VPN in solaris 10??

i've installed solaris 10. how to connect to internet by using VPN??
it's need any additional software. thanx for your information

Did you ever have any luck with this?

Similar Messages

Solaris 10 x86 and Nortel VPN?

Is it possible to connect to Nortel VPN (using IPSEC implementation provided in Solaris 10) ?
Nortel doesn't provide client software for Unix/Linux
but is it possible to connect from solaris 10, using it's IPSEC facilities?
Nortel VPN authentication parameters include : group id, group password, user id and auth.code(password)

Did you ever have any luck with this?

Solaris 10 VPN server/gateway setup

Hi all,
I have a V20z running Solaris 10 at home, and I would like to set it up as a VPN server. The Solaris 10 is behind a router with a reserved private IP assigned by DHCP and port forwarding set up for only SSH at the moment. The router has a static external IP.
I'm not exactly sure what the terms are for what I'm trying to do, but this is basically it:
When I am out of town or overseas, I want to be able to connect from my laptop running OS X or Linux to my Solaris 10 server at home, and have the S10 server act as a proxy(?) (gateway?) for all the traffic from my laptop; for example, if I was in a place where nytimes.com was blocked and wanted to be able to browse from my laptop by having the Solaris 10 server proxy (transparently) my requests and forward the responses back to me. I hope I'm explaining this ok...
I have searched a lot online for how to do this, and I have found a lot of info, but nothing that really ties it all together. I'm pretty comfortable working in the shell and doing config stuff, but it would be a huge help if anyone could explain all the pieces I need to snap together to get this working.
These are my questions:
1. What is what I have described called? Just "VPN" or "VPN router," or "VPN gateway"?
2. What software do I need on my Solaris 10 server to do this?
A lot of what I read pointed me to OpenVPN, but I am not clear if OpenVPN alone would enable me to use the public web via the VPN.
If not, then what would I need to have on the server to enable incoming requests over the VPN connection to be rerouted to the public internet?
3. I'm sure I can figure this out if I can just get the server VPN working, but if anyone happens to know, I'd appreciate it:
Built into OS X Networking Prefs I have the ability to add a VPN interface of either of these 2 types:
"PPTP"
"L2TP over IPsec"
From what I have read so far, it seems like IPsec is likely the only reasonable choice, but the option of "L2TP over IPsec" confuses me since I haven't read that they are required to be used together.
Will this option work for connecting to my Solaris VPN server or will I need a 3rd-party app?
Any guidance would be a tremendous help.
Thanks guys!
Jamie

Mobile IP???
Assuming that you had the right security in place you could have the "Home" box export it's display back to the "Roving" box and then just run a web browser over X. Something like SSH with X forwarding.
alan

