Ubuntu Networking :: Setting Up IPSec VPN Server On 8.10 LTS To Work With IPhone Clients?
Apr 3, 2010
I've searched through google, and all I can find are instructions on how to set up a L2TP/IPSec VPN that works with macs and iPhones. I'm NOT trying to set up an L2TP/IPSec VPN. I'm trying to set up a pure-ipsec vpn.
The iPhone IPSec client is a built-in cisco client, I believe. I'm staying away from L2TP and PPTP because I need multicast packets to go through. *edit: wow, i just noticed that the title says "8.10 LTS". Oops! I obviously mean "8.04 LTS". Gah, the lack of sleep got to me.
View 6 Replies
ADVERTISEMENT
Aug 6, 2010
As part of the project I'm working on, I need to set up a server with IPSec authentication only connections to a large number of low bandwidth clients. I'm making use of the PF_KEY interface to populate the keys on the server and while prototyping things I've found that the initial setup is taking longer than I had expected. At the start of my test, entries are being added to the database at a rate of around 30/second, but as time goes on this is dropping significantly. I ran a test up to around 100k entries and by then the rate had dropped to 10/second. It's key to me that if I reboot my server that the Security Associations can be repopulated in a very short period, so I do genuinely need this to be much faster.
Two questions:
1) Does anyone have any experience of running with a large number of SAs set up, and if so what sort of setup rate did you get?
2) Are there things I can do to speed up the provisioning of these SAs? I'd really like to see a rate in the thousands per second.
We've been doing the prototyping on the 2.6 kernel.
View 1 Replies
View Related
Jan 30, 2010
I'm trying to give some windows users a permanent connection to a samba share behind a firewall over the public Internet. I know I can give them access with something like winscp (which they have done) but really I'd like to do it with a VPN so it seems seamless to the user. However I have no idea how to set up the server to support this and am finding the documentation a bit confusing. The samba share is on a Debian box and the firwewall is a Linksys WRT54GL.
View 1 Replies
View Related
Dec 15, 2010
On my server I've a OpenVPN gateway and a DNS bind9 serveur At the moment, OpenVPN send opendns address to the clients and it works fine. I would like to use my DNS server for my clients to work with any DNS address. Here is OpenVPN config :
[Code].....
View 1 Replies
View Related
Apr 6, 2011
I've been looking around at how to set up a VPN server on an Ubuntu box that I can connect to from wherever from an iPhone.What I'm looking for is something like this: [URL]but it did not work (Connecting errored out).I've heard of OpenVPN, but will that allow me to directly connect from my iPhone to my home network?
View 3 Replies
View Related
Jan 31, 2010
I'm trying to setup a server at home, it has some practical implications, but largely it is just to take a stab at it. But I need the help of someone with more experience than I in defining exactly what I'm looking to do.
Here's what I have: old PC running Gutsy server connected to router. Several laptops at home connected via wifi to router. All laptops running either Windows or Ubuntu. Here's what I'm looking for: The server centralizes file storage for all clients. I would likely incorporate a RAID and some synchronised imaging of the files. I also want the server to create disk images of the clients hdd, regardless of client OS.There would also be some shares that would be publicly accessible (myself and friends accross the country would be able to access the same drive).
So I was thinking something like what corporate environment would be nice, you log into a profile that exists on the server. Like a dumb client...all data would be stored on the server. But I'm thinking that's more like a network boot and wouldn't work via wifi (or would it?). Also that wouldn't lend itself well to laptops used on the road in areas without net access. now I'm thinking each client would have its own locally installed OS, and they would just access networked shares. I could store sensitive files on the shares, but that wouldn't provide complete backup solution for each client.
Without rambling on anymore, anyone care to throw out some ideas? I'm really just looking to see if I can do what I want. The focus is on centrallizing files, securley backing up data and client OS's and ability to restore said images quickly.
View 3 Replies
View Related
Apr 8, 2011
I'm running several Ubuntu servers with LTSP thin clients in our classrooms. It's been a royal pain trying to get them to synchronize time properly.Currently I'm looking at 7 client's login screen and each one has different time. It's frustrating and I've done all the reading I could in regard to NTP and LTSP with time, etc.I'm trying to even set NTP to point to an external server, but my thin clients don't get that setting for some reason. They still pick whatever time they want to present to the end user. Once the user logs in, the time seems to be fine. It's just at the login screen.Since I'm no expert on NTP I figured I'd ask to see what users here thought.
EDIT - I was told that the GUI version of Ubuntu handles NTP at System-Administration-TimeAndDate. Is this true? I was told my /etc/ntp.conf file is empty because that file is only used in the server edition of Ubuntu.
View 9 Replies
View Related
Mar 24, 2010
I'm setting up a loopback server for work related testing. I have a small program that needs to be executed through telnet from about 200 IP's on the same network. On the server, I have to set a static ip, enable telnet login, and place my 2 program files in the appropriate folders so it will run. I have been on this for 2-3 days and haven't got far.
