I'd like to use forticlientsslvpn on Cent OS 7 through a proxy but it doesn't work with a message "Can not connect to proxy" or "Can not resolve proxy address". I guess it needs some dependent libraries but I don't know them.
I downloaded the latest Forticlient SSLVPN 4.4.2329-1 64bit from here. (I installed it on debian then copied the forlder(/opt/forticlientsslvon) to the clean Cent OS 7.)
Both forticlientsslvpn CLI and GUI failed on the same error. This is the result of the cli command.
[root#cent7 /]# cd ~/forticlient-sslvpn/64bit/
[root#cent7 /]# ./forticlientsslvpn_cli --proxy 10.0.0.73:3128 --server 203.0.113.1:10443 --vpnuser myuser
Password for VPN:
STATUS::Setting up the tunnel
STATUS::Connecting...
NOTICE::Can not connect to proxy.
STATUS::Set up tunnel failed
SSLVPN down unexpectedly with error:2
Press Ctrl-C to quit
Clean up...
# Another proxy variable
[root#cent7 /]# ./forticlientsslvpn_cli --proxy http://10.0.0.73:3128 --server 172.17.97.85:10443 --vpnuser myuser
Password for VPN:
08/19/2016 18:19:26 [23461] can not resolve name http://10.0.0.73
Init SSLVPN error:Can not resolve proxy address
# Check the proxy connection
[root#cent7 /]# telnet 10.0.0.73 3128
Trying 10.0.0.73...
Connected to 10.0.0.73.
Escape character is '^]'. # OK
# Check DNS
[root#cent7 /]# nslookup 10.0.0.73
Server: 10.0.0.70
Address: 10.0.0.70#53
Non-authoritative answer:
73.0.0.10.in-addr.arpa name = dns.example.com.
Of cource my forticlient on windows in the same network works with the proxy to the server. And FireFox/wget on this Cent OS 7 server works with the proxy. Does anyone know anything about "Can not connect to proxy" error?
My IP was wrong and needed ip route add
Although the error message was "Can not connect to proxy", my destination forti IP was wrong. It was connected after I fixed it.
One more thing, I noticed a confusing point. I have two proxies like a socks proxy and a web proxy at this time. I knew ssl-vpn uses only web connections but I guessed forticlient might use ssh command during the connection. But it didn't. Forticlient_sslvpn needs only a web proxy so we just need to fill the proxy form of forticlient with a web proxy's url.
And one more thing. After I connected to ssl-vpn, it doesn't work perfectly because I can ping to internal server but not to DMZ(Of course my windows forticlient works well for both). I added ip route to DMZ and it started to work.
ip route add 192.168.3.0 via 10.0.0.5
I guessed this GW 10.0.0.5 is not the same everytime and every machine so I made the dynamic command.
ip route add 192.168.3.0/24 via $(ip route | grep 10.0.0 | awk '{print $3}' | head -1)
I hope this helps someone.
Related
I am having trouble accessing the weblogic console from a different machine in the same network.
I installed weblogic on a server from a different machine by ssh. The weblogic is up and running, but now I can't access the console on a browser from my machine. Both machines are part of the same network.
I am able to SSH in to the server from my local machine. Ping also works on both machines using each other's IP address.
telnet gives me the following output:
am#Linux-Vostro-3250:~$ telnet 192.x.x.x 7002
Trying 192.x.x.x...
telnet: Unable to connect to remote host: No route to host
This is confusing me, because I am able to access the server using ssh.
I searched everywhere for a possible solution, but I could only find more problems.
In very simple language, how do I resolve this issue or what exactly may the cause be?
There was no firewall cinfigured in the server. I set up a firewall by following the instructions from this site "https://oracle-base.com/articles/linux/linux-firewall"
There are two GUI options but none of them worked for me so better stick to the CLI.
then, using the following command i granted access to my local machine from the server :
# Accept packets from specific host (x.x.x.x).
iptables -A INPUT -s x.x.x.x -j ACCEPT
Now i can access the Weblogic console from my x.x.x.x machine.
I have been trying to monitor a remote server using Nagios-Nrpe.
The remote host is the Amazon Ec2 instance where I have installed npre daemon on xinetd.
I have added my nagios server IP to "only-from" property in /etc/xinet.d/nrpe file.
I have added the entry in /etc/services.
I have made changes in iptables also.
I have added an entry for TCP port 5666 in my security group too.
These commands work properly:
$ netstat -at | grep nrpe
$usr/local/nagios/libexec/check_nrpe -H localhost
I have setup the nagios server and nrpe_check plugin on my local machine.
But whenever I am doing:
/usr/local/nagios/libexec/check_nrpe -H <"amazon-ec2-IP-address">
I get the following error:
connect to address <"amazon-ec2-IP-address"> port 5666: Connection refused ......
connect to host <"amazon-ec2-IP-address"> port 5666: Connection refused
I have tried making the nrpe client on another linux on my LAN and the command worked, but not for Amazon Ec2.
If anyone has the solution for this issue, please do share ASAP.
Make sure you have,
Opened up port 5666 in the Security Group linked to the EC2-instance.
