General :: Backup / Setup A Second VPN Tunnel On A Fallback Gateway / Firewall On The Client Side
Mar 1, 2011
I've set up a Lan-to-Lan (routed) OpenVPN tunnel. For redundancy I want to set up a second VPN tunnel on a fallback gateway/firewall on the client side. Currently, both sides (server/client) know how to route packets across each others physical LAN. So no NAT is used. When the primary gateway (fw1) is connected to the VPN server all traffic runs via the fw1 tunnel. Than when the secondary gateway (fw2) connects to the VPN server and fw1 is still connected all traffic for fw1 will be delivered to fw2 and effectively destroying traffic intended for fw1. This is of course no problem if I first shutdown (fence) fw1, than set up fw2 to use the gateway IP address from fw1 and set up the VPN tunnel to the VPN server. Effectively replacing fw1 with fw2 on the client side.
However, I can't seem to find a decent howto.
I am also exploring the possibility to let both tunnels active and let OpenVPN (or another tool) decide how to route packets back and forth the different LANs. A virtual IP between two gateway's both running a VPN or something similar. This would be the preferred method of course. However, I don't know how to tackle this one but I'm pretty sure there are people out there who are happy to share their 2 cents.
View 3 Replies
ADVERTISEMENT
May 12, 2010
I have 17 system (sys1,sys2,sys3.....sys17) in my office, and i am willing to setup a dedicated system to act as a firewall for that i have selected sys1 with two NIC(eth0 for local network and eth1 for internet) and i have configured to access internet in my office for that i have opened a wellknown port 80.but my clients are not accessing the internet..
and please check my sample IP configuration !!!
interface : eth1 (ISP IP)just for example
IP :192.168.0.2
gateway:192.168.0.1
dns:202.56.230.5
dns:202.56.230.6
Interface : eth0 (my local lan )
192.168.1.1
255.255.255.0
IP address of xp clients ranges form 192.168.1.2 to 192.168.1.16 with default 255.255.255.0
my question is that which gateway address and dns i have to give to my clients for accessing internet ?...
View 1 Replies
View Related
Dec 12, 2010
I have recently installed an ltsp system, client and server. Everything works except i cannot get my client side serial ports to work or register for that matter. Can anyone point me to the steps i should take to get these working.
View 1 Replies
View Related
Jan 10, 2011
I'm using NFS and I have the following problem. After ~100 days, the client and server lose connection, but the client doesn't know about this, it gives no error. The problem is that the changes on the server side aren't visible on the client side.
The nfs options are: "noatime, nolock, hard, udp, notcp, nosuid, nodev, rsize=8192, wsize=8192, actimeo=60"
The kernel version is: 2.6.16.27 built with 250 Hz. Is this an already corrected issue in a kernel version? Or are my options wrong?
View 1 Replies
View Related
Mar 14, 2011
I have an security cam with a built-in webpage inside my home network. That camera is using basic HTTP authentication instead of SSL. I want to be able to access the camera's webpage from outside my network, but I don't want to open an unencrypted video stream to the outside world. Right now, I'm doing some cumbersome ssh tunneling where I bounce off an ssh server like: ssh -N -L 9090:[URl]..and then I connect to my web page like: http://localhost:9090
But this is a pain. Now, gentle reader, I beseech you to tell me how I can use linux (Ubuntu) to get a fully encrypted SSL connection to my internal web page without the hassle of creating an ssh tunnel each time. I believe I can use stunnel, but I'm not sure of the command.
View 1 Replies
View Related
Jan 28, 2010
have been trying to setup a dual boot system with ubuntu and XP running side by side on my Thinkpad T41.tried it a few times and always causes the same problem. i have 40 gig HDD, on which i create a 13 gig NTFS partition and leave the rest as free space. then install XP on the NTFS partition. no problems.
then i boot from the ubuntu disk (9.10 Karmic) and install using the "use free space" option at the partition section. ubuntu installs ok, and boots fine from GRUB 2.0. BUT when i select the XP option from GRUB's list, it starts to boot XP, i get the standard XP loading screen for three seconds and then it crashes to a blue screen critical problem, and restarts the system. when i then boot from the xp cd and go into recovery mode CHKDSK will not recognise the disk, and DISKPART shows one HDD at 35 gig which it cannot access.
this means i cant run FIXBOOT and get my xp install running again. every time i do this process it produces the same problem. tried at first with xp installed on whole HDD, and reducing the xp partition size. killed XP. then tried ubuntu first and xp second - but this caused the same inaccessible disk problem - xp would not recognise the partitions and would not install. so i slipstreamed my XP install disk to SP2 hoping this would make it recognise the partitions, but no luck there. so had to format all and repartition the 13 gig NTFS for xp. installed xp again without difficulty but ubuntu install killed my xp in the same way.