My /etc/Network/interfaces file is this...
Auto lo
iface lo inet loopback
The rest of terminal is filled up with these, and it states that the file only has 32 characters. I don't know if this is a privilege issue or not. I've read several threads on telnet, and lots of arguments about ssh, but I can't run ssh, so I need to enable telnet. There is not a security issue. I run a private network where the only valuable resource would probably be the text file with my IP address on it. Its also accessed by people that have very limited networking knowledge and no linux knowledge...
So,
Set static IP
Setup telnet server...
Any takers?
View 3 Replies
View Related
Apr 27, 2010
So I can't get the bluetooth tethering to work still! I have been trying for about 2 weeks. The phone pairs, in blueman I set the phone as a trusted device and click network access point. It then flashes up on the iPhone tethered with the blue banner. Blueman says it is connected. But no net access. Network connections shows no new connections either. Weird, I thought it would appear in there. Is there anything I can do to force it to add the bluetooth link as a network connection?
View 9 Replies
View Related
Feb 20, 2011
I have an iPhone and I am trying to get Internet tethering to work. I know tethering works on the phone as I successfully got it running under windows. I followed the instructions at the following site
[URL]
I ran the following commands
Firstly I installed dependencies with yum:
yum install libimobiledevice libimobiledevice-devel git gcc
Next I downloaded and compiled ipeth. Note: to do this I also had to install kernel headers, I also had to edit the ipheth.c file as per the instructions on the site for fedora 14 (see below for more)
git clone git://github.com/dgiagio/ipheth.git
cd ipheth/ipheth-pair
make
sudo make install
cd ../ipheth-driver/
sudo make install
[Code]....
This allowed me to successfully make the kernel driver. Once this was made I also copied the config file for the kernel driver to /usr/modipheth.d folder as per the readme instructions in the ipheth*folder.
When I type modprobe ipheth it doesn't state it's an incorrect command. I then plugged in my iPhone. Fedora detected it was plugged in and loaded the iPhone logo on the desktop. Internet tethering is turned on within the phone, however network manager does not see it as a device.
View 1 Replies
View Related
Jan 13, 2010
I have an FTP server which is linked to a user account in a chroot jail and I have disabled anonymous access (anonymous_enable=NO). I can FTP into this server from Windows command line FTP client and every other FTP client I have used with no problems.
However, I have been trying to access it via a web browser (firefox) using ftp://<server name>. This connects and prompts me for my login details, which I enter as I should. But then I get a 425 connection error.
In my /var/log/secure log, I see the entry: -
Why is Mozilla Firefox trying to connect as an anonymous user when it has already prompted me for my login details?
View 8 Replies
View Related
Oct 20, 2009
Don't work nslookup from clients guest OS.I have LinuxMint 7 and I'm installed VirtualBox on her. I created three guests OS. Two CentOS and XP
Name
The first CentOS linux1.starline.ca
The second CentOS centos.starline.ca
The third XP xp2.starline.ca[code].....
On the clients guest OS nslookup don't work. It write : timed out; no servers could be reached .What is going on? Why nslookup don't work from clients guest OS?On client machine in the file /etc/resolv.conf have record ameserver 168.135.88.2
View 2 Replies
View Related
May 15, 2010
the mail server itself will receive mail, that part works. i'm using dovecot imap to grab my mail, that works. but if i try to send mail from my iphone using an account on that server it doesnt work. this is what i see in syslog: May 15 07:14:52 coax postfix/smtpd[1432]: NOQUEUE: reject: RCPT from mobile-166-137-139-003.mycingular.net[166.137.139.3]: 450 4.1.8 <eppo@customconnexions.com>: Sender address rejected: Domain not found; from=<eppo@customconnexions.com> to=<xxxxxxx@aol.com> proto=ESMTP helo=<[10.25.15.47]>
View 1 Replies
View Related
Jun 21, 2011
I got a request today from someone on the software development team that reads as follows: Quote: According to RFC 4409 client mail submission to an email server is supposed to use port 587. Server to server SMTP relays are to use port 25. When I am not on site, I can't email via my work account via my iPhone or my residential internet because my ISP(s) filter port 25 to only allow traffic to and from their mail servers. They do however allow 587 anywhere per RFC 4409. Just to send this email I am having to relay off my own server in California. get the proper ports opened on the mail server? [URL] So my question now is I'm wondering if my Postfix server isn't properly configured? Right now it's listening on the following ports:
[Code].....
View 1 Replies
View Related
Aug 3, 2010
I've been having this problem since 10.6 released, but have until now been successful with the "just use Thunderbird" response. My sendmail server hasn't been changed, but as clients upgrade from OSX 10.5 to 10.6 suddenly mail.app will no longer connects to send SMTP messages through the server. (IMAP connections to the same server using the same user/pass combinations work perfectly) When I look at the logs, things basically stop right after the STARTTLS command.
