GLassfish SSL Configuration Page Level
- by user332078
How to secure only some of the pages from the whole web application under glassfish V3 ?
Search Results
Search found 5390 results on 216 pages for 'ssl vpn'.
Page 67/216 | < Previous Page | 63 64 65 66 67 68 69 70 71 72 73 74 | Next Page >
-
-
Multiple certs with one private key on apache?
- by tenbatsu
Really fundamental question here, but nothing a quick google search is lending itself to. Do I need to generate a separate private key for each cert I use in apache? Server details: % /usr/sbin/httpd -v Server version: Apache/2.2.8 (Unix) Server built: Jan 24 2008 10:44:19 % uname -a Linux *.com 2.6.23.15-80.fc7 #1 SMP Sun Feb 10 17:29:10 EST 2008 i686 i686 i386 GNU/Linux % cat /proc/versionversion 2.6.23.15-80.fc7 ([email protected]) (gcc version 4.1.2 20070925 (Red Hat 4.1.2-27)) #1 SMP Sun Feb 10 17:29:10 EST 2008Read the article
-
How do I prevent TCP connection freezes over an OpenVPN network?
- by Jason R
New details added at the end of this question; it's possible that I'm zeroing in on the cause. I have a UDP OpenVPN-based VPN set up in tap mode (I need tap because I need the VPN to pass multicast packets, which doesn't seem to be possible with tun networks) with a handful of clients across the Internet. I've been experiencing frequent TCP connection freezes over the VPN. That is, I will establish a TCP connection (e.g. an SSH connection, but other protocols have similar issues), and at some point during the session, it seems that traffic will cease being transmitted over that TCP session. This seems to be related to points at which large data transfers occur, such as if I execute an ls command in an SSH session, or if I cat a long log file. Some Google searches turn up a number of answers like this previous one on Server Fault, indicating that the likely culprit is an MTU issue: that during periods of high traffic, the VPN is trying to send packets that get dropped somewhere in the pipes between the VPN endpoints. The above-linked answer suggests using the following OpenVPN configuration settings to mitigate the problem: fragment 1400 mssfix This should limit the MTU used on the VPN to 1400 bytes and fix the TCP maximum segment size to prevent the generation of any packets larger than that. This seems to mitigate the problem a bit, but I still frequently see the freezes. I've tried a number of sizes as arguments to the fragment directive: 1200, 1000, 576, all with similar results. I can't think of any strange network topology between the two ends that could trigger such a problem: the VPN server is running on a pfSense machine connected directly to the Internet, and my client is also connected directly to the Internet at another location. One other strange piece of the puzzle: if I run the tracepath utility, then that seems to band-aid the problem. A sample run looks like: [~]$ tracepath -n 192.168.100.91 1: 192.168.100.90 0.039ms pmtu 1500 1: 192.168.100.91 40.823ms reached 1: 192.168.100.91 19.846ms reached Resume: pmtu 1500 hops 1 back 64 The above run is between two clients on the VPN: I initiated the trace from 192.168.100.90 to the destination of 192.168.100.91. Both clients were configured with fragment 1200; mssfix; in an attempt to limit the MTU used on the link. The above results would seem to suggest that tracepath was able to detect a path MTU of 1500 bytes between the two clients. I would assume that it would be somewhat smaller due to the fragmentation settings specified in the OpenVPN configuration. I found that result somewhat strange. Even stranger, however: if I have a TCP connection in the stalled state (e.g. an SSH session with a directory listing that froze in the middle), then executing the tracepath command shown above causes the connection to start up again! I can't figure out any reasonable explanation for why this would be the case, but I feel like this might be pointing toward a solution to ultimately eradicate the problem. Does anyone have any recommendations for other things to try? Edit: I've come back and looked at this a bit further, and have found only more confounding information: I set the OpenVPN connection to fragment at 1400 bytes, as shown above. Then, I connected to the VPN from across the Internet and used Wireshark to look at the UDP packets that were sent to the VPN server while the stall occurred. None