Search Results

Search found 4625 results on 185 pages for 'split tunnel'.

Page 1/185 | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Reverse SSH Tunnel

    - by chris
    I am trying to forward web traffic from a remote server to my local machine in order to test out some API integration (tropo, paypal, etc). Basically, I'm trying to setup something similar to what tunnlr.com provides. I've initiated the ssh tunnel with the command $ssh –nNT –R :7777:localhost:5000 user@server Then I can see that server has is now listening on port 7777 with user@server:$netstat -ant | grep 7777 tcp 0 0 127.0.0.1:7777 0.0.0.0:* LISTEN tcp6 0 0 ::1:7777 :::* LISTEN $user@server:curl localhost:7777 Hello from local machine So that works fine. The curl request is actually served from the local machine. Now, how do I enable server.com:8888 to be routed through that tunnel? I've tried using nginx like so: upstream tunnel { server 0.0.0.0:7777; } server { listen 8888; server_name server.com; location / { access_log /var/log/nginx/tunnel-access.log; error_log /var/log/nginx/tunnel-error.log; proxy_pass http://tunnel; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect off; } } From the nginx error log I see: [error] 11389#0: *1 connect() failed (111: Connection refused) I've been looking at trying to use iptables, but haven't made any progress. iptables seems like a more elegant solution than running nginx just for tunneling. Any help is greatly appreciated. Thanks!

    Read the article

  • Split Tunnel VPN using incorrect Tunnel

    - by Brian Schmeltz
    Our company has a handful of field offices that have recently been setup with a regular internet connection after we removed the T1 and router that connected them directly to our network. Now, when the users are in the office, they log in to the VPN to be able to connect to the network. For the sake of them being able to print and scan from the local multi-function we have setup a split tunnel VPN. We currently have about 15-20 users using this setup around the country without any problems. Recently one of our users started having problems accessing internal programs/sites when connecting from both home and the office. There are three other users in the same office and they do not have this problem. I assumed that it was something with the computer and went ahead and replaced it with another of the same model. The computer worked fine in our home office; however, when the user received it, she had the exact same problem both at home and in the field office. Thinking it may be a NIC driver issue I sent her another computer, this time a different model, same problem occurred. If I update the host file to point to the correct paths, things will work, and if I connect via a normal VPN connection everything works, but the user cannot scan or print - which is a problem. Have tried to find ways to create another tunnel on a normal VPN and have tried to find ways to force the correct tunnel on the split tunnel VPN. It appears that there is something related to the ISP because if I connect to Comcast or Verizon it is fine but once she connects to Insite then she has problems. I have been unable to get any support from Insite as they don't feel the issue is with them. We use a Nortel VPN client. Any thoughts or ideas would be appreciated.

    Read the article

  • Creating a secure multicast tunnel with socat

    - by ams
    How we can create secure multicast tunnels ith socat? Assume that we have a list of IP address, CIDR network addresses that we want to create secure tunnel to them. I found this: socat STDIO UDP4-DATAGRAM:224.1.0.1:6666,range=192.168.10.0/24 but I want a secure tunnel and different adds with net addrs I want to create script that give the IPs and net addresses and creates a secure tunnel ./myscript IP1 NetAdd1 IP2 NetAdd2 .... How can I send these parameters to socat? Does socat multicast have any limits?

    Read the article

  • SSH reverse tunnel to monitor and manage remote devices

    - by acid_crucifix
    I have a set a distributed set of devices running Ubuntu 12.04 that I am distributing to clients. I would like to manage them remotely. They may not have fixed IPs and potentially might be behind firewalls. What I am planning to do is have the devices (permanently connected to the net) poll a request URL and based on the response open a reverse tunnel to my server, so that I can access them via that tunnel. Most of what I read about reverse tunnel over SSH is for single use cases and very little about heavy production usage. Is there some reason for this, security issues? or stability? Any help would be much obliged.

    Read the article

  • How to tunnel port 25565 through SSH?

    - by user62389
    I want to play a game which is hosted on port 25565 (minecraft!), but my university firewall does not allow this port. I have a dedicated server running linux not too far from uni, so I think there's a way to tunnel through it (but I've never done this before and have no knowledge/experience of tunnelling) It would probably be slow, but it's better than not being able to play at all. Is it possible to do using only SSH, or do I need other client/server software? My server has OpenSSH installed. Also, the computer I'm using to play the game is running Ubuntu. I've tried searching but there seem to be so many different solutions to different types of problem =/

    Read the article

  • VoIP Tunnel Implementation for SIP Client

    - by Mahendra
    I am planning to provide an option for tunneling in my SIP client. I have tried to search on web for open-source implementation of this, but couldn't find one. My questions are: 1) If I go writing down my own custom code for implementing the feature - What are the different parameters / cases that I should consider & what should be my approach to start it? 2) Is there any open source implementation for SIP Tunneling already available? Any inputs are appreciated. Thanks.

    Read the article

  • AutoSSH for a robust tunnel

    - by Budric
    I'm trying to start an ssh tunnel from A to B and have it run despite things like: period network/wifi drops on A and remote server reboot on B. My ssh tunnel starts using upstart script on A with event start on (net-device-up IFACE=eth0) I've found autossh which is supposed to handle these kinds of things, but had some trouble getting it to work. The upstart executes: autossh -M 0 -2qTN -o "ServerAliveInterval 30" -o "ServerAliveCountMax 2" -L 5678:somehost:5678 user@B However when I log into B and kill -9 that tunnel session, autossh just exits with "Connection to B closed by remote host." That's not what I expected autossh to do. Any advice on how to set this up? Any GUI service monitoring utilities out there that essentially display a green light if a service is up? Thanks.

    Read the article

  • ASA hairpining: I basicaly want to allow 2 spokes to be able to communicate with each other.