View 9 Replies
View Related
Apr 21, 2010
I have a small home-office network. On that network I have two linux computers, one is a client the other a server.
On the server I have NFS Server setup and mount some NFS exports on the client computer.
On the server I have the firewall on and here it becomes a little tricky.
Since both the server and the client connect to the router the interface (eth1) is theoretically both an internal & external zone.
The router is commercial grade and therefore has a good firewall on it which is also setup. Therefore the firewall on the server is really more of a backup than a necessity. But that's fine, and by having the server's firewall on 'fail2ban' is able to work which I like to have working so I don't want to just turn off the server firewall even though I have good security from the router.
However, when I turn on the server's firewall, the client computer cannot see the NFS server when scanning for server -- done by: clicking on "Choose" next to "NFS Server Hostname" when adding an NFS share in the NFS Client in YaST. Clearly something is being blocked even though I have both "NFS Client" and "NFS Server Service" allowed in the server firewall. The Firewall config. files for these are below.
The Firewall configuration is pretty much "out of the box". That is I have the services I need opened up for the external zone, the other zones are left at their default which means the internal zone, although not used (i.e.: attached to any interface), is completely open.
The perfect solution I guess would be to setup my client computer to connect through a different NIC (perhaps eth0), make that the "Internal Zone" and therefore allow all traffic through to it while still blocking the server from the external zone. However, I cannot make that physical change to my network for now so I am looking for an in between (non-perfect) solution.
In this case I am guessing that means opening up extra NFS ports to the external zone so I have full NFS functionality. I don't mind this because like I said, the router firewall is the main line of defense anyway.
So, given all of the above could someone tell me what I would need to additionally open up in the server firewall to make the NFS server detection work on the client while the firewall was on. Or, if you have a cleverer/better solution without me changing my physical network that would be great.
Hopefully I have written this in enough detail and clearly enough so that all the parameters are clear but if not, feel free to ask me what you like and I'll try to make it clear.
Code:
## Description: Firewall Configuration for NFS kernel server.
#
# Only the variables TCP, UDP, RPC, IP and BROADCAST are allowed.
# More may be supported in the future.
code....
View 6 Replies
View Related
Jan 31, 2010
I need to know the procedure to setup VPN between two network. i setup openvpn access server to do this easy. 1. Step by step procedure to setup VPN 2. Setup VPN with DHCP 3. How to check that open vpn is running successfully.
View 1 Replies
View Related
Apr 1, 2010
story is my brother is a dindows lover (gamer) and hes been gettin attacked by virus's,etc cause he runs his Vista setup with no firewall or antivirus
He says the firewall,etc slows down the PC too much for gaming He doesnt want to use Linux as his games wont play on Linux as on dindows
He wants to know if you can install a Linux firewall/gateway or whatever into his Linksys WRT54GC router and thus protect his PC without using a firewall or av in it.
EDIT: precisely; he has a Linksys wireless-G connected to a always-on Verizon Westel 6100G modem so its a wired connection, not wireless
View 6 Replies
View Related
Sep 28, 2010
1.Making a Home server connect using ssh tunnel to a remote server ( to bypass proxy )
2. Making the home server accept connections as a gateway and forward anything that comes to it to the ssh tunnel connection of the remote server.
3. Making any client that puts the home server as a gateway in the network configuration gets a the tunnel connection to the remote server.
Home Server: ubuntu
Remote server: ubuntu
View 1 Replies
View Related
Jul 8, 2010
Most of my work happens in a terminal, so I need a clear, readable font. I've settled a while ago on Terminus [URL]..., which works wonders for me. I added XTerm*faceName : Terminus in my ~/.Xdefaults, and I do get the Terminus font. Unfortunately, a lot of Unicode glyphs are missing (mathematical symbols, greek and hebrew letters), displaying as little square blocks instead.
If I remove the faceName entry, the default configuration seems able to display most of the glyphs (including math, greek, hebrew, runic, and whatever else), but the default font is much harder to read.
A google search hints that it should be possible to use Terminus as the default font, and fallback to (an)other one(s) for missing glyphs, but provides no further explanation. I've seen documentation that recommends Bitstream Vera Sans as a fallback, but it lacks the glyphs I need too; I don't know how to identify the default font used by xterm either, I had a look at /usr/share/X11/app-defaults/XTerm, but all I can find are generic references to old pre-fontconfig font names.