were greater than the specified 1400 byte count, so the fragmentation seems to be functioning properly. To verify that even a 1400-byte MTU would be sufficient, I pinged the VPN server using the following (Linux) command: ping <host> -s 1450 -M do This (I believe) sends a 1450-byte packet with fragmentation disabled (I at least verified that it didn't work if I set it to an obviously-too-large value like 1600 bytes). These seem to work just fine; I get replies back from the host with no issue. So, maybe this isn't an MTU issue at all. I'm just confused as to what else it might be! Edit 2: The rabbit hole just keeps getting deeper: I've now isolated the problem a bit more. It seems to be related to the exact OS that the VPN client uses. I have successfully duplicated the problem on at least three Ubuntu machines (versions 12.04 through 13.04). I can reliably duplicate an SSH connection freeze within a minute or so by just cat-ing a large log file. However, if I do the same test using a CentOS 6 machine as a client, then I don't see the problem! I've tested using the exact same OpenVPN client version as I was using on the Ubuntu machines. I can cat log files for hours without seeing the connection freeze. This seems to provide some insight as to the ultimate cause, but I'm just not sure what that insight is. I have examined the traffic over the VPN using Wireshark. I'm not a TCP expert, so I'm not sure what to make of the gory details, but the gist is that at some point, a UDP packet gets dropped due to the limited bandwidth of the Internet link, causing TCP retransmissions inside the VPN tunnel. On the CentOS client, these retransmissions occur properly and things move on happily. At some point with the Ubuntu clients, though, the remote end starts retransmitting the same TCP segment over and over (with the transmit delay increasing between each retransmission). The client sends what looks like a valid TCP ACK to each retransmission, but the remote end still continues to transmit the same TCP segment periodically. This extends ad infinitum and the connection stalls. My question here would be: Does anyone have any recommendations for how to troubleshoot and/or determine the root cause of the TCP issue? It's as if the remote end isn't accepting the ACK messages sent by the VPN client. One common difference between the CentOS node and the various Ubuntu releases is that Ubuntu has a much more recent Linux kernel version (from 3.2 in Ubuntu 12.04 to 3.8 in 13.04). A pointer to some new kernel bug maybe? I'm assuming that if that were so, then I wouldn't be the only one experiencing the problem; I don't think this seems like a particularly exotic setup.Read the article
-
SubjectAltNames supported on IIS 5 ?
- by traff
I just generated a certificate with a CN and two subject alternative names (3 differents fqdn) and i always get a handshake failure, whatever the ssl version i use: 14177:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428: 14176:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530: I'm now asking myself if IIS 5 on win2000 does really support those certificates, any ideas ? Thanks in advance.Read the article
-
How do I install the Cisco Anyconnect VPN client?
- by chuck
I installed Cisco AnyConnect for Ubuntu(64) 12.04, but it failed. It can be installed on Ubuntu 10.10(64). The error log Installing Cisco AnyConnect VPN Client ... Extracting installation files to /tmp/vpn.teuSIr/vpninst096243274.tgz... Unarchiving installation files to /tmp/vpn.teuSIr... Starting the VPN agent... /opt/cisco/vpn/bin/vpnagentd: error while loading shared libraries: libxml2.so.2: cannot open shared object file: No such file or directory When I meet that, locate libxml2.so.2 /usr/lib/x86_64-linux-gnu/libxml2.so.2 /usr/lib/x86_64-linux-gnu/libxml2.so.2.7.8 So I create symbol link libxml2.so.2 in /user/lib and after I do: Installing Cisco AnyConnect VPN Client ... Extracting installation files to /tmp/vpn.5cz4FV/vpninst001442979.tgz... Unarchiving installation files to /tmp/vpn.5cz4FV... Starting the VPN agent... /opt/cisco/vpn/bin/vpnagentd: error while loading shared libraries: libxml2.so.2: wrong ELF class: ELFCLASS64 I ensure that there exist lib32 runtime lib on my device. How can I fix this?Read the article
-
What compatibility trade-offs do we need to make in order to use a hardened SSL config for Nginx?