Solaris 11 responds to IPSEC VPN traffic ONLY one direction

I have established a IPSEC VPN tunnel between my remote solaris 11 and office Sonicwall router using Site to Site. Everything works fine if the traffic initiates from the Solaris side. However when I try to ping or any network services like nfs,ssh, samb, etc. on the remote solaris box from our office. The server does NOT respond to the incoming packets but packets are going through the tunnel and appears on the remote end when I do snoop –d tun0 and snoop –I vnic0. What I do notice is that snoop –d vnic0 shows no packets and it doesn’t seem to get any traffic at all (see netstat –rn). Could it be my routing table? Ip zones? Any ideas? I followed the Oracle Documents very carefully and with extra help from other extern Solaris 11 admin sites. I know people would suggest using OpenSwan or OpenVPN but this setup should work.
Here is the network info on my IPSEC VPN setup. Tunnel is configured in Transport Mode and IPSEC/IKE is working fine.
Solaris 11 vnic0/10.4.0.1/24, external Internet Nic is nge0/209.xxx.xxx.194/25
# dladm show-link
LINK CLASS MTU STATE OVER
nge0 phys 1500 up --
tun0 iptun 1402 up --
vnic0 vnic 1500 up nge0
# dladm show-iptun
LINK TYPE FLAGS LOCAL REMOTE
tun0 ipv4 s- 209.xxx.xxx.194 64.xxx.xxx.34
# ipadm show-if
IFNAME CLASS STATE ACTIVE OVER
lo0 loopback ok yes --
nge0 ip ok yes --
vnic0 ip ok yes --
tun0 ip ok yes --
# ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
nge0/v4 static ok 209.xxx.xxx.194/25
vnic0/inside static ok 10.4.0.1/24
tun0/v4 static ok 10.4.0.1->172.20.0.1
lo0/v6 static ok ::1/128
# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
default 209.xxx.xxx.129 UG 6 16874898 nge0
10.4.0.0 10.4.0.1 U 2 0 vnic0
10.181.0.0 172.20.0.1 UGS 3 16862235 tun0
127.0.0.1 127.0.0.1 UH 2 1786 lo0
172.20.0.1 10.4.0.1 UH 3 16862235 tun0
Routing Table: IPv6
Destination/Mask Gateway Flags Ref Use If
::1 ::1 UH 2 42 lo0
# routeadm
Configuration Current Current
Option Configuration System State
IPv4 routing disabled disabled
IPv6 routing disabled disabled
IPv4 forwarding disabled disabled
IPv6 forwarding disabled disabled
Routing services "route:default ripng:default"
Routing daemons:
STATE FMRI
disabled svc:/network/routing/ripng:default
disabled svc:/network/routing/rdisc:default
disabled svc:/network/routing/route:default
disabled svc:/network/routing/legacy-routing:ipv4
disabled svc:/network/routing/legacy-routing:ipv6
online svc:/network/routing/ndp:default
Solaris># ping 10.181.1.218
10.181.1.218 is alive
C:\>ping 10.4.0.1
Pinging 10.4.0.1 with 32 bytes of data:
Request timed out.
Request timed out.
# snoop -d tun0 10.181.1.218
Using device tun0 (promiscuous mode)
10.181.1.218-> 10.4.0.1 ICMP Echo request (ID: 1 Sequence number: 33) (1 encap)
10.181.1.218-> 10.4.0.1 ICMP Echo request (ID: 1 Sequence number: 34) (1 encap)
# snoop -I vnic0 10.181.1.218
Using device ipnet/vnic0 (promiscuous mode)
10.181.1.218-> 10.4.0.1 ICMP Echo request (ID: 1 Sequence number: 36)
10.181.1.218-> 10.4.0.1 -i ICMP Echo request (ID: 1 Sequence number: 37)
# ipadm show-prop
PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
ipv4 forwarding rw off off off on,off
ipv4 ttl rw 255 -- 255 1-255
ipv6 forwarding rw off -- off on,off
ipv6 hoplimit rw 255 -- 255 1-255
ipv6 hostmodel rw weak -- weak strong,
src-priority,
weak
ipv4 hostmodel rw strong strong weak strong,
src-priority,
weak
icmp max_buf rw 262144 -- 262144 65536-1073741824
icmp recv_buf rw 8192 -- 8192 4096-262144
icmp send_buf rw 8192 -- 8192 4096-262144
tcp cong_default rw newreno -- newreno newreno,cubic,
highspeed,vegas
tcp cong_enabled rw newreno,cubic, newreno,cubic, newreno newreno,cubic,
highspeed, highspeed, highspeed,vegas
vegas vegas
