Is there a way to have endpoints which allow protocols other than TCP or UPD. For example Protocol 50 / ESP - the protocol for native IPsec. I would like to be able to hit the "outside" edge of one of my public ip addresses with this protocol.
At this time only the TCP and UDP protocols are supported for Microsoft Azure virtual networks. You can however create a point to site endpoint using VPN; this requires you to download an agent on your client machines. Check this page for more information.
Related
I am trying to switch the rest calls from ReadyAPI to our application with AMQP messaging. There is an add-on for ReadyAPI that has the AMQP steps but I need a connection to, I presume, the service bus.
I tried using the service bus as the host name with port: 5671 and 5672 but it gives me an error. Any ideeas how would I connect these two?
Thanks!
Follow the below points to fix your issue.
I think this is due to the internal company firewall restriction which blocks all the traffic on port 5671 and 5672.
So i will recommend you to set your TCP proxy HAProxy on VM.
This TCP proxy configured in such a way that which route
all incoming traffic on a specific port azure service end point.
You can change the end point using connection.setHostname("");
You should also change your port number from 5671 to 8080 in ClientConstants.
After doing all this traffic will route to TCP proxy endpoint instead of service bus as firewall blocked all traffic on 5671 port.
For More about this you can follow the official Microsoft Documentation.
I use ngrok (https://ngrok.com/) at work to be able to access my computer from home (We also have a VPN but I get errors) using :
ngrok tcp 3389
It works perfectly, but I was wondering how secure it is. Do I risk compromising the security of the company?
There are at least 2 aspects of security here:
encryption of the traffic running over the ngrok TCP tunnel.
authenticating access to the ngrok TCP tunnel.
For encryption, a ngrok TCP tunnel forwards raw TCP and does not encrypt your application's packets. One way to encrypt your traffic is to have your RDP server and client negotiate an encrypted connection (for example over TLS).
For authentication, ngrok provides IP Whitelisting for ngrok TCP tunnels.
I have many IoT clients that will soon be in the field. I want some way to have full access to the Device Portal currently on port 8080 without it being publicly exposed.
My thoughts are to develop a management server that accepts connections from multiple clients with keep alive. The connection from the IoT could be net sockets but that is open for feedback.
The management server would show the connection status of each IoT device. It would have the functionality to launch a browser session with the connected IoT device. The IoT device would serve the local Device Portal:8080 through the socket to the management servers browser session. Interaction from the management servers browser session would be transmitted back through the socket and in turn interact with the Device Portal.
I have looked over information for a few days and can’t find examples of website interaction through sockets. I request your feedback on such an approach and also ask is there are any open source projects that may assist in getting to this goal.
Thank you
Have a look at https://openport.io. It does exactly what you ask.
A socket is just a software representation of a TCP connection. Ports would still be required. At least 1 port anyway. If you are accessing all those devices on the same network, you can use a reverse proxy or a VPN for external access into your network and those devices. Always use an SSL cert or IPsec Tunnel for the Proxy or VPN connection. If you open up your firewall on 80 and/or 443 to your Apache web server, apache could redirect to the backed 8080 port. Alternatively, OpenVPN could be used to give you access to the entire network by just opening port 1154 and setting up the configurations. If using OpenVPN, you would still route to the device portal on 8080, as usual, using your internal IP or host name.
If all your devices are on the same network, the nice thing about using VPN to get in is that you can connect to OpenVPN on your cell phone and then connect via SSH with an app like Termius on IOS, or any other SSH capable IOS App to your IoT device, and get things done quickly; like rebooting IoT devices, setting permissions, checking logs on the go.
Lastly, if your planning to pay for Azure, you could do that, I guess ($$$)
https://azure.microsoft.com/en-us/pricing/details/iot-hub/
I'm using Ably to implement Pub/Sub over websockets. If I need to whitelist Ably's servers from a firewall, which ports, IPs and/or domains should I add?
(disclaimer: I am a developer advocate for Ably, and posting and self-answering a commonly asked support question here on Stack Overflow so our users can find this more easily)
Ports
All of Ably's client libraries exclusively use the standard HTTPS port 443 for WebSockets and HTTP traffic over TLS.
When configured to not use TLS, port 80 is used. Please note we rarely recommend anyone uses an unencrypted connection and this is disabled by default in all client libraries.
If using our Ably Protocol Adapters and/or our Ably Reactor service, the following ports are used:
Reactor queue over AMQP - TLS only using port 5671
Reactor queue over STOMP - TLS only using port 61614
MQTT adapter - port 8883 over TLS and port 1883 for unencrypted socket
PubNub adapter - HTTPS only using port 443
Pusher adapter - HTTPS only using port 443
IPs and domain names
Unfortunately it is impossible for Ably to publish a set of IP addresses for the cloud based service as our service is elastic and IP addresses are reassigned dynamically as a normal part of our service. If IP based restrictions are needed, please get in touch with us to discuss an Enterprise account with a dedicated cluster and fixed set of IPs.
Ably's client libraries by default connect to Ably using the following domains:
REST requests - rest.ably.io
Realtime (WebSocket) connections - realtime.ably.io
Fallback hosts - a.ably-realtime.com, b.ably-realtime.com, c.ably-realtime.com, d.ably-realtime.com, e.ably-realtime.com. Please see the documentation on why we provide a fallback host feature.
Please note that customers using custom CNAMEs will have a different set of primary REST and Realtime domains, and may also have a different set of fallback host domains. Please contact us to find out more about your domains.
If using our Ably Protocol Adapters and/or our Ably Reactor service, the following domains are used:
Reactor Queue US East 1 - us-east-1-a-queue.ably.io
Reactor Queue other regions - get in touch
MQTT adapter - mqtt.ably.io
PubNub adapter - pubnub-rest.ably.io
Pusher adapter - pusher-rest.ably.io and pusher-realtime.ably.io
See ably.io
I am not a system administrator or network administrator thus I having hard time trying to figure it out a work around to support IPv6 on an Azure Service Fabric Cluster without using the Load Balancer.
From here: IPv6 support for Azure other than the load balancer thing
I have checked that IPv6 is only supported by that lb appliances but the entry point of my current cluster is an application gateway.
Is there a recommended work around for adding Ipv6 support for using a Azure App Gateway
Is there a recommended work around for adding Ipv6 support for using a Azure App Gateway
There is no nice way to do that, only work-arounds.
Anyway, you can do the following:
instanciate an Azure back-end server,
configure this server to establish an IPv6 over IPv4 tunnel to an IPv6 public tunnel broker,
install a reverse-proxy on your back-end server, listening to an IP address chosen inside the IPv6 prefix offered by your tunnel broker,
configure this reverse-proxy to translate the accepted IPv6 https connections into outgoing http or https IPv4 requests to your Azure app gateway (the connection stays inside the Azure network, so you may accept not to encrypt it, using http instead of https).
But this will not be very efficient because:
1- this is your back-end server that will terminate and decrypt ssl connections;
2- IPv6 packets from/to your servers in Azure will go through your tunnel broker and Azure, you will not have direct connections between the clients and Azure.
To find a free IPv6 tunnel broker, see for instance Hurricane Electric.