Search Results

Search found 12751 results on 511 pages for 'interface'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 282/511 | < Previous Page | 278 279 280 281 282 283 284 285 286 287 288 289  | Next Page >

  • Other Ideas to troubleshoot Cisco IPSec VPN on OSX?

    - by Tawm
    We have one user running OSX Snow Leopard who is having issues staying connected to our VPN running off of an ASA5510. His connection can die even as he's actively pushing traffic across it or if he's been idle for a period of time. Other users on Snow Leopard, Lion, XP, Vista, 7 and various linux flavors are able to stay connected for 24hrs+ without issue We've deleted and remade the connection in System Preferences Networking, ran killall racoon (kills any lingering connections) Below are the logs from the user's system.log from a connect/disconnect cycle: Oct 10 21:22:25 username racoon[8192]: Connecting. Oct 10 21:22:25 username racoon[8192]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1). Oct 10 21:22:25 username racoon[8192]: IKEv1 Phase1 AUTH: success. (Initiator, Aggressive-Mode Message 2). Oct 10 21:22:25 username racoon[8192]: IKE Packet: receive success. (Initiator, Aggressive-Mode message 2). Oct 10 21:22:25 username racoon[8192]: IKEv1 Phase1 Initiator: success. (Initiator, Aggressive-Mode). Oct 10 21:22:25 username racoon[8192]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 3). Oct 10 21:22:29 username racoon[8192]: IKE Packet: transmit success. (Mode-Config message). Oct 10 21:22:29 username racoon[8192]: IKEv1 XAUTH: success. (XAUTH Status is OK). Oct 10 21:22:29 username racoon[8192]: IKE Packet: transmit success. (Mode-Config message). Oct 10 21:22:29 username racoon[8192]: IKEv1 Config: retransmited. (Mode-Config retransmit). Oct 10 21:22:29 username racoon[8192]: IKE Packet: receive success. (MODE-Config). Oct 10 21:22:29 username configd[14]: event_callback: Address added. previous interface setting (name: en1, address: 192.168.0.100), current interface setting (name: utun0, family: 1001, address: 10.215.8.53, subnet: 255.0.0.0, destination: 10.215.8.53). Oct 10 21:22:29 username racoon[8192]: IKE Packet: transmit success. (Initiator, Quick-Mode message 1). Oct 10 21:22:29 username configd[14]: network configuration changed. Oct 10 21:22:29 username racoon[8192]: IKE Packet: receive success. (Initiator, Quick-Mode message 2). Oct 10 21:22:29 username racoon[8192]: IKE Packet: transmit success. (Initiator, Quick-Mode message 3). Oct 10 21:22:29 username racoon[8192]: IKEv1 Phase2 Initiator: success. (Initiator, Quick-Mode). Oct 10 21:22:29 username racoon[8192]: Connected. Oct 10 21:22:29 username configd[14]: SCNCController: Connected. Oct 10 21:22:29 username racoon[8192]: IKE Packet: transmit success. (Initiator, Quick-Mode message 1). Oct 10 21:22:29 username racoon[8192]: IKE Packet: receive success. (Initiator, Quick-Mode message 2). Oct 10 21:22:29 username racoon[8192]: IKE Packet: transmit success. (Initiator, Quick-Mode message 3). Oct 10 21:22:29 username racoon[8192]: IKEv1 Phase2 Initiator: success. (Initiator, Quick-Mode). Oct 10 21:22:47 username login[8200]: USER_PROCESS: 8200 ttys003 Oct 10 21:22:48 username GrowlHelperApp[160]: Periodic CFURLCache Insert stats (iters: 17240) - Tx time:0.001749, # of Inserts: 1, # of bytes written: 304, Did shrink: NO, Size of cache-file: 26624, Num of Failures: 0 Oct 10 21:25:24 username login[7367]: DEAD_PROCESS: 7367 ttys002 Oct 10 21:25:31 username login[7907]: DEAD_PROCESS: 7907 ttys001 Oct 10 21:27:32 username configd[14]: SCNCController: Disconnecting. (Connection was up for, 303 seconds). Oct 10 21:27:32 username racoon[8192]: IKE Packet: transmit success. (Information message). Oct 10 21:27:32 username racoon[8192]: IKEv1 Information-Notice: transmit success. (Delete IPSEC-SA). Oct 10 21:27:32 username racoon[8192]: IKE Packet: transmit success. (Information message). Oct 10 21:27:32 username racoon[8192]: IKEv1 Information-Notice: transmit success. (Delete IPSEC-SA). Oct 10 21:27:32 username racoon[8192]: IKE Packet: transmit success. (Information message). Oct 10 21:27:32 username racoon[8192]: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA). Oct 10 21:27:32 username racoon[8192]: Disconnecting. (Connection was up for, 302.766105 seconds). Oct 10 21:27:32 username configd[14]: network configuration changed. Oct 10 21:27:34 username login[8200]: DEAD_PROCESS: 8200 ttys003

