//ftp_ssl_connect with Explicit ftp over tls
$ftp_host = 'xxx.xxx.xxx.xxx'; /* host */
$conn_id = ftp_ssl_connect($ftp_host,9906);
ftp_pasv($conn_id, TRUE);
var_dump($conn_id);
Result: bool(false)
There are some firewall restrictions on the host and probably required white list on the host. Do I have to whitelist the client system/server or the system where I am interacting with the client system/server? Suggestions/Solutions would be greatly appreciated.
Related
I wrote a java code. In the code, I used com.microsoft.sqlserver.jdbc.SQLServerDataSource to establish a JDBC connection with my Azure sql database . I found that no matter whether I used " ds.setEncrypt(true);" or not, the JDBC connection was encrypted by TLS ( I use wireshark to catch the TCP packaege , all the package is TLS whether I used " ds.setEncrypt(true);" or not ).
Why ? I checked many official documents, but I couldn't find the answer . It's too difficult...
Azure sql database TLS is always enable ? Are there relevant official documents to prove it ?
The question is : I use ds.setEncrypt(true) or not ,even i set this to "false" , the TCP packages are encrypted by TLS . Why ?
Below is my code to establish the JDBC connection .
public static Connection getConnectionObject() {
SQLServerDataSource ds = new SQLServerDataSource();
ds.setServerName("azuresqldbserver0821.database.windows.net");
ds.setDatabaseName("azuresqldb0821");
ds.setPortNumber(1433);
ds.setUser("root0817");
ds.setPassword("<YourStrong#Passw0rd>");
ds.setEncrypt(false);// I use this method or not ,even i set this to "false" , the TCP packages are encrypted by TLS
ds.setTrustServerCertificate(true);
Connection conn;
try {
conn = ds.getConnection();
} catch (Exception e) {
e.printStackTrace();
return null;
}
return conn;
}
}
When a client first attempts a connection to SQL Azure, it sends an initial connection request. Consider this a "pre-pre-connection" request. At this point the client does not know if TLS/SSL/Encryption is required and waits an answer from SQL Azure to determine if TLS/SSL is indeed required throughout the session (not just the login sequence, the entire connection session). A bit is set on the response indicating so. Then the client library disconnects and reconnects armed with this information.
When you set "Encrypt connection" setting on the connetion string you avoid the "pre-pre-connection", you are preventing any proxy from turning off the encryption bit on the client side of the proxy, this way attacks like man-in-the-middle attack are avoided.
When secure connections are needed, please enable "Encrypt connection" setting.
In-transit encryption to Azure SQL is always enabled.
Transport Layer Security (TLS) was previously known as Secure Sockets Layer (SSL).
I am trying to connect to Azure vNET Gateway and I am not having success. It ends with ErrorCode = 720 ErrorSource = RAS. Anyone experienced this issue before for the following scenario?
Azure vNET Gateway configured with Basic SKU.
VpnStrategy is SSTP for Windows 10
Authentication: Client certificate (self signed)
Both the root and client certificates are in current user personal store. They are resolved ok.
Root cert is stored in trusted root path of current user
Root cert is saved in Azure vpn gateway user configuration without line breaks
Don't wish to create other SKU to save $$ on poc
Deleted all the WAN Miniport adapters and rebooted the machine with no success. They get recreated automatically
I can't share certificates (root or client) in this forum since I am revealing the vpn gateway endpoint in the logs (for security reason)
Event logs from local machine in the order of execution:
CoId={3285D778-432A-4746-B74C-8B95FECEB53E}: The user SYSTEM has started dialing a Connection Manager connection using a per-user connection profile named az-aks-vnet-v2. The connection settings are:
Dial-in User = P2SDemoClientCert
VpnStrategy = SSTP
DataEncryption = Require
PrerequisiteEntry =
AutoLogon = No
UseRasCredentials = Yes
Authentication Type = EAP <Microsoft: Smart Card or other certificate>
Ipv4DefaultGateway = No
Ipv4AddressAssignment = By Server
Ipv4DNSServerAssignment = By Server
Ipv6DefaultGateway = Yes
Ipv6AddressAssignment = By Server
Ipv6DNSServerAssignment = By Server
IpDnsFlags =
IpNBTEnabled = Yes
UseFlags = Private Connection
ConnectOnWinlogon = No.
CoId={3285D778-432A-4746-B74C-8B95FECEB53E}: The user SYSTEM is trying to establish a link to the Remote Access Server for the connection named az-aks-vnet-v2 using the following device:
Server address/Phone Number = azuregateway-b80c0077-e69d-4f0c-8f50-baa0c7a6e23e-0fe0aceeddbb.vpn.azure.com
Device = WAN Miniport (SSTP)
Port = VPN1-1
MediaType = VPN.
CoId={3285D778-432A-4746-B74C-8B95FECEB53E}: The user SYSTEM has successfully established a link to the Remote Access Server using the following device:
Server address/Phone Number = azuregateway-b80c0077-e69d-4f0c-8f50-baa0c7a6e23e-0fe0aceeddbb.vpn.azure.com
Device = WAN Miniport (SSTP)
Port = VPN1-1
MediaType = VPN.
CoId={3285D778-432A-4746-B74C-8B95FECEB53E}: The link to the Remote Access Server has been established by user SYSTEM.
CoId={3285D778-432A-4746-B74C-8B95FECEB53E}: The user SYSTEM dialed a connection named az-aks-vnet-v2 which has failed. The error code returned on failure is 720.
