I have 2 openvpn servers running on a raspberry pi 4 (ubuntu server 20.04 LTS), each one behind nat. I have a GL.inet router which will connect to the openvpn servers as a client, i want the client to connect to the next server when the first one goes down. I can't get it to work properly. Router (GL.inet) is connected to server one. from another computer, i ssh into server one and reboot server one. EXPECTATION: Router(GL.inet) has to switch automatically to server 2. REALITY: Router(Gl.inet) keeps trying to connect to server one. I try to reboot the Router(Gl.inet), it keeps trying to reconnect to server one. After like 1h, it will connecto to server 2. I wanted the switch to be done immediately, or maybe within 5 minutes, not a whole hour.
Here is the configuration file for both servers:
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/pivpnservertwo.crt
key /etc/openvpn/easy-rsa/pki/private/pivpnservertwo.key
remote-cert-tls client
tls-auth /etc/openvpn/easy-rsa/pki/ta.key 0
dh dh2048.pem
;tls-verify "./verify-cn /etc/openvpn/allowedClients"
;crl-verify ""
reneg-sec 3600
cipher AES-256-CBC
user nobody
group nogroup
persist-tun
persist-key
persist-local-ip
persist-remote-ip
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 4.2.2.2"
push "dhcp-option DNS 8.8.8.8"
client-config-dir /etc/openvpn/clientConfigDirectory
dev tun
topology subnet
float
proto udp
port 1194
push-peer-info
max-clients 100
keepalive 5 10
ping-timer-rem
log /var/log/openvpn/openvpn.log
ifconfig-pool-persist /var/log/ipassignments.txt
verb 4
status /var/log/openvpn/openvpn-status.log 1
status-version 1
writepid /var/log/openvpn/openvpn-pid.log
explicit-exit-notify 2
up ./server.up
down ./server.down
management 127.0.0.1 3066
Here is the configuration file for the client:
client
ca ca.crt
cert chachoo.crt
key chachoo.key
remote-cert-tls server
tls-auth ta.key 1
reneg-sec 0
cipher AES-256-CBC
persist-tun
persist-key
mute-replay-warnings
dev tun
remote 192.168.50.100 1194 udp4
remote 192.168.50.150 1194 udp4
remote-random
resolv-retry infinite
nobind
connect-retry 5 20
connect-retry-max 3
verb 4
Here is a picture of the log of the router-client: you can see in the log, it says, preserving recently used remote ip address. i want it to switch to the following remote ip address.
Following this thread
Try to add the following config to your client conf
server-poll-timeout 1
Related
RabbitMQ server is running locally on Windows 10 and docker is running on it also.
I'm running a device simulator on docker and it has to talk to local RabbitMQ server through MQTT.
It had been working but one day it stopped.
Here is device logging -
mqtt-client.cpp:322 | Failed to connect to broker at 'xxx#xxx.xxxxxx.com/:1883': code=15, message='Lookup error.'
Keep in mind that from docker(latest version) calls have been made to local web server which has exact domain name -
https-commissioning-channel.cpp:81 | [HttpsCommissioningChannel] using token to contact bootstrap service at 'https://xxx.xxxxxx.com/apibst/alo/v1/bootstrap/device-info'
So you can see domain name has been resolved. For firewall configuration port is open on 1883 (consider it had been working). RabbitMQ is running.
What might be the issue and what should I do to make the call go through?
As per the comments xxx#xxx.xxxxxx.com/:1883 should not contain a slash (xxx#xxx.xxxxxx.com:1883) - see the URI Scheme.
I want to configure my local copy of
https://github.com/mattermost/mattermost-webrtc/blob/master/vagrant/janus/config/janus.cfg
to enable video calls for test purposes in Mattermost. One part is:
[nat]
stun_server = stun.l.google.com
stun_port = 19302
How do I use stun.l.google.com behind a corporate proxy?
I tried
proxytunnel -p corporate-proxy:7123 -d stun.l.google.com:19302 -a 3098
and replaced first part with
[nat]
stun_server = localhost
stun_port = 3098
which results in
$ docker run -it webrtc_blah_2
Janus commit: ad2c131617ac989df1a1bbd601272a5e448cbb3e
Compiled on: Mon Jul 24 13:04:22 UTC 2017
---------------------------------------------------
Starting Meetecho Janus (WebRTC Gateway) v0.2.4
---------------------------------------------------
Checking command line arguments...
