Search Results

Search found 5390 results on 216 pages for 'ssl vpn'.

Page 165/216 | < Previous Page | 161 162 163 164 165 166 167 168 169 170 171 172 | Next Page >

Postgres 9.0 locking up, 100% CPU

- by Jake

We are having a problem where our Postgres 9.0 server occasionally locks up and kills our webapp. Restarting Postgres fixes the problem. Here's what I've been able to observe: First, usage of one CPU jumps to 100% for a few minutes Disk operations drop to ~0 during this time Database operations drop to 0 (blocks and tuples per sec) Logs show during this time: WARNING: worker took too long to start; cancelled WARNING: worker took too long to start; cancelled No Queries in logs (only those over 200ms are logged) No unusually long-running queries logged before or during Then the second CPU jumps to 100% The number of postgres processes jumps from the usual 8-10 to ~20 Matched by a spike in Postgres Blocks per second (about twice normal) Logs show LOG: could not accept SSL connection: EOF detected Queries are running but slow Restarting postgres returns everything to normal Setup: Server: Amazon EC2 Large Ubuntu 10.04.2 LTS Postgres 9.0.3 Dedicated DB server Does anyone have any idea what's causing this? Or any suggestions about what else I should be checking out?

Read the article
Port forwarding (portmap) works only locally

- by Tag Wint

There are four hosts hostA winXP hostB Win2003 hostC Linux RHEL hostD Linux RHEL hostA cannot connect to C and D directly, but B can hostA connects to hostB using VPN hostB and hostC belong to the same subnet1 hostD is in subnet2 From hostA I need to connect to hostC and hostD by SSH. Now I can do it as follows: 1.connecting from hostA to hostB by RDP logon and there: 2.start putty client. I'd like to omit step 1 and connect from A to C and D directly On hostB I have admin acoount and configure port forwarding as follows: netsh interface portproxy add v4tov4 listenport=N1 connectaddress=hostC_IP connectport=N2 netsh interface portproxy add v4tov4 listenport=N3 connectaddress=hostD_IP connectport=N2 netsh interface portproxy show all: Listen on IPv4: Connect to IPv4: Address Port Address Port --------------- ---------- --------------- ---------- * N1 hostC_IP N2 * N3 hostD_IP N2 Now from hostB I can connect to either C and D: ssh localhost:N1 ssh localhost:N3 from hostA ssh hostB:N1 works too, but ssh hostB:N3 DON'T I guess the reason might be different subnets, still have no idea how to fix it. What should I do?

Read the article
https post message fail, where is server log?

- by Samson

I am receiving an error when sending a https post message to my server and I am looking to get more information. I am looking for ssl error log in apache but I cannot find it. I have looked in /usr/local/apache/logs/secure and I don't see the proper error. Should I be looking in a different place? UPDATE: Fyi, the connection is timing out or being lost when I use https and I am trying to figure out why. When I use http it works fine.

Read the article
MySQL is killing the server IO.

- by OneOfOne

I manage a fairly large/busy vBulletin forums (~2-3k requests per second, running on gigenet cloud), the database is ~ 10 GB (~9 milion posts, ~60 queries per second), lately MySQL have been grinding the disk like there's no tomorrow according to iotop and slowing the site. The last idea I can think of is using replication, but I'm not sure how much that would help and worried about database sync. I'm out of ideas, any tips on how to improve the situation would be highly appreciated. Specs : Debian Lenny 64bit ~12Ghz (6 cores) CPU, 7520gb RAM, 160gb disk. Kernel : 2.6.32-4-amd64 mysqld Ver 5.1.54-0.dotdeb.0 for debian-linux-gnu on x86_64 ((Debian)) Other software: vBulletin 3.8.4 memcached 1.2.2 PHP 5.3.5-0.dotdeb.0 (fpm-fcgi) (built: Jan 7 2011 00:07:27) lighttpd/1.4.28 (ssl) - a light and fast webserver PHP and vBulletin are configured to use memcached. MySQL Settings : [mysqld] key_buffer = 128M max_allowed_packet = 16M thread_cache_size = 8 myisam-recover = BACKUP max_connections = 1024 query_cache_limit = 2M query_cache_size = 128M expire_logs_days = 10 max_binlog_size = 100M key_buffer_size = 128M join_buffer_size = 8M tmp_table_size = 16M max_heap_table_size = 16M table_cache = 96