tcp ecn rw passive -- passive never,passive,
active
tcp extra_priv_ports rw 2049,4045 -- 2049,4045 1-65535
tcp largest_anon_port rw 65535 -- 65535 32768-65535
tcp max_buf rw 1048576 -- 1048576 128000-1073741824
tcp recv_buf rw 128000 -- 128000 2048-1048576
tcp sack rw active -- active never,passive,
active
tcp send_buf rw 49152 -- 49152 4096-1048576
tcp smallest_anon_port rw 32768 -- 32768 1024-65535
tcp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
udp extra_priv_ports rw 2049,4045 -- 2049,4045 1-65535
udp largest_anon_port rw 65535 -- 65535 32768-65535
udp max_buf rw 2097152 -- 2097152 65536-1073741824
udp recv_buf rw 57344 -- 57344 128-2097152
udp send_buf rw 57344 -- 57344 1024-2097152
udp smallest_anon_port rw 32768 -- 32768 1024-65535
udp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
sctp cong_default rw newreno -- newreno newreno,cubic,
highspeed,vegas
sctp cong_enabled rw newreno,cubic, newreno,cubic, newreno newreno,cubic,
highspeed, highspeed, highspeed,vegas
vegas vegas
sctp extra_priv_ports rw 2049,4045 -- 2049,4045 1-65535
sctp largest_anon_port rw 65535 -- 65535 32768-65535
sctp max_buf rw 1048576 -- 1048576 102400-1073741824
sctp recv_buf rw 102400 -- 102400 8192-1048576
sctp send_buf rw 102400 -- 102400 8192-1048576
sctp smallest_anon_port rw 32768 -- 32768 1024-65535
sctp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
# ipadm show-addrprop
ADDROBJ PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
lo0/v4 broadcast r- -- -- -- --
lo0/v4 deprecated rw off -- off on,off
lo0/v4 prefixlen rw 8 8 8 1-30,32
lo0/v4 private rw off -- off on,off
lo0/v4 reqhost r- -- -- -- --
lo0/v4 transmit rw on -- on on,off
lo0/v4 zone rw global -- global --
nge0/v4 broadcast r- 209.xxx.xxx.255 -- 209.xxx.xxx.255 --
nge0/v4 deprecated rw off -- off on,off
nge0/v4 prefixlen rw 25 25 24 1-30,32
nge0/v4 private rw on on off on,off
nge0/v4 reqhost r- -- -- -- --
nge0/v4 transmit rw on -- on on,off
nge0/v4 zone rw global -- global --
vnic0/inside broadcast r- 10.4.0.255 -- 10.255.255.255 --
vnic0/inside deprecated rw off -- off on,off
vnic0/inside prefixlen rw 24 24 8 1-30,32
vnic0/inside private rw off -- off on,off
vnic0/inside reqhost r- -- -- -- --
vnic0/inside transmit rw on -- on on,off
vnic0/inside zone rw global -- global --
tun0/v4 broadcast r- -- -- -- --
tun0/v4 deprecated rw off -- off on,off
tun0/v4 prefixlen rw -- -- -- --
tun0/v4 private rw off -- off on,off
tun0/v4 reqhost r- -- -- -- --
tun0/v4 transmit rw on -- on on,off
tun0/v4 zone rw global -- global --
ipadm show-ifprop
IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE
nge0 arp ipv4 rw on -- on on,off
nge0 forwarding ipv4 rw off off off on,off
nge0 metric ipv4 rw 0 -- 0 --
nge0 mtu ipv4 rw 1500 -- 1500 68-1500
nge0 exchange_routes ipv4 rw on -- on on,off
nge0 usesrc ipv4 rw none -- none --
nge0 forwarding ipv6 rw off -- off on,off
nge0 metric ipv6 rw 0 -- 0 --
nge0 mtu ipv6 rw 1500 -- 1500 1280-1500
nge0 nud ipv6 rw on -- on on,off
nge0 exchange_routes ipv6 rw on -- on on,off
nge0 usesrc ipv6 rw none -- none --
nge0 group ip rw -- -- -- --
nge0 standby ip rw off -- off on,off
vnic0 arp ipv4 rw on -- on on,off
vnic0 forwarding ipv4 rw on on off on,off
vnic0 metric ipv4 rw 0 -- 0 --
vnic0 mtu ipv4 rw 1500 -- 1500 68-1500
vnic0 exchange_routes ipv4 rw on -- on on,off
vnic0 usesrc ipv4 rw none -- none --
vnic0 group ip rw -- -- -- --
vnic0 standby ip rw off -- off on,off
tun0 arp ipv4 rw off -- on on,off
tun0 forwarding ipv4 rw on on off on,off
tun0 metric ipv4 rw 0 -- 0 --
tun0 mtu ipv4 rw 1402 -- 1402 68-65515
tun0 exchange_routes ipv4 rw on -- on on,off
tun0 usesrc ipv4 rw none -- none --
tun0 group ip rw -- -- -- --
tun0 standby ip rw off -- off on,off
Edited by: user1233039 on Jun 20, 2012 9:18 AM