Using Gentoo Linux, fontconfig and xterm are up to date, USEs trutype and unicode enabled, X.Org server 1.6.
Edit: I alternate between Ratpoison, Awesome and XMonad, without a desktop environment.
View 1 Replies
View Related
Jun 15, 2011
I have set up a Ubuntu 10.10 server. I have been using ssh tunnels to encrypt my web traffic at public wifi. I am trying to make this server as secure as posible so I enabled ufw. I allowed SSH and HTTP traffic in and denied everything else. But when I do that I can not use SSH -D because when I try to visit a webpage it does not load and I get the following.
Code:
uname@mybox:~$ channel 3: open failed: connect failed: Connection timed out
^C
uname@mybox:~$ fclchannel 4: open failed: connect failed: Connection timed out
^C
uname@mybox:~$ exit
logout
What do I have to do to allow ufw to allow ssh tunnels through?
View 4 Replies
View Related
Apr 25, 2010
I would like to have a sms gateway that is sending sms without using a cellphone(GMS) on my side.
Is there a pack that can be used this way?
View 1 Replies
View Related
May 18, 2010
I am learning to setup firewall in my home for that i have selected four system(sys1,sys2....sys4) for testing .I have configured sys2 to act as a firewall with two NIC. sys3 and sys4 are inside the firewall . sys1 is not connected to firewall for testing purpose.
the IP assignments are follows :
sys1 : ( fedora, not connected to firewall i am thinking, But i am not sure )
IP : 192.168.2.1 ,
gateway : blank
dns1 : blank
dns2 : blank
sys2 firewall ,IPTABLES )
code....
what happened is that sys1(not connected to firewall) can ssh to sys4(connected,inside firewall),since the rules are written not to ssh form sys1 to sys4..
then I came to know whatever the request I give, It directly goes as sys1 --> sys4. Not as sys1-----> sys2(firewall)---> sys4 .and the firewall is not filtering and processing anything for both inbound and outbound (i think it's my mistake some where). the requests are directly going inside without firewall.
View 3 Replies
View Related
Feb 23, 2010
After editing my network connections gateway setup as 192.168.1.1 I get back 0.0.0.0 after I run nm-tool. I'm using Ubuntu ver 9.04 setup on my VMware server.
View 1 Replies
View Related
Jan 25, 2010
For some time now, I'm having some problems with configuring an NFSv4 server to let it work with a firewall. I've already searched to web, but I was unable to find a solution that works for me.
The situation is as follows:
I'm trying to connect an NFS client to an NFS server that is behind a firewall. I don't have access to this firewall, but I can contact the administrator to open some ports for me. I already did this for opening port 2049.
The result is that the client can read files from the server, but is unable to write files to the server. I believe that for writing an extra RPC-connection needs to be set up. However, the ports on which the RPC-connection is set up, seem to be different for every connection (I verified this using 'netstat -tn').
Clearly, this is a problem since the server is protected by the firewall.
Thus, what I want to do is configure the server in such a way, that it always uses the same server-side port(s) to connect with the writing clients (just like 2049 for reading). I've already tried to configure the /etc/default/nfs-kernel-server and /etc/default/nfs-common files, but that hasn't really worked out yet.
Note: Because I don't like to contact the system admin every day, I hooked up 2 computers (client/server) on which I set up the same configuration (without the firewall). I'd like to see it working on those machines first (that is, 'netstat -tn' showing the correct port), before I contact the admin to open some extra ports.
View 2 Replies
View Related
May 17, 2009
Our firewall (debian) currently has 4 public ip addresses (eth0 1.2.3.4, eth0:0 1.2.3.5, eth0:1 1.2.3.8, eth0:2 1.2.3.9) and 3 internal subnets (eth1 10.1.x.x, eth1:0 10.2.x.x, eth2 10.7.x.x). We are experiencing the following two problems which I believe have the same root cause. 1) The firewall cannot access beyond the isp gateway (1.2.3.1). 2) From externally, we can ping eth0 with no trouble, however, pinging the eth0:0, eth0:1 and eth0:2 interfaces have results similar to the following:
Code:
PING 1.2.3.8 (1.2.3.8) 56(84) bytes of data.
64 bytes from 1.2.3.8: icmp_seq=2 ttl=57 time=59.0 ms
64 bytes from 1.2.3.8: icmp_seq=2 ttl=57 time=63.0 ms (DUP!)
64 bytes from 1.2.3.8: icmp_seq=13 ttl=57 time=59.3 ms
64 bytes from 1.2.3.8: icmp_seq=13 ttl=57 time=63.0 ms (DUP!)
