005) Driver Management has concluded the process to add Service tunnel for Device Instance ID ROOT\*ISATAP\0002 with the following status: 0.
Information 8/31/2011 11:34:50 AM RemoteAccess 20274 None CoID={075CE235-832C-45FE-BE27-8B41BC765125}: The user OLYMPIA\inul connected on port VPN2-15 has been assigned address 192.168.2.145
Information 8/31/2011 11:34:50 AM RemoteAccess 20250 None CoID={075CE235-832C-45FE-BE27-8B41BC765125}: The user OLYMPIA\inul has connected and has been successfully authenticated on port VPN2-15.
Information 8/31/2011 11:34:49 AM RemoteAccess 20088 None The Remote Access Server acquired IP Address 192.168.2.144 to be used on the Server Adapter.
Information 8/31/2011 11:30:26 AM Microsoft-Windows-HttpEvent 15007 None Reservation for namespace identified by URL prefix
https://+:443/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/ was successfully added.
Information 8/31/2011 11:30:26 AM Microsoft-Windows-HttpEvent 15008 None Reservation for namespace identified by URL prefix
https://+:443/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/ was successfully deleted.
Information 8/31/2011 11:30:26 AM Service Control Manager 7036 None The Application Layer Gateway Service service entered the running state.
Information 8/31/2011 11:30:26 AM Service Control Manager 7036 None The Routing and Remote Access service entered the running state.
Error 8/31/2011 11:30:26 AM RemoteAccess 20106 None "Unable to add the interface {BBF2BA88-DCC5-4D36-9256-E1C8AF602467} with the Router Manager for the IPV6 protocol. The following error occurred: Cannot complete this function.
Error 8/31/2011 11:30:26 AM RemoteAccess 20106 None "Unable to add the interface {DF914ECC-AC6A-441E-A47C-57CE90C7F8B0} with the Router Manager for the IPV6 protocol. The following error occurred: Cannot complete this function.
Information 8/31/2011 11:30:21 AM Service Control Manager 7036 None The Routing and Remote Access service entered the stopped state.
Information 8/31/2011 11:30:20 AM Service Control Manager 7036 None The Application Layer Gateway Service service entered the stopped state.
Information 8/31/2011 11:30:01 AM Microsoft-Windows-Eventlog 104 Log clear The System log file was cleared.
============================================================================
============================================================================Hi, I'm in the exact same situation and for once google is of no help. I have tried to get a simple connect through to my server (by using "telnet vpn.myserver.com 443") but it will only timeout. After deactivating the Windows firewall on the VPN box (which
is a virtual machine on a Hyper-V R2 SP1) I can locally telnet the VPN box and even get the special url (https://vpn.myserver.com/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/) to work. But this only works on the VPN box itself, no other server or client is
able to contact it. I have tried to connect from another server sitting next to the vpn box and in the same subnet (public IPs) but couldn't connect either. PPTP and L2TP connections are working but not SSTP. Another approach was to manually bind the http.sys
to specific IPs. No change. I'm fresh out of ideas. Anyone? regards, ck -
Strange problem with AIX server and windows clients
I am having a real bizzare problem with WLS 7.0.1 running on AIX 5.1 and
clients on windows. We have J2SE Swing application as a client.
If the client is w2k or XP, the first client gets good response. If I start
another client the second client is horribly slow (2 sec vs 16 sec). Even if
I kill the first client the second client continues to be slow. If I have 2
clients open together, the first one continues giving 2 sec response while
the second one continues with 16 sec. For that matter if I start another
client after shutting down first one I get slow (16 sec) response.
If the client is NT client I always get good and consistent response from
the server. Irrespective of how many client I have on the NT machine, I keep
getting good response. NT and W2K laptops are seating right next to each
other on the same n/w and infact the NT is a much slower and lessor memory
machine than W2K.
We did similar tests keeping server on Solaris or NT server or W2K server,
and the clients "behave" normally i.e I get consistent repsponse time (it
may be slow or fast, but it is consistent and is consistent b/w NT and W2K).
We even tried putting my laptop on the same network as the AIX server, but
it did not help. Unfortunately some of our clients will be using AIX and
W2K.
HELP!!!!"Cameron Purdy" <[email protected]> wrote in message
news:[email protected]..
Sounds like a reverse DNS lookup or similar network timeout.Thanks for the suggestion, but then why would the first client on w2k or XP
get a better performance and the subsequent clients get worse performance?
>
Peace,
Cameron Purdy
Tangosol, Inc.
http://www.tangosol.com/coherence.jsp
Tangosol Coherence: Clustered Replicated Cache for Weblogic
"vinay moharil" <[email protected]> wrote in message
news:[email protected]..
I am having a real bizzare problem with WLS 7.0.1 running on AIX 5.1 and
clients on windows. We have J2SE Swing application as a client.
If the client is w2k or XP, the first client gets good response. If Istart
another client the second client is horribly slow (2 sec vs 16 sec).