    Read the article

  • Login problems on SQL EXPRESS using a user

    - by meep
    Hello Serverfault. First time I set up a SQL server, so I hope you can help me out. I have a problem regarding logging in using SQL auth on my SQL EXPRESS 2008. I have added a user though the management interface as you can see on the image below. But as soon as I try to login using SQL auth I get an error the login failed for the user. The server log says: Login failed for user 'zebisgaard'. Reason: Could not find a login matching the name provided. [CLIENT: <named pipe>] Error: 18456, Severity: 14, State: 5. Do you have an idea why? I have triple checked that the username/password is correct, tried to recreate the user and so much more. And all this is localhost.

    Read the article

  • Determining currently-serving files in IIS 7

    - by Nat Papovich
    serverfault showed me this topic, and I think I want to do the same thing, but in IIS, not Apache. I have a "dashboard" application I'm building and I want it to show what files are currently being served by IIS. They'll mostly all be large files. I believe that the ILogScripting COM Interface would have been one good place to start, but it's not available in IIS 7, and it relies on the underlying IIS logs for its data. And therein, I believe, lies my problem. How do I make IIS put in, essentially, two log entries, one as the request begins, and one when the connection is closed? Also, it looks like IIS doesn't "commit" log entries as they're occuring, in "real-time". There's some kind of delay/batch-job. That will cause a problem for me too. Or do I need to do something in isapi instead?

    Read the article

  • Hardware needs for video conversion server

    - by artaxerxe
    I would need to build a Linux server that will have as its main task to perform the video conversion. For video conversion, the most likely I will use FFMpeg tool. Question: Can anyone tell me if for improving this automated video conversion a video card will improve the process or not? The idea is that I will get movies at a very high quality that I will need to be converted in formats available for different devices (iPhone, iPad, etc.). That conversion will be performed through a CLI (command line interface). I will need that conversion to be done in the least time possible (ok, that's a kind of saying, not an absolutely specified short time).

    Read the article

  • What are the challenges when my enterprise desires to move the processing component of an applicatio

    - by Berkay
    Assume that i have an enterprise accounting application that consists of a front-end interface, a processing tier, and a back-end database. This is an application that contains private business data, and thus is traditionally run in a secure private network environment within the enterprise. What are the challenges that appear when my enterprise desires to move the processing component of this application to a cloud computing data center in order to achieve greater scalability or to reduce IT costs ? Pls note: do i have to make significant changes to my own infrastructure to enable external access to formerly private resources? do i have to modify the application code to handle new network topology ? thanks, if you give your answers in a simple manner, really appreciated.

    Read the article

  • Do you have any additions or alterations to this list of popular audio formats?

    - by roja
    All, I am trying to compile a list of common audio file formats used in both personal storage and peer transmission. I have compiled the following list, do you think that there are any significant formats missing? Are any of them not actually common formats? Any advice/alterations are highly useful. advanced audio coding, apple lossless audio file, atrac3 audio file, atrac audio file, audio interchange file format, core audio file, free lossless audio codec file, mpeg 1 audio layer 3, mpeg 2 audio, mpeg 4 audio book file, musical instrument digital interface, ogg vorbis compressed audio file, open media framework file, real audio, real audio media, waveform audio file format, windows media audio Kind regards, Roja

    Read the article

  • Disabling file permissions on NFS share

    - by user41377
    I am trying to set up a nfs share for use by non-technical users, and really don't want file permissions messing things up. Everyone should be able to read/write anything on this share without even knowing what file permissions are, much less adjusting them. Is there a way I can just make the nfs server write everything as 770 or something? It seems like this should be easy, but the best I can come up with is a cronjob to periodically set them to that, which is far from ideal. The server is a Netgear ReadyNAS. Ideally I would like to stick to doing stuff from within the web interface on it, but I can just root it if needed.