    - by Thirst4Knowledge
    ASA Spoke to Spoke Communication I have been looking at spke to spoke comms or "hairpining" for months and have posted on numerouse forums but to no avail. I have a Hub and spoke network where the HUB is an ASA Firewall version 8.2 * I basicaly want to allow 2 spokes to be able to communicate with each other. I think that I have got the concept of the ASA Config for example: same-security-traffic permit intra-interface access-list HQ-LAN extended permit ip ASA-LAN 255.255.248.0 HQ-LAN 255.255.255.0 access-list HQ-LAN extended permit ip 192.168.99.0 255.255.255.0 HQ-LAN 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 HQ-LAN 255.255.255.0 access-list no-nat extended permit ip HQ-LAN 255.255.255.0 192.168.99.0 255.255.255.0 access-list no-nat extended permit ip 192.168.99.0 255.255.255.0 HQ-LAN 255.255.255.0 I think my problem may be that the other spokes are not CIsco Firewalls and I need to work out how to do the alternative setups. I want to at least make sure that my firewall etup is correct then I can move onto the other spokes here is my config: Hostname ASA domain-name mydomain.com names ! interface Ethernet0/0 speed 100 duplex full nameif outside security-level 0 ip address 1.1.1.246 255.255.255.224 ! interface Ethernet0/1 speed 100 duplex full nameif inside security-level 100 ip address 192.168.240.33 255.255.255.224 ! interface Ethernet0/2 description DMZ VLAN-253 speed 100 duplex full nameif DMZ security-level 50 ip address 192.168.254.1 255.255.255.0 ! interface Ethernet0/3 no nameif no security-level no ip address ! boot system disk0:/asa821-k8.bin ftp mode passive clock timezone GMT/BST 0 dns server-group DefaultDNS domain-name mydomain.com same-security-traffic permit inter-interface same-security-traffic permit intra-interface object-group network ASA_LAN_Plus_HQ_LAN network-object ASA_LAN 255.255.248.0 network-object HQ-LAN 255.255.255.0 access-list outside_acl remark Exchange web access-list outside_acl extended permit tcp any host MS-Exchange_server-NAT eq https access-list outside_acl remark PPTP Encapsulation access-list outside_acl extended permit gre any host MS-ISA-Server-NAT access-list outside_acl remark PPTP access-list outside_acl extended permit tcp any host MS-ISA-Server-NAT eq pptp access-list outside_acl remark Intra Http access-list outside_acl extended permit tcp any host MS-ISA-Server-NAT eq www access-list outside_acl remark Intra Https access-list outside_acl extended permit tcp any host MS-ISA-Server-NAT eq https access-list outside_acl remark SSL Server-Https 443 access-list outside_acl remark Https 8443(Open VPN Custom port for SSLVPN client downlaod) access-list outside_acl remark FTP 20 access-list outside_acl remark Http access-list outside_acl extended permit tcp any host OpenVPN-Srvr-NAT object-group DM_INLINE_TCP_1 access-list outside_acl extended permit tcp any host OpenVPN-Srvr-NAT eq 8443 access-list outside_acl extended permit tcp any host OpenVPN-Srvr-NAT eq www access-list outside_acl remark For secure remote Managment-SSH access-list outside_acl extended permit tcp any host OpenVPN-Srvr-NAT eq ssh access-list outside_acl extended permit ip Genimage_Anyconnect 255.255.255.0 ASA_LAN 255.255.248.0 access-list ASP-Live remark Live ASP access-list ASP-Live extended permit ip ASA_LAN 255.255.248.0 192.168.60.0 255.255.255.0 access-list Bo remark Bo access-list Bo extended permit ip ASA_LAN 255.255.248.0 192.168.169.0 255.255.255.0 access-list Bill remark Bill access-list Bill extended permit ip ASA_LAN 255.255.248.0 Bill.15 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 Bill.5 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.149.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.160.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.165.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.144.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.140.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.152.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.153.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.163.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.157.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.167.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.156.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 North-Office-LAN 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.161.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.143.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.137.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.159.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 HQ-LAN 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.169.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.150.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.162.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.166.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.168.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.174.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.127.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.173.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.175.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.176.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.100.