Debug/log level is 4
Debug/log timestamps are disabled
Debug/log colors are enabled
Adding 'vmnet' to the ICE ignore list...
Using X.17.0.2 as local IP...
Token based authentication enabled
Initializing recorder code
Initializing ICE stuff (Full mode, ICE-TCP candidates disabled, IPv6 support disabled)
STUN server to use: localhost:3098
ICE handles watchdog started
Testing STUN server: message is of 20 bytes
[FATAL] [ice.c:janus_ice_set_stun_server:808] No response to our STUN BINDING test
[FATAL] [janus.c:main:3667] Invalid STUN address localhost:3098
Analogous with default config (see last two lines):
[FATAL] [ice.c:janus_ice_set_stun_server:808] No response to our STUN BINDING test
[FATAL] [janus.c:main:3667] Invalid STUN address stun.l.google.com:19302
1.STUN and TURN both servers are by definition in their respective RFCs can be setup only on Public IPs
2.Stun server is used to give public IP of your firewall , if you configure in your firewall , your STUN binding requests( SBR) will result no response as there is no external server out from your firewall is configured.
3.On a very supeficial level job of STUN server is to receive the SBR from the source and check the IP address from transport layer and return the same in response plus find one port which will be open to reach the source back.
4.Later hole punching is done on the same port, to make it open throughout the session using STUN binding indication.
Crux is one should not configure STUN or TURN within firewall as this is of no use.
I'm new with Ruby on Rails, so I was trying to figure out how to send emails from the server.
I have followed several tutorial without success, so decided to check the basics and see if port 25 is open, I get the following line:
$ telnet example.com 25
Trying 93.184.216.34...
Trying 2606:2800:220:1:248:1893:25c8:1946...
telnet: Unable to connect to remote host: Network is unreachable
I have read about Conection refused but I can't figure out about unreachable is my port blocked or maybe my ISP?
Any help is useful
if you using ubuntu / debian based
check your server firewall and allow port 25
sudo ufw allow 25/tcp
1. install postfix if you want to build your own smtp server
2. other Alternatif
using gmail account as smtp server in rails , action mailer with gmail as smtp
or you can register to sendgrid.com as smtp server (not free but can apply testing account for one year trial)
I have installed jenkins as windows service but every time after starting the machine i have to execute it through command line using $ java -jar jenkins.war
I am not able to directly open it into web browser at http://localhost:8080/
Am i missing something? Any help will be really appreciated.
Copy original 'jenkins.war' into 'jenkins' directory and restart service
Clear the Windows event viewer logs for Application and System
Please ensure your services are running and up
Firewall Issue:The easiest way to track down firewall issues is to use tcpdump. Just run the following command on the Jenkins server, which is trying to connect to the slave.
More Info on firewall part:
By default, Windows Firewall prevents the TCP connections necessary to make this mechanism work. The firewall on the slave must allow the following exceptions (see List of TCP&UDP port numbers):
TCP Port 135 (DCE/RPC Locator service)
TCP Port 139 (NetBIOS Session Service)
TCP Port 445 (Windows shares)
C:\WINDOWS\system32\dllhost.exe (dllhost.exe seems to use a random port number)
C:\WINDOWS\system32\javaw.exe (Jenkins also uses a random port number)
File and Printer sharing (TCP 139, TCP 445, UDP 137, UDP 138 (possibly only a subset of these is required))
The issue is fixed now. I have changed the service properties. In service properties -> Log On->Select Local system account and select the checkbox for allow the service to interact with desktop
I know this question is too broad to answer, but I can't connect to a filezilla server I'm hosting.
The computer its on has a real IP address (not not).
I am allowing connections on ports 21 and 22.
I can connect from a local filezilla client over both ftp (mapped to port 21) and ftps (mapped to port 22).
Whenever I try to connect from another computer, nothing happens.
When I connect to a website hosted on the same computer (over http or https) the connection works fine.
The client just hangs and the server doesn't print any new lines, as if it has detected no connection at all.
How can I debug this problem? It seems too broad to really ask about, so how do I go about testing to improve the situation?
try telneting to the port :
telnet HOST 21
if you get any response, it should be from a ftp server.