    Read the article

  • How to share internet connection on Mac os x to Virtualbox vm's using Host-only

    - by redben
    In one line : is the following possible : Airport <- osx bridge - vbox-Host-only - vm's On a mac os x, i have virtual box with a virtual machine. For now i have configured 2 interfaces for my virtual machine eth0 is normal bridge for my vm to acces the internet (when airport is connected) eth1 is set to host-only so i can access my vm from the host when there is no wifi/aiport is down. So basically it's like Adapter 1 when there is Wifi, Adapter 2 when there is not. I'd like to have only one configuration to make it simpler. I thought i could just keep the Host only configuration, and on the host (os x) go to internet sharing and select "share from airport" to vboxnet0 (the vb virtual interface). Only to find out that vboxnet0 dosn't show up in the interfaces list on os x preferences. I know that on a linux host you could install something called bridge-utils and use that to bridge the two insterfaces. Is there any thing like that for Mac ?

    Read the article

  • VLC Media Server

    - by Josh
    We are using VLC on ubuntu, and trying to set up a streaming media server. We have the http interface working fine from remote computers, and we can also see the video playing as text if we don't screen VLC. Our problem is the output streaming. When we use the main VLC page you get when you goto the servers IP it does not save the output MRL (refreshing page it will go away, even after clicking save.) We tried to VLM page and it appears to work fine from the http page (it buffers, plays, timers go up when not paused, etc.) However, we still cannot connect remotely with a VLC client. The output parameters do save properly on the VLM page. We are noobs when it comes to this. Does anyone have a very to the point procedure of getting a file X to play and stream on ubuntu using VLC assuming VLC is installed?

    Read the article

  • Sharing an external hard drive in Ubuntu using Samba

    - by cambraca
    /media/MYDISK is where my hard drive is mounted automatically. I created a symlink using: ln -s /media/MYDISK /home/camilo/MYDISK chmod 777 /home/camilo/MYDISK I'm setting up smb.conf like this: [myshare1] comment = external disk browsable = yes path = /home/camilo/MYDISK guest ok = yes read only = no create mask = 0775 Also, in the [global] section I tried adding the following lines: follow symlinks = yes wide links = yes unix extensions = no The problem is that when browsing the shared folder in Windows 7, I get a "\\etc\myshare1 is not accessible" error. When pointing the path to a regular folder it works fine. Also, when I point it directly to /media/MYDISK, it shows the same error. EDIT: to make it more interesting, I have no graphical interface, so I need to touch the config files directly..