Read the article
Gotchas for reverse proxy setups

- by kojiro

We run multiple web applications, some internal-only, some internal/external. I'm putting together a proposal that we use reverse proxy servers to isolate the origin servers, provide SSL termination and (when possible) provide load balancing. For much of our setup, I'm sure it will work nicely, but we do have a few lesser-known proprietary applications that may need special treatment when we move forward with reverse-proxying. What kinds of traps tend to cause problems when moving an origin server from being on the front lines to being behind a proxy? (For example, I can imagine problems if an application needed to know the IP address of incoming requests.)

Read the article
Setting up dovecot on OpenBSD

- by Jonas Byström

I'm a *nix n00b that just installed dovecot (the selection with no ldap, mysql or pgsql) on OpenBSD 4.0 and I want to set it up for imap use, but I'm having a hard time finding documentation that I can understand. It currently running on port 143 (checked with telnet) but from there I need to do the following: I need some accounts, the once already on the system are fine if I can get those running (seemed to be some dovecot option somehow?), or just adding a few manually is ok too. Was there some setting for this in the default /etc/dovecot.conf? passdb bsdauth {} is uncommented by default... I need to create imap folders, or subfolders. How can I do that? Hopefully not, but anything else I need to do? I want to run without certification validation and no SSL/TLS, would this work by default (client-side settings)?

Read the article
Juniper Networks SRX240 as a office router?

- by Jordan Mendelson

We're a small (7 person) fast growing startup who just got our new office and we're having a 100 Mbps line installed from Cogent. I'm not familiar with Juniper devices, however the equivalent Cisco appears to be rather expensive. Features we'd like: Offsite VPN access (PPTP or L2TP IPsec) - something Mac compatible IPv6 support NAT - ideally supporting multiple outside addresses mapped to VLANs DHCP DNS forwarding would be nice QoS to keep our SIP phones happy (managed through RingCentral) VLANs for guest/internal The device is going to be connected to a set of SIP phones as well as two Ruckus 7962s for wireless access. Eventually I'd like to connect it to a Juniper ESX switch as we grow. Would a Juniper SRX240 handle this ok?

Read the article
Quick access to program shortcut

- by Nathan DeWitt

I need to edit a text file on my computer that requires admin access (hosts). I used to do this by hitting WIN and typing "Note". The shortcut for Notepad would show up, and I could right-click and choose Run as Administrator. How do I accomplish the same thing in Windows 8? Notepad isn't something I see pinned to my start menu, and I don't really want to clutter up my menu with something I may use infrequently. I want very quick access to my programs by typing a few letters in the name. If I use WIN-R, I have to know exactly the name of the executable. I want to just type Glob and see options for Sonic Global VPN. And I want to be able to execute that found executable as an admin if I need to. Windows Vista & Windows 7 are excellent at this. Surely this functionality has not been deprecated in Windows 8...