- by nathan.f77
I found some hardened SSL settings in github.com/ioerror/duraconf. Here is the header from the config: This is an example of a high security, somewhat compatible SSLv3 and TLSv1 enabled HTTPS proxy server. The server only allows modes that provide perfect forward secrecy; no other modes are offered. Anonymous cipher modes are disabled. This configuation does not include the HSTS header to ensure that users do not accidentally connect to an insecure HTTP service after their first visit. It only supports strong ciphers in PFS mode: ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; # Only strong ciphers in PFS mode ssl_ciphers ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA; ssl_protocols SSLv3 TLSv1; If we were to use these settings on our website, what does "somewhat compatible" mean? For example, would IE6 still be able to connect?Read the article
-
IKE2 VPN Server Certificate expired. How do I issue a new one
- by Preet Sangha
This is a completely new area for me. We are getting "13801: IKE Auth Credentials are unacceptable" messages when connecting to our VPN service on a small Windows 2008R2 domain. Doing a google search has lead me to investigate the Certificate Authority. I've looked in the Certificate Authority | Issued Certificates And the one for the VPN Reconnect is marked as expired since a couple of hours a ago. Can some one tell me what the step I need to take to regen/reissue a simillar cert please? FYI:The client certs are not expiring for a number of years so they are fine.Read the article
-
What's the best way to share folder between guest and host machine in VMWARE over VPN?
- by melaos
i have a win 7 host machine and i'm running my vmware which is a win server machine. So i'm doing windows development work on my vmware. the source codes are in my win 7 machine which i access using a shared folder method. My only problem now is when my vmware connects to VPN to the deploy the codes, the folder gets disconnected. as i don't really understand the networking or the vmware architecture, what can i do so that i can share the folder from my win 7 host machine to my vmware without getting disconnected when i connect to VPN using my guest (win server) machine? please advise. stuck on vmware thanksRead the article
-
How can I create an external SSL wrapper/tunnel page for an insecure webpage behind a firewall?
- by Ross Rogers
I have an security cam with a built-in webpage inside my home network. That camera is using basic HTTP authentication instead of SSL. I want to be able to access the camera's webpage from outside my network, but I don't want to open an unencrypted video stream to the outside world. Right now, I'm doing some cumbersome ssh tunneling where I bounce off an ssh server like: ssh -N -L 9090:CAMERA_IP:80 [email protected] and then I connect to my web page like: http://localhost:9090 But this is a pain. Now, gentle reader, I beseech you to tell me how I can use linux (Ubuntu) to get a fully encrypted SSL connection to my internal web page without the hassle of creating an ssh tunnel each time. I believe I can use stunnel, but I'm not sure of the command.Read the article
-
VPN - What is the complexity involved setting one up across less than a dozen machines?
- by lucius
Hello, I have never set up and configured a VPN. I was wondering what it takes to set one up across windows server 2008 servers. What is the complexity involved? How complicated is it to configure? Do I need to set up a Domain controller as a pre-requisite? I am asking because it appears SQL Server 2008 merge replication can only be set up over the internet using VPN and I am trying to gauge what I am up against. Thanks a lot.Read the article
-
Can a company use VPN to spy on me?
- by orokusaki
I'm about to work with a company on a development project, but they first need to set up a pretty complicated environment, and suggested they use VPN to work on my machine to do this. Should I be concerned that somebody can just watch me work? It would be embarrassing, if somebody could witness my work habits (e.g. Asking questions on SO and researching all day is part of my daily work regiment, and makes me feel like a noob, but it keeps me sharp. I also listen to conspiracy videos all day, and RadioLab podcasts, :). Is VPN going to introduce this possibility, and if so, is there a way around it? EDIT: Also, is there a way I can always tell when somebody is VPNed into my computer?Read the article
-
Possible to get OpenDNS to dereference Host on VPN?