    Read the article

  • Mount TMPFS instead of ro /dev

    - by schiggn
    I am working on a ARM-Based embedded system with a custom Debian Linux based on kernel 2.6.31. In the final system, the Root file system is stored as squashfs on flash. Now, the folder /dev is created by udev, but since there is no hot plugging functionality needed and booting time is critical, I wanted to delete udev and "hard code" the /dev folder (read here, page 5). because i still need to change parameters of the devices (with ioctl /sysfs) this does not work for me in this case. so i thought of mounting a tmpfs on /dev and change the parameters there. is this possible? and how to do best? my approach would be: delete /dev from RFS create tar containing basic devices mount tmpfs /dev untar tar-file into /dev change parameters Could this work? Do you see any problems? I found out, that you can mount on top of already mounted mount point, is it somehow possible just to take data with while mounting the new file system? if so that would be very convenient! Thanks Update: I just tried that out, but I'm stuck at a certain point. I packed all my devices into devices.tar, packed it into /usr of my squashfs and added the following lines to mountkernfs.sh, which is executed right after INIT. #mount /dev on tmpfs echo -n "Mounting /dev on tmpfs..." mount -o size=5M,mode=0755 -t tmpfs tmpfs /dev mknod -m 600 /dev/console c 5 1 mknod -m 600 /dev/null c 1 3 echo "done." echo -n "Populating /dev..." tar -xf /usr/devices.tar -C /dev echo "done." This works fine on the version over NFS, if I place printf's in the code, I can see it executing, if I comment out the extracting part, its complaining about missing devices. Booting OK mmc0: new high speed SDHC card at address 0007 mmcblk0: mmc0:0007 SD04G 3.67 GiB mmcblk0: p1 IP-Config: Unable to set interface netmask (-22). Looking up port of RPC 100003/2 on 192.168.1.234 Looking up port of RPC 100005/1 on 192.168.1.234 VFS: Mounted root (nfs filesystem) on device 0:14. Freeing init memory: 136K INIT: version 2.86 booting Mounting /dev on tmpfs...done. Populating /dev...done. Initializing /var...done. Setting the system clock. System Clock set to: Thu Sep 13 11:26:23 UTC 2012. INIT: Entering runlevel: 2 UBI: attaching mtd8 to ubi0 Commenting out the extraction of the tar mmc0: new high speed SDHC card at address 0007 mmcblk0: mmc0:0007 SD04G 3.67 GiB mmcblk0: p1 IP-Config: Unable to set interface netmask (-22). Looking up port of RPC 100003/2 on 192.168.1.234 Looking up port of RPC 100005/1 on 192.168.1.234 VFS: Mounted root (nfs filesystem) on device 0:14. Freeing init memory: 136K INIT: version 2.86 booting Mounting /dev on tmpfs...done. Populating /dev...done. Initializing /var...done. Setting the system clock. Cannot access the Hardware Clock via any known method. Use the --debug option to see the details of our search for an access method. Unable to set System Clock to: Thu Sep 13 12:24:00 UTC 2012 ... (warning). INIT: Entering runlevel: 2 libubi: error!: cannot open "/dev/ubi_ctrl" So far so good. But if I pack the whole story into a squashfs and boot from there, it is acting strange. It's telling me while booting that it is unable to open an initial console and its throwing errors on mounting the UBIFS devices, but finally provides a login anyway. Over that my echo's are not executed. If I then log in, /dev is mounted as TMPFS as desired and all the devices reside inside. When I redo the "mount" command to mount the UBIFS partitions it is executed whitout problem and useable. From squashfs VFS: Mounted root (squashfs filesystem) readonly on device 31:15. Freeing init memory: 136K Warning: unable to open an initial console. mmc0: new high speed SDHC card at address 0007 mmcblk0: mmc0:0007 SD04G 3.67 GiB mmcblk0: p1 UBIFS error (pid 484): ubifs_get_sb: cannot open "ubi1_0", error -19 Additionally, a part of the rest of the bootscripts is still exexuted, but not all of them. Does anyone has a clue why? Other question, is 5MB enough/too much for /dev?

    Read the article

  • XPP-32 over W7-64 on music production laptop

    - by quarlo
    I need to upgrade my laptop and need high performance for music production (recording and mixing). My audio interface manufacturer seems to be unable to successfully convert their drivers to 64-bit. I do not trust a virtual machine to handle real-time audio recording at low enough latency so ... I would like to install XP Pro 32-bit on a separate partition and dual boot since most of the machines that can handle this application now ship with Windows 7 64-bit flavors. I'd like to transit to 64-bit over time assuming M-Audio does eventually get a handle on 64-bit drivers, but really need to ensure that I can stay at 32-bit for now. Does anyone have any experience with this or something similar?

    Read the article

  • Thomson TG585v7 router - promiscuous mode

    - by Nikita
    I have a TG585v7 as a router with several machines plugged into it. In the default setup, the packets are only delivered to the specific machine but I want to be able to setup to monitor all network traffic on one of the machines, i.e. I need those packets to be picked up when my ethernet card is in promiscuous mode. Is this possible? Guide here has this "mcastpromisc Make the IP interface multicast promiscuous. OPTIONAL", is this what I am looking for? Does it mean I need to manually add all my machines by their MAC addresses to be able to receive packets destined for them? Or am I out of luck and I need to get a better router?