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 192.168.99.0 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 10.10.10.0 255.255.255.0 access-list no-nat extended permit ip host 192.168.240.34 Cisco-admin-LAN 255.255.255.0 access-list no-nat extended permit ip ASA_LAN 255.255.248.0 Genimage_Anyconnect 255.255.255.0 access-list no-nat extended permit ip host Tunnel-DC host HQ-SDSL-Peer access-list no-nat extended permit ip HQ-LAN 255.255.255.0 North-Office-LAN 255.255.255.0 access-list no-nat extended permit ip North-Office-LAN 255.255.255.0 HQ-LAN 255.255.255.0 access-list Car remark Car access-list Car extended permit ip ASA_LAN 255.255.248.0 192.168.165.0 255.255.255.0 access-list Che remark Che access-list Che extended permit ip ASA_LAN 255.255.248.0 192.168.144.0 255.255.255.0 access-list Chi remark Chi access-list Chi extended permit ip ASA_LAN 255.255.248.0 192.168.140.0 255.255.255.0 access-list Cla remark Cla access-list Cla extended permit ip ASA_LAN 255.255.248.0 192.168.152.0 255.255.255.0 access-list Eas remark Eas access-list Eas extended permit ip ASA_LAN 255.255.248.0 192.168.149.0 255.255.255.0 access-list Ess remark Ess access-list Ess extended permit ip ASA_LAN 255.255.248.0 192.168.153.0 255.255.255.0 access-list Gat remark Gat access-list Gat extended permit ip ASA_LAN 255.255.248.0 192.168.163.0 255.255.255.0 access-list Hud remark Hud access-list Hud extended permit ip ASA_LAN 255.255.248.0 192.168.157.0 255.255.255.0 access-list Ilk remark Ilk access-list Ilk extended permit ip ASA_LAN 255.255.248.0 192.168.167.0 255.255.255.0 access-list Ken remark Ken access-list Ken extended permit ip ASA_LAN 255.255.248.0 192.168.156.0 255.255.255.0 access-list North-Office remark North-Office access-list North-Office extended permit ip ASA_LAN 255.255.248.0 North-Office-LAN 255.255.255.0 access-list inside_acl remark Inside_ad access-list inside_acl extended permit ip any any access-list Old_HQ remark Old_HQ access-list Old_HQ extended permit ip ASA_LAN 255.255.248.0 HQ-LAN 255.255.255.0 access-list Old_HQ extended permit ip HQ-LAN 255.255.255.0 192.168.99.0 255.255.255.0 access-list She remark She access-list She extended permit ip ASA_LAN 255.255.248.0 192.168.150.0 255.255.255.0 access-list Lit remark Lit access-list Lit extended permit ip ASA_LAN 255.255.248.0 192.168.143.0 255.255.255.0 access-list Mid remark Mid access-list Mid extended permit ip ASA_LAN 255.255.248.0 192.168.137.0 255.255.255.0 access-list Spi remark Spi access-list Spi extended permit ip ASA_LAN 255.255.248.0 192.168.162.0 255.255.255.0 access-list Tor remark Tor access-list Tor extended permit ip ASA_LAN 255.255.248.0 192.168.166.0 255.255.255.0 access-list Tra remark Tra access-list Tra extended permit ip ASA_LAN 255.255.248.0 192.168.168.0 255.255.255.0 access-list Tru remark Tru access-list Tru extended permit ip ASA_LAN 255.255.248.0 192.168.174.0 255.255.255.0 access-list Yo remark Yo access-list Yo extended permit ip ASA_LAN 255.255.248.0 192.168.127.0 255.255.255.0 access-list Nor remark Nor access-list Nor extended permit ip ASA_LAN 255.255.248.0 192.168.159.0 255.255.255.0 access-list Nor extended permit ip ASA_LAN 255.255.248.0 192.168.173.0 255.255.255.0 inactive access-list ST remark ST access-list ST extended permit ip ASA_LAN 255.255.248.0 192.168.175.0 255.255.255.0 access-list Le remark Le access-list Le extended permit ip ASA_LAN 255.255.248.0 192.168.161.0 255.255.255.0 access-list DMZ-ACL remark DMZ access-list DMZ-ACL extended permit ip host OpenVPN-Srvr any access-list no-nat-dmz remark DMZ -No Nat access-list no-nat-dmz extended permit ip 192.168.250.0 255.255.255.0 HQ-LAN 255.255.255.0 access-list Split_Tunnel_List remark ASA-LAN access-list Split_Tunnel_List standard permit ASA_LAN 255.255.248.0 access-list Split_Tunnel_List standard permit Genimage_Anyconnect 255.255.255.0 access-list outside_cryptomap_30 remark Po access-list outside_cryptomap_30 extended permit ip ASA_LAN 255.255.248.0 Po 255.255.255.0 access-list outside_cryptomap_24 extended permit ip ASA_LAN 255.255.248.0 192.168.100.0 255.255.255.0 access-list outside_cryptomap_16 extended permit ip ASA_LAN 255.255.248.0 192.168.99.0 255.255.255.0 access-list outside_cryptomap_34 extended permit ip ASA_LAN 255.255.248.0 10.10.10.0 255.255.255.0 access-list outside_31_cryptomap extended permit ip host 192.168.240.34 Cisco-admin-LAN 255.255.255.0 access-list outside_32_cryptomap extended permit ip host Tunnel-DC host HQ-SDSL-Peer access-list Genimage_VPN_Any_connect_pix_client remark Genimage "Any Connect" VPN access-list Genimage_VPN_Any_connect_pix_client standard permit Genimage_Anyconnect 255.255.255.0 access-list Split-Tunnel-ACL standard permit ASA_LAN 255.255.248.0 access-list nonat extended permit ip HQ-LAN 255.255.255.0 192.168.99.0 255.255.255.0 pager lines 24 logging enable logging timestamp logging console notifications logging monitor notifications logging buffered warnings logging asdm informational no logging message 106015 no logging message 313001 no logging message 313008 no logging message 106023 no logging message 710003 no logging message 106100 no logging message 302015 no logging message 302014 no logging message 302013 no logging message 302018 no logging message 302017 no logging message 302016 no logging message 302021 no logging message 302020 flow-export destination inside MS-ISA-Server 2055 flow-export destination outside 192.168.130.126 2055 flow-export template timeout-rate 1 flow-export delay flow-create 15 mtu outside 1500 mtu inside 1500 mtu DMZ 1500 mtu management 1500 ip local pool RAS-VPN 10.0.0.1.1-10.0.0.1.254 mask 255.255.255.255 icmp unreachable rate-limit 1 burst-size 1 icmp permit any unreachable outside icmp permit any echo outside icmp permit any echo-reply outside icmp permit any outside icmp permit any echo inside icmp permit any echo-reply inside icmp permit any echo DMZ icmp permit any echo-reply DMZ asdm image disk0:/asdm-621.bin no asdm history enable arp timeout 14400 nat-control global (outside) 1 interface global (inside) 1 interface nat (inside) 0 access-list no-nat nat (inside) 1 0.0.0.0 0.0.0.0 nat (DMZ) 0 access-list no-nat-dmz static (inside,outside) MS-ISA-Server-NAT MS-ISA-Server netmask 255.255.255.255 static (DMZ,outside) OpenVPN-Srvr-NAT OpenVPN-Srvr netmask 255.255.255.255 static (inside,outside) MS-Exchange_server-NAT MS-Exchange_server netmask 255.255.255.255 access-group outside_acl in interface outside access-group inside_acl in interface inside access-group DMZ-ACL in interface DMZ route outside 0.0.0.0 0.0.0.0 1.1.1.225 1 route inside 10.10.10.0 255.255.255.0 192.168.240.34 1 route outside Genimage_Anyconnect 255.255.255.0 1.1.1.225 1 route inside Open-VPN 255.255.248.0 OpenVPN-Srvr 1 route inside HQledon-Voice-LAN 255.255.255.0 192.168.240.34 1 route outside Bill 255.255.255.0 1.1.1.225 1 route outside Yo 255.255.255.0 1.1.1.225 1 route inside 192.168.129.0 255.255.255.0 192.168.240.34 1 route outside HQ-LAN 255.255.255.0 1.1.1.225 1 route outside Mid 255.255.255.0 1.1.1.225 1 route outside 192.168.140.0 255.255.255.0 