I have established a IPSEC VPN tunnel between my remote solaris 11 and office Sonicwall router using Site to Site. Everything works fine if the traffic initiates from the Solaris side. However when I try to ping or any network services like nfs,ssh, samb, etc. on the remote solaris box from our office. The server does NOT respond to the incoming packets but packets are going through the tunnel and appears on the remote end when I do snoop –d tun0 and snoop –I vnic0. What I do notice is that snoop –d vnic0 shows no packets and it doesn’t seem to get any traffic at all (see netstat –rn). Could it be my routing table? Ip zones? Any ideas? I followed the Oracle Documents very carefully and with extra help from other extern Solaris 11 admin sites. I know people would suggest using OpenSwan or OpenVPN but this setup should work.
Here is the network info on my IPSEC VPN setup. Tunnel is configured in Transport Mode and IPSEC/IKE is working fine.
Solaris 11 vnic0/10.4.0.1/24, external Internet Nic is nge0/209.xxx.xxx.194/25
# dladm show-link
LINK CLASS MTU STATE OVER
nge0 phys 1500 up --
tun0 iptun 1402 up --
vnic0 vnic 1500 up nge0
# dladm show-iptun
LINK TYPE FLAGS LOCAL REMOTE
tun0 ipv4 s- 209.xxx.xxx.194 64.xxx.xxx.34
# ipadm show-if
IFNAME CLASS STATE ACTIVE OVER
lo0 loopback ok yes --
nge0 ip ok yes --
vnic0 ip ok yes --
tun0 ip ok yes --
# ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
nge0/v4 static ok 209.xxx.xxx.194/25
vnic0/inside static ok 10.4.0.1/24
tun0/v4 static ok 10.4.0.1->172.20.0.1
lo0/v6 static ok ::1/128
# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
default 209.xxx.xxx.129 UG 6 16874898 nge0
10.4.0.0 10.4.0.1 U 2 0 vnic0
10.181.0.0 172.20.0.1 UGS 3 16862235 tun0
127.0.0.1 127.0.0.1 UH 2 1786 lo0
172.20.0.1 10.4.0.1 UH 3 16862235 tun0
Routing Table: IPv6
Destination/Mask Gateway Flags Ref Use If
::1 ::1 UH 2 42 lo0
# routeadm
Configuration Current Current
Option Configuration System State
IPv4 routing disabled disabled
IPv6 routing disabled disabled
IPv4 forwarding disabled disabled
IPv6 forwarding disabled disabled
Routing services "route:default ripng:default"
Routing daemons:
STATE FMRI
disabled svc:/network/routing/ripng:default
disabled svc:/network/routing/rdisc:default
disabled svc:/network/routing/route:default
disabled svc:/network/routing/legacy-routing:ipv4
disabled svc:/network/routing/legacy-routing:ipv6
online svc:/network/routing/ndp:default
Solaris># ping 10.181.1.218
10.181.1.218 is alive
C:\>ping 10.4.0.1
Pinging 10.4.0.1 with 32 bytes of data:
Request timed out.
Request timed out.
# snoop -d tun0 10.181.1.218
Using device tun0 (promiscuous mode)
10.181.1.218-> 10.4.0.1 ICMP Echo request (ID: 1 Sequence number: 33) (1 encap)
10.181.1.218-> 10.4.0.1 ICMP Echo request (ID: 1 Sequence number: 34) (1 encap)
# snoop -I vnic0 10.181.1.218
Using device ipnet/vnic0 (promiscuous mode)
10.181.1.218-> 10.4.0.1 ICMP Echo request (ID: 1 Sequence number: 36)
10.181.1.218-> 10.4.0.1 -i ICMP Echo request (ID: 1 Sequence number: 37)
# ipadm show-prop
PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
ipv4 forwarding rw off off off on,off
ipv4 ttl rw 255 -- 255 1-255
ipv6 forwarding rw off -- off on,off
ipv6 hoplimit rw 255 -- 255 1-255
ipv6 hostmodel rw weak -- weak strong,
src-priority,
weak
ipv4 hostmodel rw strong strong weak strong,
src-priority,
weak
icmp max_buf rw 262144 -- 262144 65536-1073741824
icmp recv_buf rw 8192 -- 8192 4096-262144
icmp send_buf rw 8192 -- 8192 4096-262144
tcp cong_default rw newreno -- newreno newreno,cubic,
highspeed,vegas
tcp cong_enabled rw newreno,cubic, newreno,cubic, newreno newreno,cubic,
highspeed, highspeed, highspeed,vegas
vegas vegas
tcp ecn rw passive -- passive never,passive,