    Read the article

  • How to use iTunes USB File Transfer to copy files from PC to Apple iPad, e.g. PDF files for viewer a

    - by Chris W. Rea
    I'm interested in reading PDF-format ebooks on my Apple iPad. I have half a gig of PDFs I want to transfer to it, from my PC. I'm familiar already with loading EPUB-format titles through iBooks – unfortunately, iBooks doesn't read PDFs so I am looking at using a third-party application. I know many such third-party media viewer applications for the iPad support download from web or email, but that's a hassle. I've heard iTunes 9.1 added support for USB File Transfer, specifically for iPad devices. How does USB File Transfer work in iTunes, for transferring files from my PC to my iPad? Please provide example steps. Moderators: Please remember the FAQ's "except insofar as they interface with your computer." ;-)

    Read the article

  • CPU I/O communication part 2

    - by b-gen-jack-o-neill
    Hi, I was suggested when I have some further questions on my older ones, to create newer Question and reffer to old one. So, this is the original question: CPU I/O communication OK, I have just 2 more questions. 1, How is MMIO set? I mean, lets say I have developed some extension card with PCI interface. How do you say to memory controller to redirect desired memory space to my card´s RAM? I mean, I think standart text-mode VGA MMIO adress is 0x8000. Is this HW set (every motherboard automatically redirects 0x8000 adress to PCI-E) or its just standart and can be changed (VGA says to motherboard: give me memory mapped IO at 0x8000) 2, Can one expansion card have more MMIO connections? I mean, lets say I have card with 10 Bytes of RAM. Can Bytes 0-4 be mapped to 0x0 and bytes 5-9 to 0x5000? Please, if you know about some good article about this, please post link. Thanks.

    Read the article

  • Bridging VirtualBox over OpenVPN TAP adapter on Windows

    - by Sean Edwards
    I'm trying to configure a virtual machine (VirtualBox guest running Backtrack 4) with a bridged adapter over a VPN connection. The VPN is is hosted by the cybersecurity club at my university, and connects to a sandboxed LAN designed for penetration testing against various servers that the club has built. My host (Windows 7 Ultimate) connects to the VPN fine and is assigned an IP through DHCP, but for some reason the VM can't do the same thing, and I'm not sure why. It's like OpenVPN is filtering out packets from the MAC address it doesn't recognize. I want the virtual machine to bridge over the VPN connection, because our IT office has very strict policies about what you can and can't do on the network. I want to be able to run active attacks (ARP spoofing, nmap, Nessus scans) in the sandbox environment without risking the traffic accidentally going over the university network and getting my internet access revoked. Bridging over the VPN connection and running all attacks from inside the VM would solve that problem. Any idea why the host can use this interface, but the VM can't?

    Read the article

  • Dell powerconnect 6224 vlan routing

    - by user1007727
    I have a small network and I need help with routing .. . My VLANs VLAN 1010 SALES VLAN 1020 HR I have assigned the above vlans to a tagged port and I have added a default route to send the traffic of to my firewall. ip route 0.0.0.0 0.0.0.0 10.10.10.10 I have added a new vlan VLAN 1030 Services and I would like its traffic to go to a different interface on the firewall, 10.10.10.20 how can I go about doing that? can someone give me an example? your help is highly appreciated. Thank you

    Read the article

  • PXE Boot PCLinuxOS ISO

    - by DBNotCooper
    I'm in the process of trying to convert some computers at my local school to be diskless browser stations. We've identified PCLinuxOS as the OS we'd like to use due to it's easy interface for creating custom ISO images (we need WINE and some custom apps installed also, as well as FireFox). I've been having problems figuring out how to get an ISO to boot via PXE. In our network, I only have access to TFTP and HTTP, so I cannot use NFS. The machines all have enough memory (4 gigs) that they could use a ram drive to hold the ISO image, if that helps. Currently I've been looking at GPXE with GRUB/MEMDISK, but I don't know if that's the right solution, or even where a good resource is for setting it up. Searching the web has proved fruitless, as most of the information is either NFS-specific or out of date. The other students and I would appreciate any help! :)

    Read the article

  • Share a USB sound card over a network/bluetooth (Mac & PC)

    - by AlexW
    I've been wondering how I can stream audio to an external Edirol USB sound card, wirelessly, on both Mac and PC. I'm not looking for high quality transmission, just to play mp3s from my Mac laptop to a USB sound card that is attached to two very nice balanced studio reference monitors. Is there any way I can firstly power the sound card box, and secondly, provide with an audio stream along it's USB input. I've looked at the Belkin USB hub, and I have a Time Capsule with the AirPort interface inside. These things seem to do vaguely what I want but when it comes to audio, the specifications are less clear. Any suggestions very welcome.