1.1.1.225 1 route outside 192.168.143.0 255.255.255.0 1.1.1.225 1 route outside 192.168.144.0 255.255.255.0 1.1.1.225 1 route outside 192.168.149.0 255.255.255.0 1.1.1.225 1 route outside 192.168.152.0 255.255.255.0 1.1.1.225 1 route outside 192.168.153.0 255.255.255.0 1.1.1.225 1 route outside North-Office-LAN 255.255.255.0 1.1.1.225 1 route outside 192.168.156.0 255.255.255.0 1.1.1.225 1 route outside 192.168.157.0 255.255.255.0 1.1.1.225 1 route outside 192.168.159.0 255.255.255.0 1.1.1.225 1 route outside 192.168.160.0 255.255.255.0 1.1.1.225 1 route outside 192.168.161.0 255.255.255.0 1.1.1.225 1 route outside 192.168.162.0 255.255.255.0 1.1.1.225 1 route outside 192.168.163.0 255.255.255.0 1.1.1.225 1 route outside 192.168.165.0 255.255.255.0 1.1.1.225 1 route outside 192.168.166.0 255.255.255.0 1.1.1.225 1 route outside 192.168.167.0 255.255.255.0 1.1.1.225 1 route outside 192.168.168.0 255.255.255.0 1.1.1.225 1 route outside 192.168.173.0 255.255.255.0 1.1.1.225 1 route outside 192.168.174.0 255.255.255.0 1.1.1.225 1 route outside 192.168.175.0 255.255.255.0 1.1.1.225 1 route outside 192.168.99.0 255.255.255.0 1.1.1.225 1 route inside ASA_LAN 255.255.255.0 192.168.240.34 1 route inside 192.168.124.0 255.255.255.0 192.168.240.34 1 route inside 192.168.50.0 255.255.255.0 192.168.240.34 1 route inside 192.168.51.0 255.255.255.128 192.168.240.34 1 route inside 192.168.240.0 255.255.255.224 192.168.240.34 1 route inside 192.168.240.164 255.255.255.224 192.168.240.34 1 route inside 192.168.240.196 255.255.255.224 192.168.240.34 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy aaa-server vpn protocol radius max-failed-attempts 5 aaa-server vpn (inside) host 192.168.X.2 timeout 60 key a5a53r3t authentication-port 1812 radius-common-pw a5a53r3t aaa authentication ssh console LOCAL aaa authentication http console LOCAL http server enable http 0.0.0.0 0.0.0.0 inside http 1.1.1.2 255.255.255.255 outside http 1.1.1.234 255.255.255.255 outside http 0.0.0.0 0.0.0.0 management http 1.1.100.198 255.255.255.255 outside http 0.0.0.0 0.0.0.0 outside crypto map FW_Outside_map 1 match address Bill crypto map FW_Outside_map 1 set peer x.x.x.121 crypto map FW_Outside_map 1 set transform-set SECURE crypto map FW_Outside_map 2 match address Bo crypto map FW_Outside_map 2 set peer x.x.x.202 crypto map FW_Outside_map 2 set transform-set SECURE crypto map FW_Outside_map 3 match address ASP-Live crypto map FW_Outside_map 3 set peer x.x.x.113 crypto map FW_Outside_map 3 set transform-set SECURE crypto map FW_Outside_map 4 match address Car crypto map FW_Outside_map 4 set peer x.x.x.205 crypto map FW_Outside_map 4 set transform-set SECURE crypto map FW_Outside_map 5 match address Old_HQ crypto map FW_Outside_map 5 set peer x.x.x.2 crypto map FW_Outside_map 5 set transform-set SECURE WG crypto map FW_Outside_map 6 match address Che crypto map FW_Outside_map 6 set peer x.x.x.204 crypto map FW_Outside_map 6 set transform-set SECURE crypto map FW_Outside_map 7 match address Chi crypto map FW_Outside_map 7 set peer x.x.x.212 crypto map FW_Outside_map 7 set transform-set SECURE crypto map FW_Outside_map 8 match address Cla crypto map FW_Outside_map 8 set peer x.x.x.215 crypto map FW_Outside_map 8 set transform-set SECURE crypto map FW_Outside_map 9 match address Eas crypto map FW_Outside_map 9 set peer x.x.x.247 crypto map FW_Outside_map 9 set transform-set SECURE crypto map FW_Outside_map 10 match address Ess crypto map FW_Outside_map 10 set peer x.x.x.170 crypto map FW_Outside_map 10 set transform-set SECURE crypto map FW_Outside_map 11 match address Hud crypto map FW_Outside_map 11 set peer x.x.x.8 crypto map FW_Outside_map 11 set transform-set SECURE crypto map FW_Outside_map 12 match address Gat crypto map FW_Outside_map 12 set peer x.x.x.212 crypto map FW_Outside_map 12 set transform-set SECURE crypto map FW_Outside_map 13 match address Ken crypto map FW_Outside_map 13 set peer x.x.x.230 crypto map FW_Outside_map 13 set transform-set SECURE crypto map FW_Outside_map 14 match address She crypto map FW_Outside_map 14 set peer x.x.x.24 crypto map FW_Outside_map 14 set transform-set SECURE crypto map FW_Outside_map 15 match address North-Office crypto map FW_Outside_map 15 set peer x.x.x.94 crypto map FW_Outside_map 15 set transform-set SECURE crypto map FW_Outside_map 16 match address outside_cryptomap_16 crypto map FW_Outside_map 16 set peer x.x.x.134 crypto map FW_Outside_map 16 set transform-set SECURE crypto map FW_Outside_map 16 set security-association lifetime seconds crypto map FW_Outside_map 17 match address Lit crypto map FW_Outside_map 17 set peer x.x.x.110 crypto map FW_Outside_map 17 set transform-set SECURE crypto map FW_Outside_map 18 match address Mid crypto map FW_Outside_map 18 set peer 78.x.x.110 crypto map FW_Outside_map 18 set transform-set SECURE crypto map FW_Outside_map 19 match address Sp crypto map FW_Outside_map 19 set peer x.x.x.47 crypto map FW_Outside_map 19 set transform-set SECURE crypto map FW_Outside_map 20 match address Tor crypto map FW_Outside_map 20 set peer x.x.x.184 crypto map FW_Outside_map 20 set transform-set SECURE crypto map FW_Outside_map 21 match address Tr crypto map FW_Outside_map 21 set peer x.x.x.75 crypto map FW_Outside_map 21 set transform-set SECURE crypto map FW_Outside_map 22 match address Yo crypto map FW_Outside_map 22 set peer x.x.x.40 crypto map FW_Outside_map 22 set transform-set SECURE crypto map FW_Outside_map 23 match address Tra crypto map FW_Outside_map 23 set peer x.x.x.145 crypto map FW_Outside_map 23 set transform-set SECURE crypto map FW_Outside_map 24 match address outside_cryptomap_24 crypto map FW_Outside_map 24 set peer x.x.x.46 crypto map FW_Outside_map 24 set transform-set SECURE crypto map FW_Outside_map 24 set security-association lifetime seconds crypto map FW_Outside_map 25 match address Nor crypto map FW_Outside_map 25 set peer x.x.x.70 crypto map FW_Outside_map 25 set transform-set SECURE crypto map FW_Outside_map 26 match address Ilk crypto map FW_Outside_map 26 set peer x.x.x.65 crypto map FW_Outside_map 26 set transform-set SECURE crypto map FW_Outside_map 27 match address Nor crypto map FW_Outside_map 27 set