Google indicates alot of people are having similar problems, but I'm not seeing any solutions. Do any of you administrate sendmail servers where some of your clients are using Apple's Mail.app on Snow Leopard, and if so what settings are you using? At this point, I'm happy to make changes to the server to accommodate Apple's issue, I have too many Mac users connecting to my server. I just can't figure out what to change. I've enabled virtually every possible login authentication combination, and none of them work.
View 1 Replies
View Related
Oct 27, 2010
My world of open source collided sharply with my current phone (from a company named after fruit). It's closed source is making me crazy. I was shipped one with an os that is laborious to jail break - so for now I am looking for a work around. Anyone have any luck setting up the nx web companion and using it on the phones browser? Ububtu 10.04 64 bit.
View 2 Replies
View Related
Jan 17, 2011
Connection from MANY VNC clients to ONE Server?
View 3 Replies
View Related
Oct 28, 2010
Code:
DMZ
Server--Router0--Modem0 ISP2--Modem3--Router3--Client3
/
Client1--Router1--Modem1--ISP1--WAN
/
Client2--Router2--Modem2 ISP3--Modem4--Router4--Client4
The Server in the above diagram can be accessed by Client3 and Client4 but not at all by Client1 or Client2. Router0 specifies the Server as a DMZ Host. I would be more specific but this is not my server. I don't use a DMZ, I forward ports when they are needed. In this case I represent ISP1 and the server belongs to a befuddled client. Client1 & Client2 can send packets to each other, no problem. Could the DMZ be breaking communication between the Server and Clients 1 & 2?
View 1 Replies
View Related
Jan 7, 2010
i have successfully setup PPTPD on my server and I can open a VPN tunnel but my clients can only ping the server's IP, they don't have access to the internet through the VPN.
i have searched different forums and understand that I have to create a route on the server to route packets between the VPN interface and my internet gateway, but I didn't manage to get this work.
here is what my setup looks like:
Code:
root@r31495:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:1c:c0:c7:13:35
inet addr:94.23.197.XX Bcast:94.23.197.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
[Code]....
View 9 Replies
View Related
Jun 21, 2009
I'm setting up a network for a school. The network has 11 client computers (windows xp) and a server (fedora 10) All I need to do is have a share for all the children to use. (this I did by adding each client to the workgroup specified on samba then I just map the drive). The issue turns out to be that I have over 300 users. The users don't always use the same computer therefore I need the users to be registered on all 11 clients. How can I do this? I have been searching and I've not gotten anywhere. How can I add the computers to a domain instead of a workgroup? What can I use?
View 1 Replies
View Related
Dec 30, 2010
I'm trying to get a pptp server up and running. The server starts just fine, but encounters errors when a client tries to connect.
Code:
CTRL: I wrote 32 bytes to the client.
Dec 29 23:27:48 frankenstein pptpd[9402]: CTRL: Sent packet to client
Dec 29 23:27:48 frankenstein pptpd[9403]: CTRL (PPPD Launcher): program binary = /usr/sbin/pppd
[code]....
I assume the failed read line is the culprit. I am currently running on a test machine. There is no firewall. I read on this error points to a firewall misconfiguration, but there isn't one.
View 1 Replies
View Related
Sep 28, 2010
I've been the las 4 days setting up my first VPN (OpenVPN bridged). The server is up and running OK but when I try to connect I've got this message in the client log.
Quote:
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
[Code].....
View 4 Replies
View Related
Jul 22, 2009
I am having FC11 with an HP prineter attached my firewall is disabled I trying to print from my laptops after I have setup samba and shared the printer , It was working fine when I was installing FC4 and FC5 I am not sure what is missing when I tried to print from the XP box I got "Test pge failed to print" error what I have really noticed in the xp and vista box is that when I go to the printer settings inside control panel , pressing the ports tab and checking to what port I am printing I see that the port "\samba-serverprinter" is not created there this is the log
[code]...
View 1 Replies
View Related
Jan 8, 2009
I can't seem to get the X server to allow access from clients on other hosts. (I know, not exactly a network problem, but. I made the change in /usr/share/gdm/defaults.conf to be : DisallowTCP=false
and this worked on another CentOS system, but it hasn't fixed it on this one. What other things could prevent other clients from connecting to the X server? From the local host, I get :
Warning: Tried to connect to session manager, Authentication Rejected, reason : None of the authentication protocols specified are supported and host-based authentication failed although the client DOES actually create the window and work! So, maybe this message is a clue.
From the remote host, I get : Error: Can't open display: 10.10.1.20:0.0 Which is not terribly informative. Is there a log somewhere which details why a connect request was denied? The files in /var/log/gdm are not very informative.