Even
if
I kill the first client the second client continues to be slow. If I
have
2
clients open together, the first one continues giving 2 sec response
while
the second one continues with 16 sec. For that matter if I start another
client after shutting down first one I get slow (16 sec) response.
If the client is NT client I always get good and consistent responsefrom
the server. Irrespective of how many client I have on the NT machine, Ikeep
getting good response. NT and W2K laptops are seating right next to each
other on the same n/w and infact the NT is a much slower and lessor
memory
machine than W2K.
We did similar tests keeping server on Solaris or NT server or W2Kserver,
and the clients "behave" normally i.e I get consistent repsponse time(it
may be slow or fast, but it is consistent and is consistent b/w NT andW2K).
We even tried putting my laptop on the same network as the AIX server,
but
it did not help. Unfortunately some of our clients will be using AIX and
W2K.
HELP!!!! -
Problem with JMX Remote Port - JBoss & Apache on same machine
Hi,
I have a server which hosts Apache that uses mod_jk to pass requests to three Tomcat instances. Apache listens to port 80.
I want to install a different application on the same machine that runs on JBoss. Foreseeing the problem with port numbers, I got a different IP address (Let's say IP2, and original IP for Apache is IP1) on the same machine to run JBoss application. I changed HTTP Connector configuration in server.xml to add "address=IP1:8080" for Tomcat, "address=IP2:8080" for JBoss. I also modified Apache Listen directive in httpd.conf from "Listen 80" to "Listen IP1:80".
Now when I try to start JBoss server by running run.bat, I get below error.
Can any one please suggest how can I resolve this port conflict? Is there even a way to resolve it? As JAVA_HOME can point to a single location and both JBoss & Apache use it?
Thanks.
===============================================================================
JBoss Bootstrap Environment
JBOSS_HOME: C:\jboss
JAVA: C:\Java\jdk1.6.0_01\bin\java
JAVA_OPTS: -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=
9004 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.aut
henticate=false -Dprogram.name=run.bat -server -Xms128m -Xmx512m -Dsun.rmi.dgc.
client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000
CLASSPATH: C:\Java\jdk1.6.0_01\lib\tools.jar;E:\jboss\bin\run.jar
===============================================================================
Error: Exception thrown by the agent : java.rmi.server.ExportException: Port alr
eady in use: 9004; nested exception is:
java.net.BindException: Address already in use: JVM_Bind
Press any key to continue . . .What's running on JMX port without the Jboss running ?
Seems that u have something it.
Btw, try to discover how to bind JMX of portal to IP2, not to IP1 or to global Ip. -
Multiple Oracle Clients on Same Machine for different apps
I was not able to find info that answered this so sorry if I missed something that explains this.
At our site we have many applications some I know lots about some I'm not even aware of because we have mulitple sites. The application I develop uses an Oracle 8.1.7 database. In the next year we are going to be upgrading to a 9i database. The app I program for is written in VB and uses 0040 with the 7.3.4 version. We want to upgrade our client to the latest version to use all the features of the 9i database when that times comes. Can we have our 9i client on the same machine that may have other apps that require the 8i client or even the 7.3.4 client without breaking them? The other apps may or may not use 0040. Some of these apps are Oracle Forms applications and some can be anything under the sun.
I still need to do testing to see what breaks but thought someone may already have the answers some of my ?'s Any tips or info you can provide would be great.
ThanksTwo possible answers
1) Oracle added multi-home support to the Oracle client in 8i (may have been 8.0, I'm really not sure). This allows you to set up multiple 8i and above clients on a single machine in different Oracle Homes and should solve the majority of your problems. Having a 7.3.4 client installed wouldn't be supported, but 8i clients should have no difficulty connecting to a 7.3.4 database.
When Oracle added multi-home support, not all the Oracle client products were made multi-home compatible. The ODBC driver, for example, wasn't multi-home compatible until significantly later patchsets. I belive that OO4O has been multi-home compatible since the client has been, though.
2) From a technical standpoint, you should be able to have a 7.3.4 client alongside 8i and above clients. In my experience, this works, but isn't something that Oracle supports.
Justin -
Can't Connect to Yosemite VPN Server from Mavericks Clients
Hi All,
I upgraded my Mac Mini Server to Yosemite and none of the Mavericks Clients I have (a 13 inch MBA and a 2010 MM) can connect. However all other machines running Yosemite can connect without issue, this includes another 2010 MM and an 11 inch MBA and all iOS 8+ devices. I've tried deleting and recreating the VPN configuration in the local machines. Anyone else seeing anything like this issue? The Mountain Lion to Mavericks upgrade had a similar issue but I believe that racoon was just broken in that release.
ThanksHi Linc,
One of them I am upgrading, the other is a machine I am waiting on a different application to update first prior to upgrading. I am guess I am just a bit frustrated, after the Mountain Lion to Mavericks update I had to call in 4 times and talk my way to enterprise support to get anyone that would even try to assist with Server/VPN. It was the 3rd call that they actually acknowledged an issue- guess I was just attempting to verify if others were seeing this prior to calling in. I don't think its unreasonable to think a server upgrade could support clients like with an OS that is a year old. Just want to make sure I am not "seeing things" when looking at racoon logs and seeing very familiar error messages.