Read the article
How to choose python version to install in gentoo

- by Shamanu4

Hello, I'm using linux gentoo and i want to install python2.5 but it's a problem. emerge -av python shows These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild U ] dev-lang/python-3.1.2-r3 [3.1.1-r1] USE="gdbm ipv6 ncurses readline ssl threads (wide-unicode%*) xml -build -doc -examples -sqlite* -tk -wininst (-ucs2%)" 9,558 kB [ebuild U ] app-admin/python-updater-0.8 [0.7] 8 kB and there are ebuild for more versions: # ls /usr/portage/dev-lang/python ChangeLog files Manifest metadata.xml python-2.4.6.ebuild python-2.5.4-r4.ebuild python-2.6.4-r1.ebuild python-2.6.5-r2.ebuild python-3.1.2-r3.ebuild How to choose ebuild that I want? (python-2.5.4-r4)

Read the article
NX Client running on OS X 10.6.3 => NX Server Ubuntu 10.04: weird keymapping issue

- by Mike D

I have been using Ubuntu 9.10 at work after switching from vista. After being (expectedly) disappointed with performance over VNC (via VPN) when logging in from home, I came across the NOMACHINE suite. Last week, I upgraded from OS X 10.6.2 = 10.6.3 at home. After that, I also updated my NX Client at home to the latest version, as there were issues with recent changes in the OSX X11 setup that rendered the NX connection useless. At that point, everything worked fine. Fast forward, I upgraded from 9.10 = 10.04 on my work machine the next day, and after coming home and trying to log-in remotely, I noticed that the "s" and "m" keys, when pressed locally, acted as if the meta key was being pressed on the remote machine. That is, the "s" key opens in the Ubuntu login menu (the power icon), and the "m" key opens the messaging menu. I found some info on using xmodmap to remap keys, however, I can't even begin to fathom what keys I could remap to solve this issue. Any ideas?

Read the article
Looking for Inneroffice Access Tool, Workstation to Workstation

- by nicorellius

This may be a simple question to answer, and I apologize if it's a duplicate. I looked through the suggestions and nothing jumped out at me as the right answer, so here goes: My office has several workstations, Macs and Windows boxes. We do have a firewall and a VPN solution, so getting in to the network from outside is easy. Likewise, we use GoToMeeting for demos and when we help our customers with their issues. But we have one workstation that has certain testing tools on it, and instead of walking across the office to this machine, I'd like to access it from my desk (and monitor it). I will need to open a command line and run commands. I could start a GoToMeeting and do it this way, but that seems overkill and clunky. Is there a simpler tool that allows pseudo-remote access within the same office/network for this kind of access?

Read the article
Virtual dedicated server repetitive draining RAM, OOM constantly

- by Deerly

My linux (fedora red hat 7) virtual dedicated server has been experiencing OOM multiple times a day for the past several days. I thought the issue was with spamd/spamassassin but after disabling this the errors remains. The highest usage displayed on ps faux --cumulative: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 28412 8.7 0.5 309572 109308 ? Sl 22:15 0:17 /usr/java/jdk1. mysql 7716 0.0 0.0 136256 18000 ? Sl 22:12 0:00 _ /usr/libexe named 17697 0.0 0.0 120904 15316 ? Ssl 22:09 0:00 /usr/sbin/named I'm not running any java applications so I'm not sure why the top issue is showing up. It is frustrating as I barely have anything running on the server and use the tiniest fraction of bandwidth. Any help or suggestions on zeroing in on the source of the drain would be much appreciated! Thanks!

Read the article
Should `keepalive_timeout` be removed from Nginx config?

- by Bryson

Which is the better configuration/optimization: to explicitly limit the keepalive_timeout or to allow Nginx to kill keepalive connections on its own? I have seen two conflicting recommendations regarding the keepalive_timeout directive for Nginx. They are as follows: # How long to allow each connection to stay idle; longer values are better # for each individual client, particularly for SSL, but means that worker # connections are tied up longer. (Default: 65) keepalive_timeout 20; and # You should remove keepalive_timeout from your formula. # Nginx closes keepalive connections when the # worker_connections limit is reached. The Nginx documentation for keepalive_timeout makes no mention of the automatic killing, and I have only seen this recommendation once, but it intrigues me. This server serves exclusively TLS-secured connections, and all non-encrypted connections are immediately rerouted to the https:// version of the same URL.