active
tcp extra_priv_ports rw 2049,4045 -- 2049,4045 1-65535
tcp largest_anon_port rw 65535 -- 65535 32768-65535
tcp max_buf rw 1048576 -- 1048576 128000-1073741824
tcp recv_buf rw 128000 -- 128000 2048-1048576
tcp sack rw active -- active never,passive,
active
tcp send_buf rw 49152 -- 49152 4096-1048576
tcp smallest_anon_port rw 32768 -- 32768 1024-65535
tcp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
udp extra_priv_ports rw 2049,4045 -- 2049,4045 1-65535
udp largest_anon_port rw 65535 -- 65535 32768-65535
udp max_buf rw 2097152 -- 2097152 65536-1073741824
udp recv_buf rw 57344 -- 57344 128-2097152
udp send_buf rw 57344 -- 57344 1024-2097152
udp smallest_anon_port rw 32768 -- 32768 1024-65535
udp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
sctp cong_default rw newreno -- newreno newreno,cubic,
highspeed,vegas
sctp cong_enabled rw newreno,cubic, newreno,cubic, newreno newreno,cubic,
highspeed, highspeed, highspeed,vegas
vegas vegas
sctp extra_priv_ports rw 2049,4045 -- 2049,4045 1-65535
sctp largest_anon_port rw 65535 -- 65535 32768-65535
sctp max_buf rw 1048576 -- 1048576 102400-1073741824
sctp recv_buf rw 102400 -- 102400 8192-1048576
sctp send_buf rw 102400 -- 102400 8192-1048576
sctp smallest_anon_port rw 32768 -- 32768 1024-65535
sctp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
# ipadm show-addrprop
ADDROBJ PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
lo0/v4 broadcast r- -- -- -- --
lo0/v4 deprecated rw off -- off on,off
lo0/v4 prefixlen rw 8 8 8 1-30,32
lo0/v4 private rw off -- off on,off
lo0/v4 reqhost r- -- -- -- --
lo0/v4 transmit rw on -- on on,off
lo0/v4 zone rw global -- global --
nge0/v4 broadcast r- 209.xxx.xxx.255 -- 209.xxx.xxx.255 --
nge0/v4 deprecated rw off -- off on,off
nge0/v4 prefixlen rw 25 25 24 1-30,32
nge0/v4 private rw on on off on,off
nge0/v4 reqhost r- -- -- -- --
nge0/v4 transmit rw on -- on on,off
nge0/v4 zone rw global -- global --
vnic0/inside broadcast r- 10.4.0.255 -- 10.255.255.255 --
vnic0/inside deprecated rw off -- off on,off
vnic0/inside prefixlen rw 24 24 8 1-30,32
vnic0/inside private rw off -- off on,off
vnic0/inside reqhost r- -- -- -- --
vnic0/inside transmit rw on -- on on,off
vnic0/inside zone rw global -- global --
tun0/v4 broadcast r- -- -- -- --
tun0/v4 deprecated rw off -- off on,off
tun0/v4 prefixlen rw -- -- -- --
tun0/v4 private rw off -- off on,off
tun0/v4 reqhost r- -- -- -- --
tun0/v4 transmit rw on -- on on,off
tun0/v4 zone rw global -- global --
ipadm show-ifprop
IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE
nge0 arp ipv4 rw on -- on on,off
nge0 forwarding ipv4 rw off off off on,off
nge0 metric ipv4 rw 0 -- 0 --
nge0 mtu ipv4 rw 1500 -- 1500 68-1500
nge0 exchange_routes ipv4 rw on -- on on,off
nge0 usesrc ipv4 rw none -- none --
nge0 forwarding ipv6 rw off -- off on,off
nge0 metric ipv6 rw 0 -- 0 --
nge0 mtu ipv6 rw 1500 -- 1500 1280-1500
nge0 nud ipv6 rw on -- on on,off
nge0 exchange_routes ipv6 rw on -- on on,off
nge0 usesrc ipv6 rw none -- none --
nge0 group ip rw -- -- -- --
nge0 standby ip rw off -- off on,off
vnic0 arp ipv4 rw on -- on on,off
vnic0 forwarding ipv4 rw on on off on,off
vnic0 metric ipv4 rw 0 -- 0 --
vnic0 mtu ipv4 rw 1500 -- 1500 68-1500
vnic0 exchange_routes ipv4 rw on -- on on,off
vnic0 usesrc ipv4 rw none -- none --
vnic0 group ip rw -- -- -- --
vnic0 standby ip rw off -- off on,off
tun0 arp ipv4 rw off -- on on,off
tun0 forwarding ipv4 rw on on off on,off
tun0 metric ipv4 rw 0 -- 0 --
tun0 mtu ipv4 rw 1402 -- 1402 68-65515
tun0 exchange_routes ipv4 rw on -- on on,off
tun0 usesrc ipv4 rw none -- none --
tun0 group ip rw -- -- -- --
tun0 standby ip rw off -- off on,off
Edited by: user1233039 on Jun 20, 2012 9:18 AM