    Read the article

  • Trying to set up OpenVPN server on a vps

    - by Austin
    I'm trying to set up an OpenVPN server on my VPS for myself when I'm in public places, using this tutorial, http://tipupdate.com/how-to-install-openvpn-on-ubuntu-vps/ However whenever I try to start the server, it gives me this, root@vps:~# /etc/init.d/openvpn start * Starting virtual private network daemon(s)... * Autostarting VPN 'server' [fail] The log contains this Tue Dec 11 10:53:32 2012 Diffie-Hellman initialized with 1024 bit key Tue Dec 11 10:53:32 2012 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted> Tue Dec 11 10:53:33 2012 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Tue Dec 11 10:53:33 2012 ROUTE: default_gateway=UNDEF Tue Dec 11 10:53:33 2012 Note: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2) Tue Dec 11 10:53:33 2012 Note: Attempting fallback to kernel 2.2 TUN/TAP interface Tue Dec 11 10:53:33 2012 Cannot allocate TUN/TAP dev dynamically Tue Dec 11 10:53:33 2012 Exiting So obviously it's something to do with the tun, but I don't understand how to fix it. Thanks!

    Read the article

  • SNMP counter issues with cisco RV082

    - by Chance
    Does anyone else poll this router with SNMP? We are using firmware version: 2.0.0.19-tz We are having problems with the traffic counters, some of them appear to be implemented as 16 bit counter instead of 32 bit counters. The reason this is causing problems is that they roll over (at 65,000) to 0 in less than our minute polling cycle, really skewing our metrics. The counter for the Lan (interface 2) seems to be functioning properly, however interfaces 3 and 4 (WAN and DMZ / WAN2) rollover at 65000. Tue May 11 08:38:31 EDT 2010 IF-MIB::ifInOctets.1 = Counter32: 137634 IF-MIB::ifInOctets.2 = Counter32: 1865677943 IF-MIB::ifInOctets.3 = Counter32: 12450 IF-MIB::ifInOctets.4 = Counter32: 49354 Look at counter IF-MIB::ifInOctets.4 5 seconds later: Tue May 11 08:38:36 EDT 2010 IF-MIB::ifInOctets.1 = Counter32: 137634 IF-MIB::ifInOctets.2 = Counter32: 1865836207 IF-MIB::ifInOctets.3 = Counter32: 13167 IF-MIB::ifInOctets.4 = Counter32: 12900 Any suggestions? Seems like a bug to me, however I just wanted to make sure I wasn't crazy.. Thanks!

    Read the article

  • Printer monitor software across multiple workstations (AD integrated)

    - by HannesFostie
    I was asked to see if there is any kind of (free) software that allows multiple people in an office that use the same printer to see what jobs have finished recently, which are queued and which is printing. Main reason is that sometimes multiple people have the same task where they need to print some kind of form, and they are unsure whether or not their colleague has already printed the file. Because the printer is AD integrated, they only see a short message when printing, but they do not see a proper printer queue. A simple tray icon/tool would be perfect, no real graphical user interface is required. If this turns out to be too hard to find, I will attempt to write a simple application or script for the job, but since this is a low priority job I decided to ask here first before I start messing around with scripting which isn't my forte. Thanks

    Read the article

  • SSH not working over IPSec tunnel (Strongswan)