Thanks -
[SOLVED] Routing problems with ssh server and openvpn client
My current setup is an arch box behind my wireless router. My wireless router is running scripts to update the dynamic dns for my internet connection and forwarding incoming requests to port 22 on the arch box. Simple so far.
Now I'd like to setup OpenVPN on the arch box to connect to a 3rd party vpn service but still listen for ssh connections. This way I can have my arch box always connected to the vpn but be able to access it from anywhere. I believe the problem is that openvpn sets up a default route to send all outgoing traffic out over the tunnel, but I don't know enough about routing to make this work. I saw another solution in the forum was running virtualbox and I find that so inelegant. I'm planning on eventually learning more about ip route and iptables but I was also hoping that a networking guru could help me get this set up quickly in the meantime.
ip route while not connected to vpn
default via 192.168.1.1 dev eth0 metric 202
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.11 metric 202
ip route while connected to vpn
0.0.0.0/1 via 10.120.62.9 dev tun0
default via 192.168.1.1 dev eth0 metric 202
10.120.62.1 via 10.120.62.9 dev tun0
10.120.62.9 dev tun0 proto kernel scope link src 10.120.62.10
23.29.126.102 via 192.168.1.1 dev eth0
128.0.0.0/1 via 10.120.62.9 dev tun0
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.11 metric 202
Last edited by ricka (2012-11-05 17:14:48)First, meop, thanks for your reply. I did not use that method to solve the issue, but I'm going to do some more research into it (I'll speak to why I went another direction after the solution).
My solution so far has come from this resource http://forum.linode.com/viewtopic.php?t=8737
Since my server is behind a router, I do not have to worry about the public IP address changing and I was able to use the private IP in the route statements. Therefore, in my case, the solution was these three lines:
ip rule add from 192.168.1.11 table 128
ip route add table 128 to 192.168.1.0/24 dev eth0
ip route add table 128 default via 192.168.1.1
Keep in mind, as the article states, that applies to all ports (not just ssh). If you want to block other traffic, you need some extra iptables entries.
This also solves my end goal: Being able to connect to this 3rd party VPN with a simple ssh redirect from my always connected server. I can now ssh -D <port> <myhost>, set up chrome to use <port> as a proxy, and have everything redirecting over this VPN connection without any hassle.
meop, this setup is connecting to a 3rd party VPN service and they provided the config scripts for the client. I considered tinkering with that, but found this solution to work and I'm going to do some more reading about each solution to figure out which is the best overall.
enovak, I grepped dmesg and did not see any entries about martian source.
Now another question that comes to mind: What if this server were actually NOT behind a firewall and it's public IP changed? I think you'd somehow have to have a script to check to see if your Dynamic IP address changed and also have a route that only that script would use (send everything else out the VPN route). Then, if your IP address changed, you'd have to change these routes around. I'll leave that solution to someone else :-) -
JCos (Java Connectors) from one GRC server to multiple clients on same DEV
I have installed SAP GRC Access Controls RAR on a server.
I have connected the RAR using JCo's to a client (800) on a DEV R/3 (4.7) box. I have also performed analysis succesfully on the roles and users in this DEV client.
I now have another development client on the DEV box (500) which I need to perform analysis for. This client is HR specific.
I know I can create a new JCo to connect to client 500. But what will be the impact on my analysis results? How will I distinguish between the results found from client 500 and those found from client 800?
How would you suggest the best way of doing this?
Many thanks in advance.You will need to create a second JCO to the second client as JCO's are client specific (username password combinations to log on etc etc)
You distinguish the results in Risk ANalyses by choosing the JCO (system) when you create the reports eg: Client 500, Client 800 or ALL.
It can be very confusing and you have to be careful otherwise you will interpret the results incorrectly.
If your new client is HR specific make sure that you have the HR RTA installed as well and patch the HR and Non-HR RTAs up to the latest versions.
Maybe you are looking for
-
I have transfered my itunes library from 1 pc to a new 1....
But now my memory is saying there is double the amount. It says at the bottom of the ipod library when you plug it in that there is double the memory in use. I only have about 6 gb used on my ipod and its saying iv got 12 gb in use! It seems to me th
-
Sony bravia kdl-50ex645 light flashes
Haven't had this tv for long and the lights just flash Red about 5 time's. I read that this is a common problem and i'm sad that this is happening already. Been a Loyal customer my whole life my room is full of sony brands. Please help.
-
I generate a WEB/PLSQL application from Designer 9i and then run it and it runs correctly. Then I make a few changes in Designer and regenerate the WEB/PLSQL form, but when I attempt to run the re-generated WEB/PLSQL form I recieve the following erro
-
Hello, Is there a specific field that we can use to store Australian Business Number or ABN in global parameters of company code? We have a requirement to print it on all invoices generated out of that AUS company code. We used RFC field on global pa
-
TS3274 camera connector won't work
the camera connection will not work with my I pad