VPN logs:
******************************************************************
Operating System : Windows NT 10.0
Dialer Version : 7.2.18362.1
Connection Name : az-aks-vnet-v2
All Users/Single User : Single User
Start Date/Time : 6/22/2020, 10:31:31
******************************************************************
Module Name, Time, Log ID, Log Item Name, Other Info
For Connection Type, 0=dial-up, 1=VPN, 2=VPN over dial-up
******************************************************************
[cmdial32] 10:31:31 03 Pre-Init Event CallingProcess = C:\WINDOWS\system32\rasautou.exe
[cmdial32] 10:31:40 04 Pre-Connect Event ConnectionType = 1
[cmdial32] 10:31:40 06 Pre-Tunnel Event UserName = P2SDemoClientCert Domain = DUNSetting = b80c0077-e69d-4f0c-8f50-baa0c7a6e23e Tunnel DeviceName = TunnelAddress = azuregateway-b80c0077-e69d-4f0c-8f50-baa0c7a6e23e-0fe0aceeddbb.vpn.azure.com
[cmdial32] 10:31:42 21 On-Error Event ErrorCode = 720 ErrorSource = RAS
Thanks in advance for the help.
The problem is resolved, I just needed a break from computer and take a long evening walk! This is what I did to fix the problem-
Open Device Manager
Go to Network Adapters
Uninstall all the adapters name starts with "WAN Miniport". Repeat the step for every “WAN Miniport driver” installed
I didn't reboot the machine.
Right click “Network adapters” and select “Scan for hardware changes”
All of the WAN Miniport adapters will reappear immediately
I was able to connect to the VPN Gateway after the above steps and connect to VM with private ip.
Thanks to svenvdveen for the solution with the exception of no reboot. I followed the same instruction (twice) before and I rebooted the machine but didn't have luck!
I ran into a similar issue with Azure Basic Gateway.
For anyone reading this, I suggest you start by simply uninstalling the Wan Miniport (Ikev2). Then try to connect to your VPN again. It worked in my case :).
(Windows 11)
I want to import some data to Excel2016 from a postgresSQL table. I have tried it by clicking "new query" and selecting From Database -> From PostgresSQL Database:
But then I receive the following error:
Details: "TlsClientStream.ClientAlertException: CertificateUnknown: Server certificate was not accepted. Chain status: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
. The specified hostname was not present in the certificate.
at TlsClientStream.TlsClientStream.ParseCertificateMessage(Byte[] buf, Int32& pos)
at TlsClientStream.TlsClientStream.TraverseHandshakeMessages()
at TlsClientStream.TlsClientStream.GetInitialHandshakeMessages(Boolean allowApplicationData)
at TlsClientStream.TlsClientStream.PerformInitialHandshake(String hostName, X509CertificateCollection clientCertificates, RemoteCertificateValidationCallback remoteCertificateValidationCallback, Boolean checkCertificateRevocation)"
Any suggestions on how to solve this? Thank you so much in advance!
This error is indicative of a connection being made to the PostgreSQL db where the server's certificate cannot be validated by the client making a connection. This error only happens when the "Trust Server Certificate" is set to FALSE in the library Excel uses to connect to PostgreSQL (npgsql).
There are several ways that may work to address this, in the order I'd suggest trying them:
If there's an option hidden in Excel (perhaps under advanced options or similar) to set the 'Trust Server Certificate' parameter to True, then your connection will start working. If it allows you to specify an entire connection string, then this can be done in the connection string as well.
The database should have a public key in an SSL cert listed in the postgresql.conf file for the db. If you (or your db administrator) can get that public key and add it to your machine (instructions will vary depending on your operating system).
I have finally found a workaround for my problem.
What you can do is to:
Install the current postgresql driver from here
Follow the instruction from this video
With this, you can connect to your postgreSQL database by ODBC.
User who has authorized TLS certificate only able to connect to Open-sip server from application (Android and iOS).
What we need to change in config file for only TLS connection to Open-sip server.
You can configure the TLS certificate information in opensips.cfg file
tls_certificate="/usr/local/etc/opensips/tls/glob/glob-cert.pem"
tls_private_key="/usr/local/etc/opensips/tls/glob/glob-privkey.pem"
tls_ca_list="/usr/local/etc/opensips/tls/glob/glob-calist.pem"
## turn on the strictest and strongest authentication possible
tls_verify_client = 1
tls_require_client_certificate = 1
tls_method = TLSv1
tls_verify_client = 1 will ensure the client with authorized certificate configured in tls_ca_list file
Can you try uncommenting the line of startTLS from config file and make it true as a value?
It should work!
Also make sure that your Android and iOS clients are configured to accept TLS connections(though most of the time it's default behaviour).
Hi All,
I want to create a JSP page where I will ask user to give the source host and port and also destination host and port.
Following combination of source and destination OS is possible
Unix->Unix/Windows/zOS Windows-> Unix/Windows/zOS zOS ->
Unix/Windows/zOS
With these inputs I want to connect to the source server and fire this command telnet $ip $port to the destination. If the telnet connectivity is successful it should return success and else error.
I want to create the logic non-interactive that it should not require any password to login the source for checking telnet connectivity.
Is there any such library or any mechanism available so that I could make this feasible?
Why not use Apache Commons Net?
TelnetClient telnet = new TelnetClient();
try {
telnet.connect("rainmaker.wunderground.com", 3000);
} catch(IOException e) {
// failed
} finally {
telnet.disconnect();
}