- by Scott P
I recently changed ISPs for my home internet. I am now having some trouble getting back into the corporate network from home over the VPN. I have figured out the OpenDNS is resolving the Hosts on the VPN incorrectly when I am using TCP/IP. When I browse to one of the hosts on corporate network, i.e. \host1, from the file manager this succeeds. However, when I ping the host, i.e. ping host1, the IP address is resolving to the OpenDNS name server instead of the actual Host IP address. Does anyone know how to make this work? On a hunch, I turned off type correction. But, this did not help.Read the article
-
curl can't verify cert using capath, but can with cacert option
- by phylae
I am trying to use curl to connect to a site using HTTPS. But curl is failing to verify the SSL cert. $ curl --verbose --capath ./certs/ --head https://example.com/ * About to connect() to example.com port 443 (#0) * Trying 1.1.1.1... connected * Connected to example.com (1.1.1.1) port 443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: ./certs/ * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS alert, Server hello (2): * SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed * Closing connection #0 curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. I know about the -k option. But I do actually want to verify the cert. The certs directory has been properly hashed with c_rehash . and it contains: A Verisign intermediate cert Two self-signed certs The above site should be verified with the Verisign intermediate cert. When I use the --cacert option instead (and point directly to the Verisign cert) curl is able to verify the SSL cert. $ curl --verbose --cacert ./certs/verisign-intermediate-ca.crt --head https://example.com/ * About to connect() to example.com port 443 (#0) * Trying 1.1.1.1... connected * Connected to example.com (1.1.1.1) port 443 (#0) * successfully set certificate verify locations: * CAfile: ./certs/verisign-intermediate-ca.crt CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using RC4-SHA * Server certificate: * subject: C=US; ST=State; L=City; O=Company; OU=ou1; CN=example.com * start date: 2011-04-17 00:00:00 GMT * expire date: 2012-04-15 23:59:59 GMT * common name: example.com (matched) * issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=Terms of use at https://www.verisign.com/rpa (c)10; CN=VeriSign Class 3 Secure Server CA - G3 * SSL certificate verify ok. > HEAD / HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15 > Host: example.com > Accept: */* > < HTTP/1.1 404 Not Found HTTP/1.1 404 Not Found < Cache-Control: must-revalidate,no-cache,no-store Cache-Control: must-revalidate,no-cache,no-store < Content-Type: text/html;charset=ISO-8859-1 Content-Type: text/html;charset=ISO-8859-1 < Content-Length: 1267 Content-Length: 1267 < Server: Jetty(7.2.2.v20101205) Server: Jetty(7.2.2.v20101205) < * Connection #0 to host example.com left intact * Closing connection #0 * SSLv3, TLS alert, Client hello (1): In addition, if I try hitting one of the sites using a self signed cert and the --capath option, it also works. (Let me know if I should post an example of that.) This implies that curl is finding the cert directory, and it is properly hash. Finally, I am able to verify the SSL cert with openssl, using its -CApath option. $ openssl s_client -CApath ./certs/ -connect example.com:443 CONNECTED(00000003) depth=3 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority verify return:1 depth=2 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 verify return:1 depth=1 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3 verify return:1 depth=0 /C=US/ST=State/L=City/O=Company/OU=ou1/CN=example.com verify return:1 --- Certificate chain 0 s:/C=US/ST=State/L=City/O=Company/OU=ou1/CN=example.com i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3 --- Server certificate -----BEGIN CERTIFICATE----- <cert removed> -----END CERTIFICATE----- subject=/C=US/ST=State/L=City/O=Company/OU=ou1/CN=example.com issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server CA - G3 --- No client certificate CA names sent --- SSL handshake has read 1563 bytes and written 435 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-SHA Session-ID: D65C4C6D52E183BF1E7543DA6D6A74EDD7D6E98EB7BD4D48450885188B127717 Session-ID-ctx: Master-Key: 253D4A3477FDED5FD1353D16C1F65CFCBFD78276B6DA1A078F19A51E9F79F7DAB4C7C98E5B8F308FC89C777519C887E2 Key-Arg : None Start Time: 1303258052 Timeout : 300 (sec) Verify return code: 0 (ok) --- QUIT DONE How can I get curl to verify this cert using the --capath option?Read the article
-
Connect macbook to my LAN through a VPN - best solution?