64 bytes from 1.2.3.8: icmp_seq=24 ttl=57 time=62.0 ms
64 bytes from 1.2.3.8: icmp_seq=24 ttl=57 time=65.6 ms (DUP!)
I get the feeling that I'm missing something obvious, especially since all traffic on the internal subnets can access externally as normal.
View 4 Replies
View Related
Aug 1, 2009
I got 2 servers, each on different locations (server 1 and server 2). I want all traffic on server1 included web browsing, applications etc., be always going through server2, like a gateway. I want the traffic to be encrypted (maybe use VPN?) So if I browse, or any logs pick up ip adresses from applications used by server1, I want it to display the IP address from server2 (Might be the wrong way to say it).
I always wants server2 to act as an firewall and logserver that logs all the traffic. I was thinking about using Snort for IPS/IDS solutions and OpenVPN for the traffic, but what can I use as a firewall? Most firewalls I find on google has its own OS/Distribution. Maybe Squid for logs? But squid does not support much protocols. Distribution on both servers are updated Debian/Ubuntu based.
View 3 Replies
View Related
Jul 3, 2011
I have a Bubba Two headless PC box and on it a Debian GNU/Linux Squeeze operating system.
I have upgraded my Bubba Two [URL]to Debian Squeeze from Debian Etch following these steps: Running Debian lenny or squeeze on Bubba Two [URL]
After this upgrade I have setup networking on Bubba following these steps: Setting up networking [URL]
In the case [URL] doesn't work, here are these steps:
[Code].....
View 5 Replies
View Related
Jul 20, 2011
So what I want to do is setup a gateway(or router, idk what Ubuntu refers to it as.). So my set up would be Modem>Server>Switch>Router. I know that I need to set up it up as a DHCP server as well. I would also like to setup it up as a firewall too. I already have two Gbit cards that are already configured. So how do I do this? I already tried one tutorial, but it was old and was for Debian. I also installed ebox, but I couldnt figure that out either.
View 1 Replies
View Related
Jul 20, 2011
I want to do is setup a gateway(or router, idk what Ubuntu refers to it as.). So my set up would be Modem>Server>Switch>Router. I know that I need to set up it up as a DHCP server as well. I would also like to setup it up as a firewall too. I already have two Gbit cards that are already configured. So how do I do this? I already tried one tutorial, but it was old and was for Debian. I also installed ebox, but I couldnt figure that out either.
View 2 Replies
View Related
Sep 20, 2010
I did a search and came up with many different opinions and suggestions, and I could not find any similar threads for this (if there is I must apoligize in advance and did not look hard enough). I am trying to create a backup schedule for client computers and servers; and I would like your opinion on what I came up with. Here is network infrastrusture setup:
16 client computers
6 serevrs
- Primary and Secondary Web Server (RAID 1)
- Primary and Secondary Domain Controller (RAID 1)
- File/Print Server (RAID 5)
- Backup Server (RAID 1) with USB 2.0 1TB External Drive
Of course I will evetually upgrade to Tape Drives, but I am saving up for that. Anyways I want to backup ALL client computers, Primary Web and DC server, and File/Print Server. This will be done (of course) on the Backup Server) Here is the schedule:
[Code]..
View 2 Replies
View Related
May 17, 2010
I'm currently trying to install TSM backup client 5.5.2 and getting dependency errors when i do the following rpm -i TIVsm-API.i386.rpm
[Code]...
linux version : Linux version 2.4.9-e.27smp (gcc version 2.96 20000731 (Red Hat Linux 7.2 2.96-118.7.2))
View 1 Replies
View Related
Apr 18, 2011
I have 2 linux servers in different locations. I need to setup a ip tunnel. I follow this steps on both servers:
Server1: ip tunnel add tun0 mode ipip local IP_Server1 remote IP_Server2 dev ethX ip l s tun0 up ip a a 10.10.10.1 peer 10.10.10.2 dev tun0
Server2: ip tunnel add tun0 mode ipip local IP_Server2 remote IP_Server1 dev ethX ip l s tun0 up ip a a 10.10.10.2 peer 10.10.10.1 dev tun0
After creating the tunnel everything is ok, but after a time(maybe some hours), I can't ping the other end of the tunnel (ping to IP_Server1 and IP_Server2 is ok all the time; the connection to internet is very reliable). I have tried "ipip" and "gre" mode, but same result. If I ping from two servers the other end of the tunnel, the connection is again established for some hours and ping is working in both directions.(if I ping only from one side the ping is not working) How can I resolve this issue for no longer having to log on both servers to ping the other end of the tunnel? If I use an crondjob to ping the other end of the tunnel at 2 hours everything is working fine for weeks, but I need other solution.