Solaris 10 site to site VPN with netscreen or linux freeswan

Hello,
Have anybody made Solaris site to site ipsec VPN with netscreen firewall or linux freeswan?

a.alekseev,
It works! Thank you very much. I somehow have overlooked that command entirely. I am very grateful.

Advise Requested - Building a Home Server using Solaris 10

I'm currently a Wintel sysadmin, and I'm relatively new to Unix. I know the basics, and I have been reading up on it. I'll be taking a the 200 level Sun class in August or September. I'll be working with Solaris on an increased basis at work very soon. Since I've been thinking of building a home server for some time I thought it would be a good opportunity (and challenge) to teach myself Solaris by building a server with Solaris 10 for Intel processors.
I would like to setup a server with a RAID mirror. It's mostly going to be a Samba file server, Apache web server, and backup server for all of my home Windows Vista PCs. I'll likely put in two 1 terabite HDDs in it. I might also use it as a VPN server for my home network eventually as a I learn more.
Does anyone have suggestions they could give me on hardware? I prefer to build an ATX compliant clone.
So far this is the motherboard I'm considering:
http://www.mwave.com/mwave/skusearch.hmx?&scriteria=BA23931
ANY ADVISE would be greatly appreciated!!!!

Change your SSH port to something other than 22! Make sure your ssh keys use passphrases. You can setup keychain (ssh-agent) on the server and clients to keep keys in memory if you desire without constantly retyping (and for automated backups).
Scott

Nedd to configure apache-bea weblogic plugin for apache2 on solaris 10

Hi,
I have an apache server and a bea weblogic application server. For security reasons, I wold like to configure a bea plugin on the apache server to redirect the client http/https requests from the apache2 server to bea application server.
I have gone through the bea documentation and configure my apache2 httpd.conf as follows
LoadModule weblogic_module modules/mod_wl_20.so
<IfModule mod_weblogic.c>
WebLogicHost myweblogic.server.com
WebLogicPort 7001
MatchExpression *.jsp
</IfModule>
<Location /weblogic>
WebLogicHost myweblogic.server.com
WebLogicPort 7001
SetHandler weblogic-handler
PathTrim /weblogic
</Location>
Then Restarted the apache2 and tryied to acces bea application through http://myweblogic.server.com/weblogic/
and http://myweblogic.server.com/something.jsp
It did not work
httpd is started propery.
Any help would be highly apreciated
Many Thanks
Ushas Symon

The Web server plug-ins do not natively support outbound SSL connections
yet(i.e. SSL from the plug-in to WebLogic). This is a feature for version
6.0. You can use SSL from the browser to Apache or from the browser to
WebLogic directly.
The majority of our customers use strict firewall rules to protect the
traffic between Apache and WebLogic. If they are paranoid, they use an SSL
proxy or a VPN product.
Thanks,
Michael
Michael Girdley
BEA Systems Inc
"Josh Kwan" <[email protected]> wrote in message
news:39d4e8a5$[email protected]..
>
Hello,
I want to know how to connect Apache 1.3.12 with mod_ssl to BEA WebLogic5.1.0 on Solaris via HTTPS. I have heard that this can only work over t3...
is that true? If so, how can it be done securely? If that isn't the case,
how can httpd.conf/weblogic.conf be configured on the Apache server to talk
to the WebLogic server on port 7002? Both of the machines I am using are
running Solaris 7 with necessary patches. I have installed SP5 for WebLogic
and I have copied mod_wl.so and mod_wl_ssl.o to the Apache server for
inclusion as modules.
>
The two servers communicate correctly over HTTP, but I want to be able toserve some JSPs via HTTPS from the WebLogic server through the Apache web
server. I have generated all the required CA and server certificates for
each server, and they both individually answer HTTPS requests, but do not
work when an HTTPS request is sent to the Apache server for a JSP that is
served from the WebLogic server. I read somewhere in the documentation for
5.1.0 that WebLogic will communicate via HTTPS to various web and proxy
servers.
>
Any help would be greatly appreciated... thanks!
Regards,
Josh Kwan
Sr. Systems Engineer
iXL

Domain name when my windows machine (pc) is on VPN

Hi!
Last week I had issue to get doman name Solaris machines and with the help of folks here I could solve the issue. After a gap of 1 week I have to work on the same assignment and now I have issue to get domain name when my windows machine (pc) is on VPN. It may be possible, with VPN I may not be able to get the domain.
h1. What is needed?
I am looking for a java Api which can return me "myCompany.com", when my PC is on VPN.
Following if the out put of ipconfig
C:\Documents and Settings\sgupta>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Ethernet adapter Wireless Network Connection 2:
Connection-specific DNS Suffix . : guest.myCompany.com
IP Address. . . . . . . . . . . . : 10.202.0.76
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 10.202.0.254
PPP adapter MyCompanytronix US Aventail VPN:
Connection-specific DNS Suffix . : myCompany.com
IP Address. . . . . . . . . . . . : 128.181.213.220
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
h1. What is already tried?
<ol><li>I have tried InetAddress API's but they return "global.myCompanytronix.com" from the local configuration.</li>
<li>I also tried the following library to get the domain name and that fails to get the same.</li>
<ol><li>[http://www.dnsjava.org/|http://www.dnsjava.org/]. </li>
</ol>
</ol>
Kindly give me some clues if you have.