- by LewisMc
So I have a LAN connected via a ADSL/PPPoA, this is using a bog-standard DLink router supplied by my ISP (talktalk UK). I have a NAS within the LAN that is running FreeNAS and I want to be able to connect to it when I'm out and about. It's running an atom so it's quite low on juice consumption but I don't want to have it on all day and night so I've been waking it via a magic packet and booting it down from the web admin when I need it. So I want to connect to the LAN, I presume via a VPN, to be able to send a magic packet. But what is the best method to accomplish this, or is there an easier way? I've been looking at the cisco 857 integrated router and the Netgear prosafe 318(behind modem) but not sure If I'm on the right track with what I want to achieve as I've not much experience or knowledge with VPN's or networking (software engineering student). I have tried port forwarding but to no avail, either with magic packets or even connecting outside the LAN via DYNDNS. Thanks,Read the article
-
What are the reasons for putting a VPN into a network?
- by Craig Johnston
What are the reasons for putting setting up a VPN? Does it require a domain name?Read the article
-
Can I make a computer connecting via VPN visible to computers within the network it is connecting to
- by SCdF
OK, here's the deal: I have a computer (specifically, a MacBook Pro) that is connected to a standard network that is then connected to the big nasty internet. Let's call it foo. It runs a web server on 8084, and so if you were on its local network you could get to this with http://foo:8084/, or http://192.168.1.2:8084/, or whatever. From foo I can VPN into my companies intranet and see a computer on the local company network called bar (another MacBook Pro, incidentally). Is there any way to set this up so that while foo is on the VPN bar can access http://foo:8084/ (or http://x.x.x.x:8084/, or whatever)? (From my limited understanding of how VPNs work I have a sneaking suspicion the answer is no, but it doesn't hurt to ask...)Read the article
-
SSL Certificate Expiry: Does the expiry time make any difference at all?
- by CYMR0
I need to know when an SSL certificate actually expires. Does it just look at the expiry date, or does it also take into account the expiry time? Let's say a certificate expired on 1/1/2013 at 11am. Does that certificate expire at 11:01am or is it only the following day that the certificate expires? I have been told both are true. Hope that makes sense! Our suppliers messed up and let our certificate expire, and I'm trying to figure out how much compensation we're owed. I found this question Details on exact expiration datetime of an SSL certificate? but it didn't quite answer what I need (and I didn't like to revive a dead question).Read the article
-
How to control remote access to Sonicwall VPN beyond passwords?
- by pghcpa
I have a SonicWall TZ-210. I want an extremely easy way to limit external remote access to the VPN beyond just username and password, but I do not wish to buy/deploy a OTP appliance because that is overkill for my situation. I also do not want to use IPSec because my remote users are roaming. I want the user to be in physical possession of something, whether that is a pre-configured client with an encrypted key or a certificate .cer/.pfx of some sort. SonicWall used to offer "Certificate Services" for authentication, but apparently discontinued that a long time ago. So, what is everyone using in its place? Beyond the "Fortune 500" expensive solution, how do I limit access to the VPN to only those users who have possession of a certificate file or some other file or something beyond passwords? Thanks.Read the article
-
How to create a VPN between a Host and VMWare VMs?
- by Anindya Chatterjee
I have a set of machines as follows My home laptop running Win7 Ultimate with internet connection. A vmware workstation vm running Windows Server 2003 Standard edition server in my laptop w/o internet connectivity Some of my peers' machines connected to internet I want to create a VPN with these machines, provided the VM will not have any direct internet connection and my peers should able to connect to the SVN server application running on this Win2003 server VM. Can anybody please suggest me how to setup this network, what software I need to install in both physical machine and vm, what kind of network connectivity should be there between vmware guest and host machine? EDIT: I deliberately don't want to connect the VM with internet. The host will work more of a gateway of the VPN connection for the VM.Read the article
-
VPN is working, except for DNS lookups. Firewall (Cisco ASA 5505) issue?