    - by PattPatel
    I configured a small network on a cloud virtual machine. This virtual machine has a static IP address assigned to eth0 interface that I'll call $EXTIP. mydomain.com points to $EXTIP. Inside, I have some linux containers, that get their ip through DHCP in the Subnet 10.0.0.0/24 (i called the virtual interface nat ). They run some services that can be reached through DNAT. Then I wanted to connect to these containers through an IPSec tunnel, so I configured StrongSwan. ipsec.conf: conn %default dpdaction=none rekey=no conn remote keyexchange=ikev2 ike=######## left=[$EXTIP] leftsubnet=10.0.1.0/24,10.0.0.0/24 leftauth=pubkey lefthostaccess=yes leftcert=########.pem leftfirewall=yes leftid="#########" right=%any rightsourceip=10.0.1.0/24 rightauth=######## rightid=%any rightsendcert=never eap_identity=%any auto=add type=tunnel Everything works fine, IPSec clients get IPs of the 10.0.1.0/24 subnet and can reach the containers subnet. My problem is that I'm not able to get SSH connections over the tunnel. It simply does not work, ssh client does not produce any output. Sniffing with tcpdump gives: tcpdump: 09:50:29.648206 ARP, Request who-has 10.0.0.1 tell mydomain.com, length 28 09:50:29.648246 ARP, Reply 10.0.0.1 is-at 00:ff:aa:00:00:01 (oui Unknown), length 28 09:50:29.648253 IP mydomain.com.54869 > 10.0.0.1.ssh: Flags [S], seq 4007849772, win 29200, options [mss 1460,sackOK,TS val 1151153 ecr 0,nop,wscale 7], length 0 09:50:29.648296 IP 10.0.0.1.ssh > 10.0.1.2.54869: Flags [S.], seq 2809522632, ack 4007849773, win 14480, options [mss 1460,sackOK,TS val 11482992 ecr 1151153,nop,wscale 6], length 0 09:50:29.677225 IP mydomain.com.54869 > 10.0.0.1.ssh: Flags [.], ack 2809522633, win 229, options [nop,nop,TS val 1151162 ecr 11482992], length 0 09:50:29.679370 IP mydomain.com.54869 > 10.0.0.1.ssh: Flags [P.], seq 0:23, ack 1, win 229, options [nop,nop,TS val 1151162 ecr 11482992], length 23 09:50:29.679403 IP 10.0.0.1.ssh > 10.0.1.2.54869: Flags [.], ack 24, win 227, options [nop,nop,TS val 11483002 ecr 1151162], length 0 09:50:29.684337 IP 10.0.0.1.ssh > 10.0.1.2.54869: Flags [P.], seq 1:32, ack 24, win 227, options [nop,nop,TS val 11483003 ecr 1151162], length 31 09:50:29.685471 IP 10.0.0.1.ssh > 10.0.1.2.54869: Flags [.], seq 32:1480, ack 24, win 227, options [nop,nop,TS val 11483003 ecr 1151162], length 1448 09:50:29.685519 IP mydomain.com > 10.0.0.1: ICMP mydomain.com unreachable - need to frag (mtu 1422), length 556 09:50:29.685567 IP 10.0.0.1.ssh > 10.0.1.2.54869: Flags [.], seq 32:1402, ack 24, win 227, options [nop,nop,TS val 11483003 ecr 1151162], length 1370 09:50:29.685572 IP 10.0.0.1.ssh > 10.0.1.2.54869: Flags [.], seq 1402:1480, ack 24, win 227, options [nop,nop,TS val 11483003 ecr 1151162], length 78 09:50:29.714601 IP mydomain.com.54869 > 10.0.0.1.ssh: Flags [.], ack 32, win 229, options [nop,nop,TS val 1151173 ecr 11483003], length 0 09:50:29.714642 IP 10.0.0.1.ssh > 10.0.1.2.54869: Flags [P.], seq 1480:1600, ack 24, win 227, options [nop,nop,TS val 11483012 ecr 1151173], length 120 09:50:29.723649 IP mydomain.com.54869 > 10.0.0.1.ssh: Flags [P.], seq 1393:1959, ack 32, win 229, options [nop,nop,TS val 1151174 ecr 11483003], length 566 09:50:29.723677 IP 10.0.0.1.ssh > 10.0.1.2.54869: Flags [.], ack 24, win 227, options [nop,nop,TS val 11483015 ecr 1151173,nop,nop,sack 1 {1394:1960}], length 0 09:50:29.725688 IP mydomain.com.54869 > 10.0.0.1.ssh: Flags [.], ack 1480, win 251, options [nop,nop,TS val 1151177 ecr 11483003], length 0 09:50:29.952394 IP 10.0.0.1.ssh > 10.0.1.2.54869: Flags [P.], seq 1480:1600, ack 24, win 227, options [nop,nop,TS val 11483084 ecr 1151173,nop,nop,sack 1 {1394:1960}], length 120 09:50:29.981056 IP mydomain.com.54869 > 10.0.0.1.ssh: Flags [.], ack 1600, win 251, options [nop,nop,TS val 1151253 ecr 11483084,nop,nop,sack 1 {1480:1600}], length 0 If you need it this is my iptables configuration file: iptables: *filter :INPUT ACCEPT [144:9669] :FORWARD DROP [0:0] :OUTPUT ACCEPT [97:15649] :interfacce-trusted - [0:0] :porte-trusted - [0:0] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -j interfacce-trusted -A FORWARD -j porte-trusted -A FORWARD -j REJECT --reject-with icmp-host-unreachable -A FORWARD -d 10.0.0.1/32 -p tcp -m tcp --dport 80 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A FORWARD -d 10.0.0.1/32 -p tcp -m tcp --dport 443 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A FORWARD -d 10.0.0.3/32 -p tcp -m tcp --dport 1234 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A interfacce-trusted -i nat -j ACCEPT -A porte-trusted -d 10.0.0.1/32 -p tcp -m tcp --dport 80 -j ACCEPT -A porte-trusted -d 10.0.0.1/32 -p tcp -m tcp --dport 443 -j ACCEPT -A porte-trusted -d 10.0.0.3/32 -p tcp -m tcp --dport 1234 -j ACCEPT COMMIT *nat :PREROUTING ACCEPT [10:600] :INPUT ACCEPT [10:600] :OUTPUT ACCEPT [4:268] :POSTROUTING ACCEPT [18:1108] -A PREROUTING -d [$EXTIP] -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.0.1:80 -A PREROUTING -d [$EXTIP] -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.0.0.1:443 -A PREROUTING -d [$EXTIP] -p tcp -m tcp --dport 8069 -j DNAT --to-destination 10.0.0.3:1234 -A POSTROUTING -s 10.0.0.0/24 -o eth0 -m policy --dir out --pol ipsec -j ACCEPT -A POSTROUTING -s 10.0.1.0/24 -o nat -j MASQUERADE -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE COMMIT Probably I'm missing something stupid... Thanks in advance for helping :))