Update-PROBLEM FIXED by verizon support. I called my local verizon wireless store, who quickly got me tech support after running through a few things. I didn't know you could disable power management for just one device, but verizon tech support did! So you go into device manager, expand universal serial bus controllers, right click the first "root hub", click the power tab, and see if your device shows up. If it doesn't, continue this process through all the root hubs until it does.
When you find it, select it, and click the power management tab on the far right. Uncheck "allow the computer to turn off this device to save power". Restart the computer to save this setting. Then test it by putting the computer to sleep.
It did take about 30 seconds until the pantech uml 290 was connected, but it connected successfully three times in a row. I'm very happy with both the verizon store and verizon tech support. They were both very helpful and pleasant to talk t, and efficiently resolved the problem. I still think you pay too much for mobile broadband, and am a little put off that the problem existed in the first place, but I'm very happy to have this problem resolved.
One other piece of info. I got was that there is an upgrade, pantech 295 usb modem for only 30.00. So if I have any more problems I'll just try that. (It's still a wired, not wireless device, which I prefer.)

Solaris 9 IPSec support

I am currently attempting to activate IPSecurity on Solaris and I am having a host of issues. I am hoping someone on the forums have done this before.
Here are the steps that I have figured out:
1) Create Certificates and add them into the database: I am fairly certain that this has been done correctly since when the in.iked daemon comes up it reads in my CA certificate and my server certificate that I have created.
2) Edit the /etc/inet/ike/config file. I have edited this file but there is an odd thing here. Looking at the man page it says that I should be able to do use AES for the phase 1 SA. However when I use the key word for the aes it tells me it is an error. <Question> Is the AES support only on 10? Is there away I can tell the version of the in.iked daemon I am working with?
3) Activate the in.iked server with the config file. I have done this and used the -p2 -d options so I can see the log file that goes with it.
4)Update the /etc/inet/ipsec.init file: I have done this but here is another instance that things do not make sense. I create a phase 2 proposal devoid of all encryption algorithms and the default one came up. It only had AES and Blowfish. There was no Triple DES option available even though in the man page is there. <question> how do I get the version number of the ipsecconf command.
5)I then use the ipsecconf command to suck in the ipsec.init profile. I have done this successfully with AES and can do a list display.
Usage<<<< I attempt to run a traffic from my solaris to my partner machine that matches the phase 2 traffic descriptors however when the traffic arrives it is not encrypted and the solaris did not attempt to negotiate a tunnel.
When I attempt to initiate a VPN from the other side all I get is parameter mismatch on the Solaris side however the parameters that I have configured all seem to match.
<Questions>
1) Is there some better messages available above -p2 -d
2) Is there a way to initiate a phase 1 negotiation on the SA. ikeadm command does not seem to have that.
3) Is there a service that I have to activate to start the IPSecurity pieces?

http://www.sun.com/servers/coolthreads/t2000/specs.xml
no.
Darren

Solaris 10 Sparc - Linux2.6 x86

I want to port my Solaris 10 Sparc V240 machine's output to be displayed in my x86 CPU installed with JDS Linux2.6. I tried with xhost and also set my DISPLAY variable... but it showed nothing.
Can it actually be done? if not why? I could port Solaris 10 x86 CPU's output to be displayed on Linux x86 CPU....
hope can clear my doubt.. thanks
VD

I will assume that you have done this before and it had worked for other sytsems.
It would help if you gave more details. Like show the command you ran to set DISPLAY (use a fake name for the host if desired). What is the command your are trying to have displayed remotely?
Also did you get an error?
-If so, it could be as simple as the DISPLAY variable not being exported (i.e. export DISPLAY).
-If not, do you have multiple displays? For example I have two and if I want windows to appear on the second I set DISPLAY=desthost:0.1 which makes it show up on the second one. Did you just set DISPLAY=desthost:0 and it could be defaulting to a "fake"display that doesn't actually exist so you don't ever see anything.
Another possibility is that the host name lookup is giving you some other systems IP address. Make sure your lookups are going to the correct place (BTW this is probably a long shot).
As a side note. You may consider using VNC to do this. Just set up a VNC server on the host you want to get to remotely. Then run a VNC viewer on the remote host and run the commands (windows) under VNC. The added benefits are that it's much faster when using this over a WAN with any kind of VPN tunnel and you can exit the viewer while leaving the commands running and go back in later, even from a different system to check on them.
Hope that helps.