Hi StackOverflow members,
I have an issue with ssh connection on my Debian 7 system to a remote OpenSSH server located on the same network. It looks like there is some network configuration problem but I cann't find where it lays. This two debian machines are connect with a switch that is NOT connected to a router. So the two machines have no internet connection.
A-Debian 7
IP: 192.168.1.2
MASK: 255.255.255.0
GW: 192.168.1.1
B-Debian 7
IP: 192.168.1.3
MASK: 255.255.255.0
GW: 192.168.1.1
With that configuration the ssh command prompts my for a password in less then a second. But the with the following network configuration I get the password prompt after a 10+ second delay:
A-Debian 7
IP: 10.10.1.83
MASK: 255.255.255.128
GW: 10.10.1.1
B-Debian 7
IP: 10.10.1.82
MASK: 255.255.255.128
GW: 10.10.1.1
The ssh connection from the server A -> B runs with both configs on custom 1111 port.
The B machine has also a Web server running on port 8080 that has no delays with both net configurations.
Thank you in advance for any clues or tips how to solve that problem.
SOLVED: Removing of the gateway parameter "GW: 10.10.1.1" in the network settings has solved the problem.
The usual culprits here are IPv6 and DNS lookups.
SSH might try to connect via IPv6, first, but the timeout is too low for that. You can see whether IPv6 is enabled with
cat /proc/sys/net/ipv6/conf/eth0/disable_ipv6
To disable:
echo 1 > /proc/sys/net/ipv6/conf/eth0/disable_ipv6
The second culprit is DNS; my guess is that DNS lookups don't work correctly with the second configuration. Try host www.google.com to test this theory.
If that also has a delay, you need to fix your DNS setup.
If that's not it, check the rest of your networking parameters: Gateway, cables, etc.
Start to ping the other host. Is that fast & reliable?
Next, try remote login (ssh, telnet). Note that you can give telnet a port to connect to, so if you have DB server running, you can still use telnet to connect to the server. It will print an error but it allows you to test the TCP/IP connection without any extra error sources.
As said in headline, from Win7 host I'm trying to access Postgres 9.3 established in Linux Centos 5.8 which is in VirtualBox on the same machine. I'm trying to access it from PGAdmin and everything is OK when I start the Postgre from Win7 services, so PGAdmin is well configured.
What have I tried? I've read many articles about this subject, and even some questions on this forum but nothing worked. I have:
switched to NAT and forwarded port 5432 in VirtualBox GUI
set listenadresses = '*' in postgresql.conf file
put host all all 10.0.2.1/24 md5 line in the pg_hba.conf file
put 5432 port inbound and outbound rule in win7 firewall settings
disabled linux firewall with #service iptables stop
Just to mention. When service is started in virtual linux, I can access it from linux, so service is properly started. Problem is that windows doesn't see that service. And when service is started from linux, I can start the same service in Win and vice-versa although the port 5432 should be occupied.
The most suspicious part to me is point 3) because I'm not sure whether i have put good address in rule. That address vary from article to article, and I would appreciate if someone could explain me how to be sure which address (or range) to put there, according to my network. Or some other advice if possible. Thanks.
Solved.
Replacing:
"host all all 10.0.2.1/24 md5" with "host all all 0.0.0.0/0 trust" solved it.
In my case adding the below line to pg_hba.conf was enough:
host all all 10.0.0.0/16 md5
and then restart:
sudo /etc/init.d/postgresql restart
The Solution by Filip works, but you can tailor it further.
First, enable Adapter 2 in VM and set it to Host-only Adapter:
Second go to your host machine and find it's ip address.
This can be found by running ipconfig in your windows host machine.
Now you need to edit two files in your VMBox.
First is postgresql.conf
sudo nano /etc/postgresql/<version>/main/postgresql.conf
and add the following line:
listen_addresses = '*'
save it and then edit pg_hba.conf
sudo nano /etc/postgresql/<version>/main/pg_hba.conf
Here you need to add your host machine ip (in my case it was 192.168.56.1:
host all all 192.168.56.1/0 trust
Save it and restart postgresql
sudo /etc/init.d/postgresql restart
Now you can use pgadmin to connect to vm postgresql.
Convenience!
I have Two Linux Machine Redhat & Centos Under Window 7(as host) In Vmware Workstation.
I configure DNS server & DHCP Server in Redhat(10.0.0.1).
Client which is Centos is able to get IP(10.0.0.30) from DHCP server but it is not picking up name from DNS Server.
Problem is At server 10.0.0.1 i am able to ping itself by hostname like
root#server->ping server.example.com Ping successfull
But Client is not able to ping Server by Hostname like
root#localhost->ping server.example.com Ping Not Successfull
Client is able to ping Server by its ip like
root#localhost->ping 10.0.0.1 Ping Successfull
Now My questn is that Why Client is not able to ping server by its hostname & why client is not picking up name from DNS server,
Just had similar issue on my Debian VM running on a Win7 host.
Setting up DNS server isn't enough to resolve server name, especially when proxy is used in your network environment.
To solve it, you've to export http_proxy environment variable on command line before calling other executables. For example:
export http_proxy="http://{your proxy ip address here}:{your proxy port here}"
As usual, remember to add it to your profile script so you don't redo it after each boot.