Read the article
Squid site redirection

- by AndyM

I have an internal website that cannot be accessed from some machines on my network, due to the physical location, VPN ,network ranges etc. I would like to install Squid on "in between" network to forward request from the clients that cannot reach the website. The issue is the clients have no ability to connect to www.example.com , but they can reach a network with a squid proxy , which in turn can reach www.example.com What is the correct term I need to research in squid , is it just caching www.example.com or do I need to set the clients to use a URL that gets rewritten ? i.e www.squid-example.com -- www.example.com

Read the article
Duplicate of Certificate Templates does not appear in Certificate Template to Issue

- by Sean

I'm following what should be simple instructions to enable LDAP SSL on our domain controller (instructions here). Duplicating the Kerberos certificate is successful however, when attempting to select "Certificate Template to Issue", the created certificate does not appear. What gives? A long time ago, I actually completed this step on a now decommissioned DC with no problem. Our environment is Windows Server 2008 Standard, and we have two domain controllers. Only one has the role of certificate authority. I look forward to any help here, thank you ahead of time.

Read the article
pam_filter usage prevent passwd from working

- by Henry-Nicolas Tourneur

Hello everybody, I have PAM+LDAP SSL running on Debian Lenny, it works well. I always want to restrict who's able to connect, in the past I used pam_groupdn for that but I recently got a situation where I has to accept 2 different groups. So I used pam_filter like this : pam_filter |(groupattribute=server)(groupattribute=restricted_server) The problem is that with this statement, passwd doesn't work anymore with LDAP accounts. Any idea why ? Please find hereby some links to my config files : Since serverfault.com only allow me to post 1 link, please find hereunder the link to other conf files : http://pastebin.org/447148 Many thanks in advance :)

Read the article
XP IIS no longer listen to port 80 or 443 after installing Oracle 9i HTTP Server

- by Nassign

I have installed Oracle 9i HTTP Server together with the database. After restarting the PC, even though i restarted the IIS and stopped the Oracle HTTP Server. When I go to http://localhost/ The starting page is already the Oracle HTTP Server index page. Also when I look at the port that inetinfo.exe is listening to, it no longer listens to port 80 and the SSL port 443, even if i restart the IIS and World Wide Web Publishing service. Any idea what setting did oracle changed when I installed oracle 9i? The executable associated with the OracleOraHome90HTTPServer is C:\oracle\ora90\Apache\Apache\Apache.exe I already checked the tasklist and Apache is really not running. But there is no process listening to port 80 still even if the IIS restarts successfully. Any ideas how to fix this?

Read the article
Shareing two internet connections on my laptop running Windows XP

- by ashwnacharya

I have two internet connections, one is internet via our organization's corporate LAN network, and the other one is mobile broadband via a USB modem Is there anyway I can share internet connections and use them simultaneously? I want to use the corporate LAN network for normal browsing and connecting my email client, and I want to use the USB modem for establishing a VPN connection. Will I be able to maintain both the connections simultaneously? Can I have parallel downloads, one using our corporate network, and the other one using the mobile broadband? Will I be able to switch my browser between these two connections? My laptop runs Windows XP Service Pack 2.

Read the article
Most secure way of connecting an intranet to an external server

- by Eitan

I have an internal server that hosts an asp.net intranet application. I want to keep it completely and utterly secure and private however we need to expose some information through a WCF service to another server which hosts our external websites which CAN be accessed by the public. What is the best way to pass information between the two servers with regards to an IT setup, while keeping the intranet in house server completely secure and inaccessible? I've heard VPN was the way to go but I wanted to be sure this was the safest way. Another question what would be the most secure way of passing data in the WCF service?