peer x.x.x.240 crypto map FW_Outside_map 27 set transform-set SECURE crypto map FW_Outside_map 28 match address ST crypto map FW_Outside_map 28 set peer x.x.x.163 crypto map FW_Outside_map 28 set transform-set SECURE crypto map FW_Outside_map 28 set security-association lifetime seconds crypto map FW_Outside_map 28 set security-association lifetime kilobytes crypto map FW_Outside_map 29 match address Lei crypto map FW_Outside_map 29 set peer x.x.x.4 crypto map FW_Outside_map 29 set transform-set SECURE crypto map FW_Outside_map 30 match address outside_cryptomap_30 crypto map FW_Outside_map 30 set peer x.x.x.34 crypto map FW_Outside_map 30 set transform-set SECURE crypto map FW_Outside_map 31 match address outside_31_cryptomap crypto map FW_Outside_map 31 set pfs crypto map FW_Outside_map 31 set peer Cisco-admin-Peer crypto map FW_Outside_map 31 set transform-set ESP-AES-256-SHA crypto map FW_Outside_map 32 match address outside_32_cryptomap crypto map FW_Outside_map 32 set pfs crypto map FW_Outside_map 32 set peer HQ-SDSL-Peer crypto map FW_Outside_map 32 set transform-set ESP-AES-256-SHA crypto map FW_Outside_map 34 match address outside_cryptomap_34 crypto map FW_Outside_map 34 set peer x.x.x.246 crypto map FW_Outside_map 34 set transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA crypto map FW_Outside_map 65535 ipsec-isakmp dynamic dynmap crypto map FW_Outside_map interface outside crypto map FW_outside_map 31 set peer x.x.x.45 crypto isakmp identity address crypto isakmp enable outside crypto isakmp policy 9 webvpn enable outside svc enable group-policy ASA-LAN-VPN internal group-policy ASA_LAN-VPN attributes wins-server value 192.168.x.1 192.168.x.2 dns-server value 192.168.x.1 192.168.x.2 vpn-tunnel-protocol IPSec svc split-tunnel-policy tunnelspecified split-tunnel-network-list value Split-Tunnel-ACL default-domain value MYdomain username xxxxxxxxxx password privilege 15 tunnel-group DefaultRAGroup ipsec-attributes isakmp keepalive threshold 30 retry 2 tunnel-group DefaultWEBVPNGroup ipsec-attributes isakmp keepalive threshold 30 retry 2 tunnel-group x.x.x.121 type ipsec-l2l tunnel-group x.x.x..121 ipsec-attributes pre-shared-key * isakmp keepalive threshold 30 retry 2 tunnel-group x.x.x.202 type ipsec-l2l tunnel-group x.x.x.202 ipsec-attributes pre-shared-key * isakmp keepalive threshold 30 retry 2 tunnel-group x.x.x.113 type ipsec-l2l tunnel-group x.x.x.113 ipsec-attributes pre-shared-key * isakmp keepalive threshold 30 retry 2 tunnel-group x.x.x.205 type ipsec-l2l tunnel-group x.x.x.205 ipsec-attributes pre-shared-key * isakmp keepalive threshold 30 retry 2 tunnel-group x.x.x.204 type ipsec-l2l tunnel-group x.x.x.204 ipsec-attributes pre-shared-key * isakmp keepalive threshold 30 retry 2 tunnel-group x.x.x.212 type ipsec-l2l tunnel-group x.x.x.212 ipsec-attributes pre-shared-key * tunnel-group x.x.x.215 type ipsec-l2l tunnel-group x.x.x.215 ipsec-attributes pre-shared-key * tunnel-group x.x.x.247 type ipsec-l2l tunnel-group x.x.x.247 ipsec-attributes pre-shared-key * tunnel-group x.x.x.170 type ipsec-l2l tunnel-group x.x.x.170 ipsec-attributes pre-shared-key * isakmp keepalive disable tunnel-group x.x.x..8 type ipsec-l2l tunnel-group x.x.x.8 ipsec-attributes pre-shared-key * tunnel-group x.x.x.212 type ipsec-l2l tunnel-group x.x.x.212 ipsec-attributes pre-shared-key * tunnel-group x.x.x.230 type ipsec-l2l tunnel-group x.x.x.230 ipsec-attributes pre-shared-key * tunnel-group x.x.x.24 type ipsec-l2l tunnel-group x.x.x.24 ipsec-attributes pre-shared-key * tunnel-group x.x.x.46 type ipsec-l2l tunnel-group x.x.x.46 ipsec-attributes pre-shared-key * isakmp keepalive disable tunnel-group x.x.x.4 type ipsec-l2l tunnel-group x.x.x.4 ipsec-attributes pre-shared-key * tunnel-group x.x.x.110 type ipsec-l2l tunnel-group x.x.x.110 ipsec-attributes pre-shared-key * tunnel-group 78.x.x.110 type ipsec-l2l tunnel-group 78.x.x.110 ipsec-attributes pre-shared-key * tunnel-group x.x.x.47 type ipsec-l2l tunnel-group x.x.x.47 ipsec-attributes pre-shared-key * tunnel-group x.x.x.34 type ipsec-l2l tunnel-group x.x.x.34 ipsec-attributes pre-shared-key * isakmp keepalive disable tunnel-group x.x.x..129 type ipsec-l2l tunnel-group x.x.x.129 ipsec-attributes pre-shared-key * isakmp keepalive disable tunnel-group x.x.x.94 type ipsec-l2l tunnel-group x.x.x.94 ipsec-attributes pre-shared-key * isakmp keepalive disable tunnel-group x.x.x.40 type ipsec-l2l tunnel-group x.x.x.40 ipsec-attributes pre-shared-key * isakmp keepalive disable tunnel-group x.x.x.65 type ipsec-l2l tunnel-group x.x.x.65 ipsec-attributes pre-shared-key * tunnel-group x.x.x.70 type ipsec-l2l tunnel-group x.x.x.70 ipsec-attributes pre-shared-key * tunnel-group x.x.x.134 type ipsec-l2l tunnel-group x.x.x.134 ipsec-attributes pre-shared-key * isakmp keepalive disable tunnel-group x.x.x.163 type ipsec-l2l tunnel-group x.x.x.163 ipsec-attributes pre-shared-key * isakmp keepalive disable tunnel-group x.x.x.2 type ipsec-l2l tunnel-group x.x.x.2 ipsec-attributes pre-shared-key * isakmp keepalive disable tunnel-group ASA-LAN-VPN type remote-access tunnel-group ASA-LAN-VPN general-attributes address-pool RAS-VPN authentication-server-group vpn authentication-server-group (outside) vpn default-group-policy ASA-LAN-VPN tunnel-group ASA-LAN-VPN ipsec-attributes pre-shared-key * tunnel-group x.x.x.184 type ipsec-l2l tunnel-group x.x.x.184 ipsec-attributes pre-shared-key * tunnel-group x.x.x.145 type ipsec-l2l tunnel-group x.x.x.145 ipsec-attributes pre-shared-key * isakmp keepalive disable tunnel-group x.x.x.75 type ipsec-l2l tunnel-group x.x.x.75 ipsec-attributes pre-shared-key * tunnel-group x.x.x.246 type ipsec-l2l tunnel-group x.x.x.246 ipsec-attributes pre-shared-key * isakmp keepalive disable tunnel-group x.x.x.2 type ipsec-l2l tunnel-group x.x.x..2 ipsec-attributes pre-shared-key * tunnel-group x.x.x.98 type ipsec-l2l tunnel-group x.x.x.98 ipsec-attributes pre-shared-key * ! ! ! policy-map global_policy description Netflow class class-default flow-export event-type all destination MS-ISA-Server policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum 512 Anyone have a clue because Im on the verge of going postal.....