    Read the article

  • OpenVPN Bridge on pfsense: once LAN pings clients, connectivity breaks

    - by Lucas Kauffman
    So I'm using a pfsense openvpn to bridge my LAN segment so VPN users can access the servers. The problem I'm having now is that I can establish a connection, I can ping the LAN server from the VPN, but as soon as I ping the client from the LAN server, there is no connectivity anymore between both parties. So: connect from the VPN client to the LAN = works ping the LAN from the VPN client = works access server from the VPN (ssh, ftp,...) = works ping client from server = doesn't work ping LAN from the VPN client = doesn't work anymore My bridge has em1 and ovpns1 bridged. I noted with tcpdump that ICMP is reaching the bridge between LAN and the VPN segment. But it's not put onto the em1 interface for some reason. My pfsense is running on an ESXi host with th vSwitch port enabled in promiscious mode. Firewall rules allow in and outbound traffic regardless origin or destination.

    Read the article

  • Is it possible to mount a TrueCrypt volume to a NTFS mount point?

    - by Anthony
    The question is simple really. Under Linux etc.. you can mount TrueCrypt volumes, files or partitions, to any mount point of your choosing whereas in Windows the interface only shows drive letters. I'm wondering if I can mount the volume, a partition in this case, un-encrypted to a NTFS mount point, or folder, instead of using drive letters. The reason I ask is I am running out of letters :(. I'm using Server 2008 with the latest TrueCrypt install. Note: I know how to mount a volume directly to an NTFS folder mount point but doing so, and navigating to the mount point, prompts a notice saying the volume is not formatted - to be expected as the volume is not un-encrypted at this stage.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 278 279 280 281 282 283 284 285 286 287 288 289  | Next Page >