Read the article
How to Make Red zone Network settings to Endian OS

- by Gash

Please help me, Currently we have about 10 pc's sharing internet. and We have CISCO 800 series router that connect the ADSL, to the lan Segment it connect switch throw the switch all pc's are getting connecting. all user pc's having 192.168.3.--- range ips and gateway is 192.168.3.254 now i install the endian firewall to one PC, it must work as firewall,VPN & proxy i made green zone ip as 192.168.3.222 then how to give red zone IP? i know that is static IP but it cant be same range so please help me out to sort this without changing anything in router, if want i can change the internal IP sets instead of 3.-- 10.-- or something like that and also please state me at present i tried Endian firewall red and green zone cables are pluged in to network switch only please help me to overcome this its urgent

Read the article
8GB, but have to run Windows Xp (32 Bit). Anything I can do with the additional memory?

- by user12889

I ordered a new computer with 8GB RAM with the plan to run Windows 7, 64Bit. Turns out now, that I need to run a 32Bit OS (XP or 7) due to some software which does not run on 64Bit yet (not even with any of the available compatibility settings / modes). Is there anything I can do with the memory above 4GB in this scenario? I'm willing to consider creative solutions like running a hypervisor under XP that offers the memory as a RAM-Disk for swapping etc. ? The software that does not run on 64Bit is CISCO VPN (there seems to be a half-working solution for that) and CISCO IP phone / webcam integration "CISCO Unified Video Advantage" (there is apparently no solution for that).

Read the article
RDP and New Accounts

- by leeand00

I created a new user account on the domain and added them to the Remote Desktop Users group. I could login just fine locally, but when I logged in remotely I was basically told that I could not login from there using that user. I could login just fine as the administrator or anybody else other than that new account. So I researched it a bit more and found that my setting looked like this on the local machine: So I changed it to Allow connections only from computers running Remote Desktop with Network Level Authentication (NLA). Now when I tried this down at my office I connected with RDP just fine on another computer. But low and behold when I got home and simply try to connect to the machine, I get the message: There has to be some kind of in between setting, or additional setting that I need to change on the user that allows me to connect directly via remote desktop over the VPN. At the moment I can connect by connecting to another computer on the network and then RDPing from there into my machine, but this is not ideal.

Read the article
curl failed setting cipher list

- by synapse

I'm trying to make curl use GOST2001-GOST89-GOST89 cipher which is available and usable by OpenSSL but keep getting failed setting cipher list error despite the fact that curl sees gost engine and can use GOST client certificates. How can I fix this? All the libraries are compiled from source. $ openssl ciphers | grep -o '\(GOST[[:digit:]]\+-\?\)\+' GOST2001-GOST89-GOST89 GOST94-GOST89-GOST89 $ openssl engine | grep gost (gost) Reference implementation of GOST engine $ openssl version OpenSSL 1.0.1 14 Mar 2012 $ curl -V curl 7.25.0 (x86_64-apple-darwin11.3.0) libcurl/7.25.0 OpenSSL/1.0.1 zlib/1.2.5 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp Features: IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP $ curl --engine gost --ciphers GOST2001-GOST89-GOST89 https://localhost:4433 curl: (59) failed setting cipher list

Read the article
unable to get local issuer certificate - Ubuntu 11.04

- by user1443867

I'm facing a strange issue. My vps from Linode has no issue connecting to apple push server with following command. openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert Test_dev_apns_cert.pem -key Test_dev_apns_key.pem However, I was using the same pem files with above command testing from my another low budget vps and I'm getting this: Verify return code: 20 (unable to get local issuer certificate) Both are running Ubuntu 11.04 and installed LAMP as usual. No special configuration is done to both servers for SSL. Am I missing something here?

Read the article
What is a good and safe way of sharing certificates?

- by Kaustubh P

I have a few certificates, that are used as authentication, to ssh into my servers on the Amazon cloud. I rotate those certificates weekly, manually. My question is, I need to share the certificates with some colleagues, a few on the LAN, and a few in another part of the country. What is the best practice to share the certificate? My initial thoughts were Dropbox and email. We dont host dedicated email servers with encryption and all, and dont have a VPN. Thanks.

Read the article

< Previous Page | 161 162 163 164 165 166 167 168 169 170 171 172 | Next Page >