    Read the article

  • Script to establish SSH tunnel and then run another program that uses the tunnel

    - by Rob Hills
    I am running a GUI app (Gnucash) that connects to a remote Postgres database via a secure shell session. I can use the SSH -L command to tunnel a local port and then separately run Gnucash and this works fine. What I'd like to do is use a single shell script that sets up the tunnel and then calls Gnucash. Is that possible? If so, how do I do it? Currently, I run commands like the following in 2 separate terminal windows: ssh -L 5433:127.0.0.1:19097 [email protected] gnucash postgres://gnucash@localhost:5433/gnucash_db If I simply put both lines in a shell script, the first line drops me into the remote shell and the second line doesn't execute until I exit the remote shell. TIA, Rob Hills

    Read the article

  • Issues printing through ssh tunnel and port forwarding

    - by simogasp
    I'm having some problems trying to print through a ssh tunnel. I'd like to print from my laptop to a network printer (Toshiba es453, for what matters) which is in a local network. I can reach the local network using a gateway. So far I did the following: ssh -N -L19100:<Printer_IP>:9100 <username>@<ssh_gateway> Basically i just mapped the port 19100 of my laptop directly to the input port of the printer, passing through the gateway. So far, so good. Then, i tried to install on my laptop a new printer with the GUI config tool of ubuntu, so that the new printer is on localhost at port 19100 (as APP Socket/HP Jet Direct) , then I provided the proper driver of the printer. In theory, once the tunnel is open I should be able to print from any program just selecting this printer. Of course, it does not work. :-) The document hangs in the queue with status Processing while in the shell where I set up the tunnel I get these errors on failing opening channels debug1: Local forwarding listening on ::1 port 19100. debug1: channel 0: new [port listener] debug1: Local forwarding listening on 127.0.0.1 port 19100. debug1: channel 1: new [port listener] debug1: Requesting [email protected] debug1: Entering interactive session. debug1: Connection to port 19100 forwarding to 195.220.21.227 port 9100 requested. debug1: channel 2: new [direct-tcpip] debug1: Connection to port 19100 forwarding to 195.220.21.227 port 9100 requested. debug1: channel 3: new [direct-tcpip] channel 2: open failed: connect failed: Connection timed out debug1: channel 2: free: direct-tcpip: listening port 19100 for 195.220.21.227 port 9100, connect from ::1 port 44434, nchannels 4 debug1: Connection to port 19100 forwarding to 195.220.21.227 port 9100 requested. debug1: channel 2: new [direct-tcpip] channel 3: open failed: connect failed: Connection timed out debug1: channel 3: free: direct-tcpip: listening port 19100 for 195.220.21.227 port 9100, connect from ::1 port 44443, nchannels 4 channel 2: open failed: connect failed: Connection timed out debug1: channel 2: free: direct-tcpip: listening port 19100 for 195.220.21.227 port 9100, connect from ::1 port 44493, nchannels 3 debug1: Connection to port 19100 forwarding to 195.220.21.227 port 9100 requested. debug1: channel 2: new [direct-tcpip] As a further debugging test I tried the following. From a machine inside the local network I did a telnet <IP_printer> 9100, got access, wrote some random thing, closed the connection and correctly I got a print of what I had written. So the port and the ip of the printer should be correct. I tried the same from my laptop with the tunnel opened, the telnet succeeded but, again, the printer didn't print anything, getting the usual channel x: open failed: errors. I'm not a great expert on the matter, I just thought that in theory it was possible to do something like that, but maybe there is something that I didn't consider or I did wrong. Any clue? Thanks! Simone [update] As further debugging test, I tried to replicate the procedure from a machine in the local network. From that machine, I did ssh -N -L19100:<IP_printer>:9100 <username>@<ssh_gateway> (note that now the machine, the gateway and the printer are in the same local network) then I tried again the telnet test with telnet localhost 19100, I got access and everything, but I didn't get the print but the usual error channel 2: open failed: connect failed: Connection timed out Maybe I am missing some other connection to be forwarded or maybe this is not allowed by the administrators. Of course, if I connect via ssh tunneling to the local machine from my laptop through the gateway, I can successfully print using the lpr command (from the local machine). But this is what I would like to avoid (yes, I'm lazy...:-), I would like to have a more 'elegant' and transparent way to do that.

    Read the article

  • Forward all traffic through an ssh tunnel

    - by Eamorr
    I hope someone can follow this and I'll explain as best I can. I'm trying to forward all traffic from port 6999 on x.x.x.224, through an ssh tunnel, and onto port 7000 on x.x.x.218. Here is some ASCII art: |browser|-----|Squid on x.x.x.224|------|ssh tunnel|------<satellite link>-----|Squid on x.x.x.218|-----|www| 3128 6999 7000 80 When I remove the ssh tunnel, everything works fine. The idea is to turn off encryption on the ssh tunnel (to save bandwidth) and turn on maximum compression (to save more bandwidth). This is because it's a satellite link. Here's the ssh tunnel I've been using: ssh -C -f -C -o CompressionLevel=9 -o Cipher=none [email protected] -L 7000:172.16.1.224:6999 -N The trouble is, I don't know how to get data from Squid on x.x.x.224 into the ssh tunnel? Am I going about this the wrong way? Should I create an ssh tunnel on x.x.x.218? I use iptables to stop squid on x.x.x.224 from reading port 80, but to feed from port 6999 instead (i.e. via the ssh tunnel). Do I need another iptables rule? Any comments greatly appreciated. Many thanks in advance,

    Read the article

  • How to force certain traffic through GRE tunnel?

    - by wew
    Here's what I do. Server (public internet is 222.x.x.x): echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf sysctl -p iptunnel add gre1 mode gre local 222.x.x.x remote 115.x.x.x ttl 255 ip add add 192.168.168.1/30 dev gre1 ip link set gre1 up iptables -t nat -A POSTROUTING -s 192.168.168.0/30 -j SNAT --to-source 222.x.x.x iptables -t nat -A PREROUTING -d 222.x.x.x -j DNAT --to-destination 192.168.168.2 Client (public internet is 115.x.x.x): iptunnel add gre1 mode gre local 115.x.x.x remote 222.x.x.x ttl 255 ip add add 192.168.168.2/30 dev gre1 ip link set gre1 up echo '100 tunnel' >> /etc/iproute2/rt_tables ip rule add from 192.168.168.0/30 table tunnel ip route add default via 192.168.168.1 table tunnel Until here, all seems going right. But then 1st question, how to use GRE tunnel as a default route? Client computer is still using 115.x.x.x interface as default. 2nd question, how to force only ICMP traffic to go through tunnel, and everything else go default interface? I try doing this in client computer: ip rule add fwmark 200 table tunnel iptables -t mangle -A OUTPUT -p udp -j MARK --set-mark 200 But after doing this, my ping program will timeout (if I not doing 2 command above, and using ping -I gre1 ip instead, it will works). Later I want to do something else also, like only UDP port 53 through tunnel, etc. 3rd question, in client computer, I force one mysql program to listen on gre1 interface 192.168.168.2. In client computer, there's also one more public interface (IP 114.x.x.x)... How to forward traffic properly using iptables and route so mysql also respond a request coming from this 114.x.x.x public interface?

    Read the article

  • Create tunnel through an open SSH connection?

    - by criptych
    I have a remote PC (behind NAT and firewall) set up to create a reverse SSH tunnel to my home PC/server (DMZed). Unfortunately, the tunnel hasn't been working lately. Fortunately -- I think -- the remote PC currently has an SFTP session open to the local one. My question is, can I create a tunnel back to the remote PC through that session? Or am I SOL until I can physically get in to restore the reverse tunnel on the remote PC?