View 2 Replies
View Related
Oct 4, 2010
I'm having really weird and frustrating DNS issues with my clients unable to properly resolve the server's ip address. They can resolve each other's, and outside systems, but not the server - at least, not correctly, and not all the time.
I have one Ubuntu server set up that does both DHCP and DNS serving to the Windows systems. The server has DNS forwarding turned on to forward to OpenDNS's servers (I've tried using my ISP's dns servers but the problem remains).
The server is *not* set up as a firewall; I am actually using a DLink router for that, and the Dlink is *not* set up to serve up DHCP nor DNS.
What I am getting is that my clients - and there are nothing but Windows clients - will not resolve the name of the server. For example, if I do: ping linuxserver
I get back a false IP address of 192.168.0.64 (and I've seen once a 192.168.2.49).
If, however, I put a dot in there: ping linuxserver.
I get back the *correct* IP address of 192.168.0.2, and thereafter, ping'ng linuxserver without the dot will work. Until the dns cache expires, either naturally or with ipconfig /flushdns on the windows clients.
The client *are* getting valid dhcp leases and can resolve everything happy-happy, they just will not get the proper address of the server 100% of the time.
View 4 Replies
View Related
Mar 10, 2011
I have an Edubuntu server with two nics joined to the primary windows domain and I can log on with domain credentials and everything is AOK. I used LikewiseOpen 6 to join the server to the primary domain. So, on my Edubuntu server eth1 is connected to the primary domain and has a static IP. eth2 also has a static IP and is the DHCP for the thin client subnet, connected to a switch. IP forwarding is enabled.
DOMAIN - eth1 - Edubuntu Server - eth2 (SUBNET) - switch - clients
So far, so good: I can log on the thin clients with one of the local accounts specified on the Edubuntu server and with that account I can surf the net and, if I supply domain credentials, browse the primary domain. Problem I have is:
I can't work out how to log on to the primary domain with a Active Directory account directly from a thin client. If I try DOMAINuser to log on, after giving the password, the password screen refreshes and 'domainuser@11.*.21.*'s password' appears under the blank password box. The IP in that message is the IP for the subnet and not the primary domain. I feel like I'm miss-understanding some basic simple step but I just can't figure it out.
View 6 Replies
View Related
Dec 10, 2009
My 32-bit Ubuntu 9.10 [Karmic Koala] LTSP server has two NICs, one with Dynamic IP set by a DSL modem and the other with static IP of 192.168.0.254. I also have 4 thin Clients that boot from this server without any problems and another computer with Ubuntu 9.04 running some PHP programs with dynamic IP given by the same DSL modem. When I send requests to these PHP programs from thin clients, they all give the LTSP server's dynamic IP as their IP so I cannot trace who has sent this request to response back.
I actually know this is logical. Because the requests are sent by a program that's actually running on the LTSP server rather than the thin client. But my question is How can I run a program on a thin client with it's own IP? I also should mention that the dhcp3-server service running on the LTSP server has no conflicts with the DSL dhcp on the network and I know that the 4 thin clients get the IPs ranging from 192.168.1.101 through 192.168.1.104 from the dhcp3-server service. Because I can ping them while they're on. but /sbin/ifconfig on them shows info about the LTSP server.
View 1 Replies
View Related
Feb 22, 2010
I'm sure this is possible... I'm just not sure how. Yet! I have three machines. One is at home behind my firewall and has a dynamic IP. That's fine as I don't really want to open any ports on my home firewall. The second is at work sitting behind the firewall there- and I'm not even going to ask for approval to NAT an IP to my PC at work :-).
The third is in a data center far away. I only have a shell account on this server but other than that shell account not being root, I can do most anything I like with that account. What I would like to do is SSH to this server simultaneously from my home and work PCs and, via this third machine, make them talk.
This is pure geekery so it doesn't matter what they say to each other; I just want to make them talk. Maybe one uploads a file and the other just pulls down that file. Maybe one opens a FIFO on the remote server and starts writing to it while the other starts snarfing that data. In fact, I like this latter idea best, I think. How would you do it? What scripts (fired by cron if need be since I'm ostensibly away from at least one of the PCs at any given time) would you use?
View 1 Replies
View Related
Apr 8, 2010
I had configured OpenVpn on my Server.Is it possible to Configure and run IPSEC simultaneously on the Same server?
View 2 Replies
View Related
Feb 12, 2011
I've been using IPv6 on my local network and through a Hurricane Electric IPv6 tunnel. I've heard that one of the built in features of IPv6 is encryption, both scrambling the data and authenticating where the traffic came from. I've done some searching and heard of SWAN and Racoon, but some of the stuff I found is old and I would like to know what the easiest/best way to set up IPSEC for IPv6 is.
View 3 Replies
View Related