Solaris 10 Remote Monitoring/Management

Hi,
I have some Solaris 10 Servers that i'm currently able to administer/monitor locally but the company will be moving very soon and i'm looking into remote management. I'm wondering on machines such as X2100's where LOM software is automatically available how i could do remote management of the Solaris 10 boxes. I also have a V480 which we'd like to administer remotely.
If we should get some specific hardware to achieve this, please let me know what's out there and what would be appropriate.
I'm thinking of using OpenVPN for secure connections for regular operations on those boxes.
Thanks,
Charles

You can either connect to the LOM as suggested above, you will need to configure it prior to hooking the LOM to the network. I would caution you from putting a LOM port on an OPEN network connected to the internet.
You should have a VPN setup where you can connect to the VPN the connect to the LOM via ssh.
Once this is done, you will connect to the LOM and login, issue the command start /SP/console, reply y and you will be connected to the server. However this will give you a single connection only and can be kinda sluggish at times.
Once on the server you should (at a minimum) issue the following command 'netservices limited' this will sorta lockdown a server and limit network access. If you VPN in you should be able to connect to the server via SSH as well as the LOM. You should typically only use the LOM when the server is inaccessible. If you read the documentation on docs.sun.com you will find all the info you need for this to happen.

VPN Internet

Hi All!
My Internet provider use VPN for Internet connection.
How I may create VPN connection in Solaris 10 9/10 x86

You need to provide a lot more information.
First of all, you don't use a VPN to connect to the Internet. The Internet is a public network. VPN is "Virtual Private Network." VPN's are to establish a secure connection over the internet, e.g from remote clients to the corporate network, or between two secure sites. It is a virtual private network since you are using a real private network (e.g. frame relay, dedicated lines etc.)
Your Internet provider may in turn be proving a VPN service- either for remote users (although I haven't seen anyone advertising that for a while) or between two sites.
There are various methods of establishing VPN connections- typically a site-to-site VPN would involve using a fixed IPSec tunnel between the routers at each site, and the routers would have static addresses. Client-to-site VPN's are for clients that don't have static address, and don't require a persistent VPN connection. This could be either an IPSec tunnel connection (cisco, sonicwall) or IPSec-over-PPTP (e.g. Microsoft XP native VPN.)
It also matters if your Solaris machine is a remote client or server in the office that remote users want to use.

Develop on Windows, run on Solaris - Best Practices?

We're moving from windows 2003 server to Solaris x86-64/sparc environment - 10gR2 app server and db. Currently, since our servers are in a remote datacenter, we just VPN onto one of our windows server, which has the dev tools and standalone oc4j running so we can develop and test forms. Simple.
First thing we noticed is there is not a solaris x86-64 version of the dev tools, so we assume we'll have to develop on our windows desktops, and then recompile on the solaris server. So, the question is how best to do this?
Initial thinking is that each developer needs to have all the .olb,.pll,.jar,.fmb etc. files on their local machine compiled for windows, and then have to copy these to the solaris servers and recompile. This raises all kinds of concerns about how to keep the files on the developers machines in sync with the versions on the solaris servers.
Seems we are missing something here and there may be better methods to setup this environment. Perhaps use sparc workstations so we can develop natively in solaris, but that is an expensive option. Any ideas?

Hi,
Its better to develop in Windows and port it to
solaris. Thats what we do for our implementations.
All the developers has all the source code in the
local desktop. And when ever they want to change
/update a form, they download it from
development/prodn in solaris to the local desktop.
At a time usually one developer will work on a form
and that can be put to the solaris and compiled there
in order to test.
Rajesh ALexWhat about the .pll, .jar, .olb files? Do your developers have to download to their local machines each time they open form builder to get the latest versions? Seems a maintenance nightmare to keep local versions of these files up to date with what is on the servers.
Perhaps we need to look at some source control software that can manage this. Any out there that work with forms?

Configure an open vpn

Hi,
i'm new to Solaris and i dont know how to configure the vpn drivers. I have been in various sites like "how to " but they always refer to Linux .
Where can i find such tips or even sample programs to make the right thing?
I thank you all.

Hi,
Below is the link to the admin guide for the RV042. Chapter 9 covers the configuration of site to site VPN’s and begins on page 123.
http://www.cisco.com/en/US/docs/routers/csbr/rv0xx/administration/guide/rv0xx_AG_78-19576.pdf
If you need further assistance please feel free to contact Cisco Small Business for help in configuring and troubleshooting your VPN.
Thank you,
Jason Nickle

X86 cisco vpn client

Is there a Cisco vpn client for Solaris x86 ? I cannot find one on their website. How are Sun employees connecting to the Sun vpn if running Solarix 10 x86 on a desltop ?
TIA
Brian

Brian,
The Cisco vpn client is available internally from the iWork site.
Don't know if it is readily available externally.
Karl

VPN in solaris 10??

Similar Messages

Maybe you are looking for