    Read the article

  • Forward all traffic through an ssh tunnel

    - by Eamorr
    I hope someone can follow this and I'll explain as best I can. I'm trying to forward all traffic from port 6999 on x.x.x.224, through an ssh tunnel, and onto port 7000 on x.x.x.218. Here is some ASCII art: |browser|-----|Squid on x.x.x.224|------|ssh tunnel|------<satellite link>-----|Squid on x.x.x.218|-----|www| 3128 6999 7000 80 When I remove the ssh tunnel, everything works fine. The idea is to turn off encryption on the ssh tunnel (to save bandwidth) and turn on maximum compression (to save more bandwidth). This is because it's a satellite link. Here's the ssh tunnel I've been using: ssh -C -f -C -o CompressionLevel=9 -o Cipher=none [email protected] -L 7000:172.16.1.224:6999 -N The trouble is, I don't know how to get data from Squid on x.x.x.224 into the ssh tunnel? Am I going about this the wrong way? Should I create an ssh tunnel on x.x.x.218? I use iptables to stop squid on x.x.x.224 from reading port 80, but to feed from port 6999 instead (i.e. via the ssh tunnel). Do I need another iptables rule? Any comments greatly appreciated. Many thanks in advance, Regarding Eduardo Ivanec's question, here is a netstat -i any port 7000 -nn dump from x.x.x.218: 14:42:15.386462 IP 172.16.1.224.40006 > 172.16.1.218.7000: Flags [S], seq 2804513708, win 14600, options [mss 1460,sackOK,TS val 86702647 ecr 0,nop,wscale 4], length 0 14:42:15.386690 IP 172.16.1.218.7000 > 172.16.1.224.40006: Flags [R.], seq 0, ack 2804513709, win 0, length 0 Update 2: When I run the second command, I get the following error in my browser: ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: http://109.123.109.205/index.php Zero Sized Reply Squid did not receive any data for this request. Your cache administrator is webmaster. Generated Fri, 01 Jul 2011 16:06:06 GMT by remote-site (squid/2.7.STABLE9) remote-site is 172.16.1.224 When I do a tcpdump -i any port 7000 -nn I get the following: root@remote-site:~# tcpdump -i any port 7000 -nn tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes channel 2: open failed: connect failed: Connection refused channel 2: open failed: connect failed: Connection refused channel 2: open failed: connect failed: Connection refused channel 2: open failed: connect failed: Connection refused channel 2: open failed: connect failed: Connection refused channel 2: open failed: connect failed: Connection refused channel 2: open failed: connect failed: Connection refused channel 2: open failed: connect failed: Connection refused channel 2: open failed: connect failed: Connection refused channel 2: open failed: connect failed: Connection refused channel 2: open failed: connect failed: Connection refused

    Read the article

  • Java .split() Method To Split XML Parameters

    - by Buzz Lightyear
    I have this line from an XML document: <?xml version="1.0" encoding="UTF-8"?> <svg xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://www.w3.org/2000/svg" contentScriptType="text/ecmascript" width="1024" zoomAndPan="magnify" contentStyleType="text/css" viewBox="0 0 1024 768" height="768" preserveAspectRatio="xMidYMid meet" version="1.0"> I want to be able to split it up, using the split method. For example i want to save each parameter into a String array. So i'd like: contentScriptType="text/ecmascript" width="1024" zoomAndPan="magnify" contentStyleType="text/css" viewBox="0 0 1024 768" height="768" etc etc to be saved into a string array, is there anyway to do this using the split method, or can anybody suggest an easier, more efficient way to do this?

    Read the article

  • Problems configuring an SSH tunnel to a Nexentastor appliance for use with headless Crashplan

    - by Rob Smallshire
    Problem I am attempting to configure an SSH tunnel to a NexentaStor appliance from either a Windows or Linux computer so that I can connect a Crashplan Desktop GUI to a headless Crashplan server running on the Nexenta box, according to these instructions on the Crashplan support site: Connect to a Headless CrashPlan Desktop. So far, I've failed to get a working SSH tunnel from from either either a Windows client (using Putty) or a Linux client (using command line SSH). I'm fairly sure the problem is at the receiving end with NexentaStor. A blog article - CrashPlan for Backup on Nexenta - indicates that it could be made to work only after "after enabling TCP forwarding in Nexenta in /etc/ssh/sshd_config" - although I'm not sure how to go about that or specifically what I need to do. Things I have tried Ensuring the Crashplan server on the Nexenta box is listening on port 4243 $ netstat -na | grep LISTEN | grep 42 127.0.0.1.4243 *.* 0 0 131072 0 LISTEN *.4242 *.* 0 0 65928 0 LISTEN Establishing a tunnel from a Linux host: $ ssh -L 4200:localhost:4243 admin:10.0.0.56 and then, from another terminal on the Linux host, using telnet to verify the tunnel: $ telnet localhost 4200 Trying ::1... Connected to localhost. Escape character is #^]'. with nothing more, although the Crashplan server should respond with something. From Windows, using PuTTY have followed the instructions on the Crashplan support site to establish an equivalent tunnel, but then telnet on Windows gives me no response at all and the Crashplan GUI can't connect either. The PuTTY log for the tunnelled connection shows reasonable output: ... 2011-11-18 21:09:57 Opened channel for session 2011-11-18 21:09:57 Local port 4200 forwarding to localhost:4243 2011-11-18 21:09:57 Allocated pty (ospeed 38400bps, ispeed 38400bps) 2011-11-18 21:09:57 Started a shell/command 2011-11-18 21:10:09 Opening forwarded connection to localhost:4243 but the telnet localhost 4200 command from Windows does nothing at all - it just waits with a blank terminal. On the NexentaStor server I've examined the /etc/ssh/sshd_config file and everything seems 'normal' - and I've commented out the ListenAddress entries to ensure that I'm listening on all interfaces. How can I establish a tunnel, and how can I verify that it is working?

    Read the article

  • Routing subnet over GRE tunnel

    - by eMgz
    Hi, Im trying to configure a GRE over IPSec connection between two subnets. The IPSec tunnel is opened and now I want to add a GRE tunnel over it: ip tunnel add GRE01 mode gre remote 10.244.0.1 local 10.244.245.32 ttl 255 ip link set GRE01 up ip addr add 10.244.248.126 dev GRE01 ip route add 10.244.248.125 dev GRE01 Now I have an interface GRE01 (ifconfig): GRE10 Link encap:UNSPEC HWaddr <h_addr> inet addr:10.244.248.126 P-t-P:10.244.248.126 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) And the following routes (ip route list): 10.244.248.125 dev GRE10 scope link <pub_subnet> dev eth0 proto kernel scope link src <pub_ip> default via <pub_gw> dev eth0 metric 100 As a last step, I need now to route my subnet over the tunnel: ip route add 10.245.1.224/28 10.244.248.125 However, I am getting the error Error: either "to" is duplicate, or "10.244.248.125" is a garbage. So, what I didn't understand is why I can't route my subnet over the tunnel, once the only route I have there says that it should route the tunnel IP over the GRE01 interface. Any hint? Thanks.

    Read the article

  • AWS VPN Tunnel going down without traffic

    - by Asfura
    I managed to setup a site-to-site VPN connection from Amazon VPC to a company's network, and after a lot of configuration it was working fine, but now i realized that the VPN tunnel is DOWN every time there's no traffic going trough for a couple minutes. The only way that i have found to generate traffic is to reach the amazon instance from the company's network and then the tunnel goes up again. I had a cronjob doing ping every minute, but i think it should have a keepalive option somewhere, or at least a log file of the tunnels to find out what's going on. Any ideas to keep the tunnel up and/or bring it up from amazon? The firewall is a Checkpoint R75.20, it only allows one tunnel at a time for the same subnet, so i cant have both tunnels active. Thank you, any questions just ask. EDIT I forgot to add, the ping keepalive was working great (maybe generating a bit of traffic, but nothing to worry about), the connection dropped because i had to restart the instance, and it that little time it dropped me.