View 5 Replies
View Related
Nov 26, 2010
Calculating the available bandwidth methods IGI/PTR,PATHLOAD,SLOPS,PACKET PAIR...
I gone through above methodogies ,when i finish one methods(IGI/PTR) i came to know,one application should run in client side and another application should run in server side (i.e,) Internet Service Provider side,
In IGI/PTR method ./ptr-client.c & ./ptr-server.c is there .,if we want available bandwidth,I Should run ./ptr-client.c (in myside)correspondingly ./ptr-server.c then only we wil get a availble bandwidth...
My need is without run any application on the server side ./ptr-server.c like that,but I should develop the application only on client side (in my routerside based on linux)..
1:whether it is possible to get the available bandwidth run application in client side only?.if possible. how i implement the code in client side( only )for getting the available bandwidth ...whether any source code is available?...
I dont want to test the speedtest.in (in GUI )
View 1 Replies
View Related
Nov 23, 2010
i'm unable to see some musicvideos on videos in germany trough copyright restrictions. i can see these videos by using a tunnelservice, but it isn't very comfortable.
in that case, i have to copy the url and paste it at the end of the tunnelservice url. a lot of stupid work.
my problem is, that i haven't enough experience to automate these actions.
i think, that i have to modify the url befor it goes to the server. there must be somewhere in the osi stack a place where i simply can modify that url with a regex but i don't know where
View 4 Replies
View Related
Jan 6, 2011
I have hundreds of thumbnail images and I need to display on the client side one name only for each when the visitor passes the mouse over them. The only way I know (using frames in this case) is to use a script similar to the following:
<a href="" target="" onMouseOver='top.nav3.location="not/notecome.htm"' onMouseOut='top.nav3.location="nav.htm"'>
But this involves creating a full and w3c correct HTML document which looks like an over-kill of the problem.
Is there a simpler way to solve the problem? If not, is it acceptable to use a truncated HTML document comprising only the necessary tags to make it work on the test machine (<html><body><.....onMouseOver.....></body><?html>
Or a way to display the content of the "alt" tag (I can put that name there)?
In the worst case, I could use the javascript "Alert" but it does not fit esthetically and it needs one mouse click from the visitor. Is it possible to make one's own "Alert" picture and how?
View 3 Replies
View Related
Jul 23, 2011
So im trying to get an icmp tunnel setup using ptunnel. When I run it under the same network and use to connect to RDP, it works fine, however when go outside my network and connect in, it does not get anywhere. I can confirm that I have forwarded ICMP packets to the server (if I ping the external ip it will show the status of the server if I unplug it) and that the server is showing signs of registering it.
On the client it just tries to resend the packet "Resending packet with seq-no 0" Over and over Firewall is off for testing so thats not the issue.
View 2 Replies
View Related
Nov 26, 2010
Calculating the available bandwidth methods IGI/PTR,PATHLOAD,SLOPS,PACKET PAIR...I gone through above methodogies ,when i finish one methods(IGI/PTR) i came to know,one application should run in client side and another application should run in server side (i.e,) Internet Service Provider side,In IGI/PTR method ./ptr-client.c & ./ptr-server.c is there .,if we want available bandwidth,I Should run ./ptr-client.c (in myside)correspondingly ./ptr-server.c then only we wil get a availble bandwidth...My need is without run any application on the server side ./ptr-server.c like that,but I should develop the application only on client side (in my routerside based on linux).. 1:whether it is possible to get the available bandwidth run application in client side only?.if possiblehow i implement the code in client side( only )for getting the available bandwidth ...whether any source code is available?
View 2 Replies
View Related
May 26, 2010
I would like to be able to mount a share served by my mac os X machine(10.6.1). I have read the Ubuntu community doc on Ubuntu samba clients.It didn't say what to do when using dynamic LAN I.Ps.I understand the way to go is to use avahi on the client side(Ubuntu) and Bonjour on the server side(mac os 10.6.1).I can't find anything about how this is done.What do i need to do to set up the client side(Ubuntu) to use avahi with SAMBA?.Because in the Ubuntu community doc it just referenced /etc/hosts, which is for static I.Ps.So i'm assuming that SAMBA on Ubuntu doesn't use avahi by default.All i need to know is how to set up the client side of SAMBA on Ubuntu when i'm using dynamic LAN I.Ps.
View 5 Replies
View Related