- by macke
I've got the following set up: LAN -> DHCP / DNS / VPN server (OSX 10.6) -> Cisco ASA 5505 -> WAN Connecting to the LAN via VPN works fine. I get all the details properly and I can ping any host on the internal network using their IP. However, I can't do any host lookups whatsoever. I've looked through the logs on and found this nugget in the firewall log: 3 Sep 08 2010 10:46:40 305006 10.0.0.197 65371 portmap translation creation failed for udp src inside:myhostname.local/53 dst inside:10.0.0.197/65371 Port 53 is dns services, no? Because of that log entry, I'm thinking that the issue is with the firewall, not the server. Any ideas? Please keep in mind that I have very little knowledge and experience with this kind of firewall and the little experience I do have is with the ASDM GUI console, not the CLI console.Read the article
-
How can I port forward over a VPN NAT?
- by Charlie
I have a multi-site VPN currently running with pfSense boxes and currently using OpenVPN. However I can change the OS and VPN type if need be. The main router has a 10.13.0.0/16 subnet and a series of public IPs For example, a branch has a 10.12.1.0/24 subnet How can I port forward NAT traffic on a public IP of the main router to a server behind the NAT of the second? So for instance port 95 on a public IP assigned to the main router forwards to 10.12.1.102 on the other router. Is this even possible? Currently my setup works great but only for intertnal trafficRead the article
-
Setup IIS 7.5 with multiple website bindings and SSL?
- by JK01
On IIS 7.5 I am trying to achieve this with two websites: Default Web Site is bound to: (blank host header port 80 - http) (blank host header port 443 - https) go.example.com www71.example.com the IP address of go.example.com 2nd web site "Beta" is bound to: beta.example.com (blank host header port 443 - https) * using blank only because it doesn't seem to be possible to bind https to a named host header And both need to work with SSL. But I have these problems: When I type in beta.example.com, I see the go.example.com site instead I can not seem to add the SSL binding to both websites at once (I have a single *.example.com wildcard certificate). The beta site will not even start if I add the https binding to it. This is how I have set it up: What is the correct way to set it up?Read the article
-
How to map a VPN (tun0) network adapter on host Ubuntu to a VirtualBox guest Windows?
- by Mashimom
I have a Ubuntu 10.04 running Oracle VirtualBox 3.2.6 with a Windows XP guest. I use a VPN that I would like to be accessed by the guest VM, on a ifconfig it shows as: tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:5.192.10.99 P-t-P:5.192.10.99 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1362 Metric:1 RX packets:14151 errors:0 dropped:0 overruns:0 frame:0 TX packets:19860 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:4415271 (4.4 MB) TX bytes:17949982 (17.9 MB) Using NAT or Bridge adapters on the VM only gives me the non-vpn adapter. How can I map the tun0 adapter to VirtualBox?Read the article
-
How can I force all requests to be SSL when using EC2 load balancer?
- by chris
I currently have a single EC2 instance which is forcing all requests to be secure by using mod_rewrite: RewriteEngine On RewriteCond %{SERVER_PORT} !443 RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L] I am planning on moving to a load balanced setup, with multiple back-end instances. If I set up my EC2 load balancer with my certs, do I need to use SSL to communicate between the LB and my instances? If not, is it as simple as replacing the RewriteCond with RewriteCond %{HTTP:X-Forwarded_Proto} ^http$ Edit: I tried using the x-forwarded-proto, but it does not appear to work. Is there another way to detect if someone is connected to the LB via SSL?Read the article
-
Connect macbook to my LAN through a VPN - best solution? [closed]
- by LewisMc
So I have a LAN connected via a ADSL/PPPoA, this is using a bog-standard DLink router supplied by my ISP (talktalk UK). I have a NAS within the LAN that is running FreeNAS and I want to be able to connect to it when I'm out and about. It's running an atom so it's quite low on juice consumption but I don't want to have it on all day and night so I've been waking it via a magic packet and booting it down from the web admin when I need it. So I want to connect to the LAN, I presume via a VPN, to be able to send a magic packet. But what is the best method to accomplish this, or is there an easier way? I've been looking at the cisco 857 integrated router and the Netgear prosafe 318(behind modem) but not sure If I'm on the right track with what I want to achieve as I've not much experience or knowledge with VPN's or networking (software engineering student). I have tried port forwarding but to no avail, either with magic packets or even connecting outside the LAN via DYNDNS. Thanks,Read the article
