wget : connection reset by peer in redhat linux - connection

I am trying to access remote soap URL through wget command in RedHat linux but some times i get below Exception. What could be the reason for below Error. I am expecting HTTP 200 response but instead getting below error.
lgadmin#mnpgategui1 apps]$ wget --no-check-certificate https://remote ip:port/mnpserver/services/mnpservice?wsdl
--23:54:42-- https://remote ip:port/mnpserver/services/mnpservice?wsdl
Connecting to remote ip:port... connected.
WARNING: cannot verify IP's certificate, issued by `/C=IN/ST=NCR/L=XXX/O=YYY Technologies/OU=TEL/CN=SSS':
Self-signed certificate encountered.
WARNING: certificate common name `SSS' doesn't match requested host name `IP'.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.
Regards,
Jay

It is usually when a firewall drop the connection or the host is a proxy to another host, and the other host drop

Related

ngrok and docker, failed to complete tunnel connection

i've changed nothing within my setup and ngrok seems to have stopped working for me.
Running ngrok http -host-header=rewrite launch.localhost:80 would usually work just fine.
This is my error:
The connection to http://d678207f86ae.ngrok.io was successfully tunneled to your ngrok client, but the client failed to establish a connection to the local address launch.localhost:80.
Make sure that a web service is running on launch.localhost:80 and that it is a valid address.
The error encountered was: dial tcp: lookup launch.localhost: no such host
If I navigate to launch.localhost the docker server is running just fine.
Not too sure what kind of other information you'd need to help?
For me, it was never running before, but I was getting the same error for
ngrok http -host-header=rewrite launch.local:80
It helped when I changed it to
ngrok http -host-header=launch.local 80

Unable to connect to OpenVPN client in Docker

I have tried to set up an OpenVPN client under docker, using the dperson/openvpn-client image. I get the following error:
UDPv6: Address not available (code=99)
When googling this problem, I've come across this discussion, but I'm not sure how to look at the client and server logs separately.
I'have the full logs on pastebin here
I am able to get the IP of my home address inside the container, but not the IP from the VPN. I appreciate any help
!
The problem here is that the TLS handshake fails.
I extracted this from your logs:
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
Make sure your server is setup correctly.

x509: cannot validate certificate for <<HOST IP>> because it doesn't contain any IP SANs - Hyperledger Fabric-CA

I'm trying to enroll an intermediate certificate authority with its root certificate authority, I'm using TLS and the CAs run in separated docker containers using the fabric-ca images. If I send the CSR trough the docker network there are no problems, but if I try to send it trough my local network I have this problem: x509: cannot validate certificate for "HOST_IP" because it doesn't contain any IP SANs. I read that the reason for my problem, is that the TLS certificate(s) don't contain IP SANs (IP subject alternative names), this is a field in the TLS certificate that basically says: "The certificate was issued to a host that its IP is: <1.2.3.4>". So, if that is the problem, how I could add this field to my certificate? and if not, what is the problem and how I could resolve it? Thanks and regards!
You can follow the explanation given here with a similar IP SANS issue. There is also detailed explanation of IP SANS issue in HLF mailing List. Also make sure when you are using Fabric CA Client, to generate the certificates, use the server's hostname to request the same. for e.g. fabric-ca-client enroll -d --enrollment.profile tls -c <client configuration file> -u https://admin:adminpw#<server hostname>:7054 --csr.hosts $PEER_HOST. If IP address is given in URL TLS handshake will fail with bad TLS certificate error on the server side and 'certificate does not contain IP SANS' error on the client side as the ca-cert.pem used to perform the handshake with the server contains hostname and not the IP address.

J-Meter, Load on server using POST REST API with HTTP call is working perfectly but missing few calls with HTTPS

i am using j-meter for load test of a server accessing REST api using POST Https. and it is returning following errors.
Response code: Non HTTP response code: java.net.SocketException
Response message: Non HTTP response message: Connection reset
or
Response code: Non HTTP response code: java.net.SocketException
Response message: Non HTTP response message: Unrecognized Windows Sockets error: 0: recv failed
or
Response code: Non HTTP response code: java.net.ConnectException
Response message: Non HTTP response message: Connection timed out: connect
though load test is successful with http call.
can any one help me to tell the exact issue? whether it is server side issue or client side?
how to fix this?
It might an issue with IPv6 stack, try forcing JVM to use IPv4 addresses by adding the next line to system.properties file (located in "bin" folder of your JMeter installation)
java.net.preferIPv4Stack=true
alternatively you can pass the above property via -D command-line argument like:
jmeter -Djava.net.preferIPv4Stack=true -n -t test.jmx -l result.jtl
More information:
Java Networking Properties
JMeter Properties Reference
Apache JMeter Properties Customization Guide
Overriding Properties Via The Command Line
It might also be a case of using port below 1024 on Windows as non-administrator user, try configuring your application server to run on port above 1024 (default port for HTTPS is 443). Also double check that port 443 (or whatever) is not being used by anything else (for example Skype likes to bind to port and 443)
Issue is resolved by changing the SSL configuration in jmeter.properties file.
it was due to the mismatch of handshaking protocol at server and client side.
jmeter was set with all SSL flavors to handshake with server.
its the trick.

Using data flow with https on cloud foundry

I am trying to deploy a data flow server on Cloud foundry and create a simple app.
Only https end point could be exposed. I cannot enable https using this :
http://docs.spring.io/spring-cloud-dataflow/docs/current-SNAPSHOT/reference/htmlsingle/#configuration-security-enabling-https
As ssl is managed by cf. How do I make data flow server using https?
I have this error:
dataflow:>app list
Command failed org.springframework.web.client.ResourceAccessException: I/O error on GET request for "http://dataflow-server.run.aws-usw02-pr.ice.predix.io/apps": Connect to dataflow-server.run.aws-usw02-pr.ice.predix.io:80 [dataflow-server.run.aws-usw02-pr.ice.predix.io/54.201.89.124, dataflow-server.run.aws-usw02-pr.ice.predix.io/52.88.128.224] failed: Connection refused (Connection refused); nested exception is org.apache.http.conn.HttpHostConnectException: Connect to dataflow-server.run.aws-usw02-pr.ice.predix.io:80 [dataflow-server.run.aws-usw02-pr.ice.predix.io/54.201.89.124, dataflow-server.run.aws-usw02-pr.ice.predix.io/52.88.128.224] failed: Connection refused (Connection refused)
Thanks in advance.
Best Regards
as you already mentioned, you can not enable https at the container level inside cloudfoundry today. The traffic between the router and diego cell is not encrypted (unless you are using IPSEC).
So your dataflow server would not be configured with https, just deploy the server as it is. You should rely on your cloudfoundry install to have an open port at 443 on it's loadbalancer that forwards traffic to the router. Later CF incarnations support certificate placement at the router level.
Now, at the client (dataflow-shell) if you are using a valid certificate you don't need to do anything, but if you have a selfsigned certificate, you need to tell it to accept self-signed certificates, or skip validation all together.

Resources