    Read the article

  • SSH socks proxy tunnel without interactive session?

    - by dirtside
    I use ssh -D 1080 myhost.org ...to open up an SSH tunnel from my work machine to my home machine, so as to bypass the idiotic content filter on the corporate firewall. However this also creates an interactive SSH session that lives the whole time I'm using the tunnel. Is there any way to tell SSH just to create the tunnel and not bother with the interactive session?

    Read the article

  • Connection refused in ssh tunnel to apache forward proxy setup

    - by arkascha
    I am trying to setup a private forward proxy in a small server. I mean to use it during a conference to tunnel my internet access through an ssh tunnel to the proxy server. So I created a virtual host inside apache-2.2 running the proxy, the proxy_http and the proxy_connect module. I use this configuration: <VirtualHost localhost:8080> ServerAdmin xxxxxxxxxxxxxxxxxxxx ServerName yyyyyyyyyyyyyyyyyyyy ErrorLog /var/log/apache2/proxy-error_log CustomLog /var/log/apache2/proxy-access_log combined <IfModule mod_proxy.c> ProxyRequests On <Proxy *> # deny access to all IP addresses except localhost Order deny,allow Deny from all Allow from 127.0.0.1 </Proxy> # The following is my preference. Your mileage may vary. ProxyVia Block ## allow SSL proxy AllowCONNECT 443 </IfModule> </VirtualHost> After restarting apache I create a tunnel from client to server: #> ssh -L8080:localhost:8080 <server address> and try to access the internet through that tunnel: #> links -http-proxy localhost:8080 http://www.linux.org I would expect to see the requested page. Instead a get a "connection refused" error. In the shell holding open the ssh tunnel I get this: channel 3: open failed: connect failed: Connection refused Anyone got an idea why this connection is refused ?

    Read the article

  • SSH tunnel & Rsync thru two proxy/firewalls

    - by cajwine
    Screnario: [internal_server_1]AA------AB[firewall_1]AC----+ 10.2.0.3-^ ^-10.2.0.2 | internet 10.3.0.3-v v-10.3.0.2 | [internal_server_2]BA------BB[firewall_2]BC----+ Ports AC,BC has valid internet addresses. All systems run linux and have root acces to all. Need securely rsync internal_server_1:/some/path into internal_server_2:/another/path My idea is make ssh secure tunnel between two firewalls, e.g. from firewall_1 firewall1# ssh -N -p 22 -c 3des user2@firewall_2.example.com -L xxx/10.3.0.3/xxxx and after will run rsync from internal_server_1 somewhat like: intenal1# rsync -az /some/path [email protected]:/another/path I don't know how to make a correct ssh tunnel for rsync (what ports need tunnel) and to where i will make the rsync? (remote comp address in case of ssh tunnel) Any idea or pointer to helpfull internet resource for this case? thanx.

    Read the article

  • ssh tunnel via multiple hops

    - by Mala
    Tunneling data over ssh is pretty straight-forward: ssh -D9999 [email protected] sets up port 9999 on your localhost as a tunnel to foreignhost.com, but I have more specific need: I am working locally on localhost host1 is accessible to localhost host2 only accepts connections from host1 I need to create a tunnel from localhost to host2 Effectively I want to create a "multi-hop" ssh tunnel. How can I do this? Ideally, I'd like to do this without needing to be superuser on any of the machines.

    Read the article

  • Web browsing through SSH tunnel gets stuck/clogged

    - by endolith
    I use tools like Tunnelier to log into my home Tomato router through SSH, and then use it as a proxy for web browsing, tunnel for Remote Desktop/VNC, etc. Most days it works great, but some days every page I try to view gets stuck, like the tunnel is clogged. I load a web page and it seems to be loading, then stops, with the little loading icon spinning and nothing happening. I refresh the page, I reboot the router, I reboot the other computers on my home network and turn off any bandwidth-hogging services on them, I've turned on QoS on the router to prioritize SSH. I don't understand what's getting stuck. Rebooting or disconnecting/reconnecting the SSH tunnel improves responsiveness for a minute, but then it gets clogged again. It also seems to help if I don't do anything on the tunnel for a few minutes, then it will be responsive for a bit and then get clogged again. Trying to open a terminal console from Tunnelier is also unresponsive, so it's not just a web browsing problem. Likewise, connecting to http://192.168.1.1 in the browser (to the router's web config through its own tunnel) is also slow/laggy/halting. The realtime bandwidth reported by the router is nowhere near my DSL connection's limits, though it does show big spikes during the laggy times, and the connection is responsive when it shows low bandwidths. How do I troubleshoot something like this?

    Read the article

  • Having XP VM use my host OSX ssh tunnel to connect to a remote site?

    - by Manachi
    I am using Mac OSX and have Windows XP running on VMWare Fusion. I'm creating an ssh tunnel from OSX to a remote server, and then trying to have Windows XP use that tunnel (I actually use a program called Proxifier on XP to filter my XP MS SQL Server traffic through that tunnel) Note that I can successfully create an ssh tunnel (on port 9333) from the XP putty to the remote host, and have SQL Server Proxify through that tunnel and it all works correctly. However when I try to set up the tunnel in OSX, and have Proxifier in XP point to the OSX tunnel instead of localhost, it doesn't seem to connect. Here is the OSX command i'm using to create the tunnel: ssh -i /my/key -p 9001 -D 9333 -g me@remotehostname Then I set my XP proxifier to point to macosxhostname:9333 (instead of the previous localhost:9333 which worked corrently when using putty) Any suggestions on what I may have missed? My XP firewall is turned off while setting this up.

    Read the article

  • Split Tunnel VPN using incorrect Tunnel

    - by Brian Schmeltz
    Our company has a handful of field offices that have recently been setup with a regular internet connection after we removed the T1 and router that connected them directly to our network. Now, when the users are in the office, they log in to the VPN to be able to connect to the network. For the sake of them being able to print and scan from the local multi-function we have setup a split tunnel VPN. We currently have about 15-20 users using this setup around the country without any problems. Recently one of our users started having problems accessing internal programs/sites when connecting from both home and the office. There are three other users in the same office and they do not have this problem. I assumed that it was something with the computer and went ahead and replaced it with another of the same model. The computer worked fine in our home office; however, when the user received it, she had the exact same problem both at home and in the field office. Thinking it may be a NIC driver issue I sent her another computer, this time a different model, same problem occurred. If I update the host file to point to the correct paths, things will work, and if I connect via a normal VPN connection everything works, but the user cannot scan or print - which is a problem. Have tried to find ways to create another tunnel on a normal VPN and have tried to find ways to force the correct tunnel on the split tunnel VPN. It appears that there is something related to the ISP because if I connect to Comcast or Verizon it is fine but once she connects to Insite then she has problems. I have been unable to get any support from Insite as they don't feel the issue is with them. We use a Nortel VPN client. Any thoughts or ideas would be appreciated.

    Read the article

1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >