I was trying to build OpenVPN with Microsoft Azure but having problems now...
After adding inbound rules I am able to connect to the server now but something get weird here since I am not able to visit any websites e.g. google.com, amazon.com, etc. Then I searched online and eventually found out that I did not have my route table configured yet. I have tried to configure it myself but failed after many attempts, need some help here.
I would appreciate it a lot if someone can help my resolve the problem since it is driving me crazy.
Great thanks!
Using Ubuntu 16.04
OpenVPN 2.3.7
I only added one route to the route table - Name: GatewaySubnet; Address Prefix:10.0.3.0/27; Next Hop:Virtual network gateway
and a subnet: NAME: default; Address range:10.0.0.0/24...
Do not have access to the internet after connecting to OpenVPN server build with Microsoft Azure
Related
I am very new to development, so I apologize in advance if I am not being clear enough. I appreciate any feedback on the question and how to better pose it.
I'm currently working on an angular app hosted in WSL2. To get it to run locally, this is what I do:
Launch solution in VS Code
From terminal, run npm start
Then, I click on Run and Debug
Once I get the Now listening on: ..... message, I move on to Chrome to start debugging my app
Since this morning, I keep getting a ERR_CONNECTION_REFUSED in the browser, and I'm currently waiting on IT to step in as there could have been some security changes placed that are blocking the requests. Also, I'm not using the VPN.
In the meantime, is there a way to know for sure (or get as close as possible to) what is causing the connection to be refused in my particular scenario? I'm curious about it, but I don't know how to even search the topic properly due to lack of proper terms.
What should one do to at least obtain more details about the issue on their own (perhaps, to help expedite help by collecting important info upfront)? Where my apps are hosted in WSL2, I get very confused between the ip address originating the request and that of the server.
I appreciate any guidance anyone could provide.
It turned out there was a VPN software running where the firewall was ON, even though I was not in the VPN (it went on after I connected to the VPN the previous day). I guess there was nothing else I could have done anyway.
I encountered a very strange issue I've seen more often but could workaround. A VPS with Windows Server 2012 on it and IIS installed is unable to access its own webpages by its public IP.
When I open up Internet Explorer on the VPS and goto localhost, I see the default IIS page. Whenever I try the public IP, it times out.
If I access the same IP from another PC, I can also see the IIS page.
I've tried pinging to my public IP from the VPS, this works. I then tried to disable my firewall all to no avail.
Has someone encountered this before? And more importantly: Did you manage to fix it and if so, how?
Most likely then this is a NAT issue caused by how the NAT gateway/router is configured your connections go via. I'd recommend talking to your host and confirming whether this is the reason and if they are willing to do anything to resolve it. That might be difficult if it is a limitation of the router or done for security reasons that they are unwilling to change.
Running some Wireshark traces should be able to confirm what is happening.
You may be able to resolve it your self with Split DNS and the use of a domain name rather than direct to an IP address. Why do you need to use the IP specifically?
Read serverfault.com/questions/216569/cant-ping-static-ip-from-internal-network-only-from-outside for some further insight.
I'm looking into wide area service discovery and bonjur / avahi seem to be really good.
However, I'm a bit confused about how all this works?
So:
I have a bunch of services running in a cloud.
I have clients which can be located anywhere in the world.
I want the clients to automatically discover the services in the cloud.
I need the clients to be absolutely zero conf, so they don't know IPs, ports, nothing.
If I understand it correctly, this can be done using the above mentioned dns-sd libs. I have full access to a DNS server, so I suppose, the services can register themselves on startup using these libs and then the data can be spread through DNS servers world wide.
The clients can obtain the advertised info by querying the DNS record of my domain using bonjur / avahi tech, right?
All I need to do is to link the client with bonjur / avahi libs, and tell it which domain it should use (query).
Is this correct?
Am I missing something here or is it how this works?
Thanks in advance!
Avahi does not currently support publishing to a wide-area server, though it can browse wide-area. So if you can dynamically update a DNS server somewhere with the appropriate records Avahi would be able to see it.
You do however potentially have more problems to solve here including port mapping/nat traversal which Avahi does not address at all.
I have a slight problem bit of the back story. recently ive been trying to test out univention which is a linux distribution with the goal of being able to replace Microsoft active directory.
I tested it locally and all went reasonably well after a few minor issues i then decided to test it remotely as the company wants to allow remote users to access this so i used myhyve.com to host it and its now been setup successfully and works reasonably well.
however
my main problem is DNS based as when trying to connect to the domain the only way windows will recognize it is by editing the network adapter and setting ip v4 dns server address to the ip address of the server hosting the univention active directory replacement. although this does allow every thing to work its not ideal and dns look up on the internet are considerably longer. i was wondering if any one had any ideas or have done something similar and encountered this problems before and know a work around. i want to avoid setting up a vpn if possible.
after initially registering the computer on the domain i am able to remove the dns server address and just use a couple of amendments to the HOST file to keep it running but this still leads to having issues connecting to the domain controller sometimes and is not ideal. any ideas and suggestions would be greatly received.
.Michael
For the HOST entries, the most likely issue is, that there are several service records a computer in the domain needs. I'm not sure, whether these can be provided via the HOST file or not but you'll definitely have authentication issues if they are missing. To see the records your domain is using issue the following commands on the UCS system.
/usr/share/univention-samba4/scripts/check_essential_samba4_dns_records.sh
For the slow resolution of the DNS records there are several points where you could start looking. My first test would be whether or not you are using a forwarder for the web DNS requests and whether or not the forwarder is having a decent speed. To check if you are using one, type
ucr search dns/forwarder
If you get a valid IP for either of the UCR Variables, dns/forwarder1, dns/forwarder2 or dns/forwarder3, you are forwarding your DNS requests to a different Server. If all of them are empty or not valid IPs then your server is doing the resolution itself.
Not using a forwarder is often slow, as the DNS servers caching is optimized for the AD operations, like the round robin load balancing. Likewise a number of ISPs require you to use a forwarder to minimize the DNS traffic. You can simply define a forwarder using ucr, I use Google on IPv4 for the example
ucr set dns/forwarder1='8.8.8.8'
The other scenario might be a slow forwarder. To check it try to query the forwarder directly using the following command
dig univention.com #(ucr get dns/forwarder1)
If it takes long, then there is nothing the UCS server can do, you'll simply have to choose a different forwarder from the ucr command above.
If neither of the above helps, the next step would be to check whether there are error messages for the named daemon in the syslog file. Normally these come when you are trying to manually remove software or if the firewall configuration got changed.
Kevin
Sponsored post, as I work for Univention North America, Inc.
I've just installed Neo4j 1.8.2 onto Azure by following this step-by-step process...
http://de.slideshare.net/neo4j/neo4j-on-azure-step-by-step-22598695
Unfortunately, when I browse to http://:7474/webadmin Fiddler says Error 10061 - No connection could be made because the target machine actively refused it.
I've followed the instructions exactly and haven't received any errors.
Any help much appreciated.
So, I think I got to the bottom of this. I think it was due to the size of compute / VM I was creating. It looks like the problem is caused when running on Extra Small instances. I created a new installation using a Small instance and everything now works :).
Try setting the server to accept connections form all hosts, and maybe use a newer Neo4j, say 1.9.4
http://docs.neo4j.org/chunked/stable/security-server.html#_secure_the_port_and_remote_client_connection_accepts
The way the VM Depot image is set up, it's pre-configured to allow all hosts to connect, and the Neo4j server will auto-start. The only thing you need to take care of, when constructing your VM, is to open an Input Endpoint, with any public port you want (preferably 7474 to stay true to Neo4j) and internal port 7474.
Note that the UI changed a bit since the how-to was published: You can specify the endpoint as the last step before creating your virtual machine. Other than that, the instructions should be the same. And... once the VM is up and running (it'll take about 5-10 minutes), you just visit http://yourservicename.cloudapp.net:7474 and you should see the web admin. Note: this is not the same as your vm name. If you named your VM something like 'neo' then you do not want http://neo:7474 or http://neo.cloudapp.net:7474. You need to use your cloud service name (you had to create a name for the service when you deployed the VM.
I've deployed that image several times in demos, and just tried again right now to make sure nothing wonky happened. Worked perfectly.