The higher-order bit of what I'm about to say is that OpenSim networking
is a complicated matter. Hypergrid networking adds even more complexity
to it. Having said that, let me explain a bit.
The main source of problems arise when you have the following situation:
(1) the servers are on a given network
(2) some clients are also on that network
(3) some clients are on external networks
This is usually the case with universities, for example, depending on
how the university network is set up. Hence you need to be extra careful.
The Hypergrid performs several checks for ensuring identity security.
These checks are based on the domain names that the grids use, on the IP
addresses of the robust servers and on the IP addresses of the clients.
The IP address from where the client logged in is the vital piece of
info that needs to be asserted throughout HG teleports. The user's home
grid knows that address; the simulators that the user visit also know
that address. In order for those simulators to make sure that the agent
that they're getting is the real thing, and not a fake pretending to be
a certain user, they call back to the user's home grid for IP
verification. That's when that debug message gets printed out.
Two things can happen: either the IP address of the client that the
destination simulator gets is exactly the same as the IP address that
the home grid saw at client login (normal case, when servers and clients
are on separate networks) or the IP address of the client that the
destination simulator gets is different than the one seen at login in
the home grid, but is the same as the robust server -- which means that
the client logged in in the same machine where the robust server runs.
This happens in standalones ran at people's homes, for example, where
there's just on box running both OpenSim and the viewer.
So, what does this mean for people with a mix of clients inside the
server-side network and clients outside?
First of all, stick to using domain names, not IP addresses. That is
just bound to cause problems, because many times the IP addresses seen
from the outside are different from the IP addresses seen from the
inside of a network. If you fix it for one case, you screw it up for the
other. So, rule #1: USE DOMAIN NAMES in the Robust configuration.
Second, use the hosts files to adjust the mappings between domain names
and IP addresses inside the network if needed.
I am sure that this process of IP verification can be improved to
account for these hybrid setups, but for the time being only the
simplest of cases is accounted for (client logged in in the same machine
as the home grid).
On 4/11/2012 8:35 AM, Rick Anderson wrote:
It turns out that MyIP displays the IP address when it can be found.
I changed my Robust configuration from rugrid.rutgers.edu to the IP
address and it now returns the correct client info:
15:32:39 - [USER AGENT SERVICE]: Verifying Client session
7a0ffc9a-c6ea-4a8c-899d-88f9fe0da2bf with reported IP 165.230.192.41.
15:32:39 - [USER AGENT SERVICE]: Comparing 165.230.192.41 with login
IP 165.230.192.41 and MyIP 165.230.192.41; result is True
When I return my region is light blue. So I've made one step forward.
-_Rick
On Wed, Apr 11, 2012 at 11:24 AM, Rick Anderson
<[email protected]> wrote:
I'm trying to trace down an error with the unauthorized machine
message from "HOME AGENT HANDLER" There is a value comparing login IP
with MyIP with a result of false:
15:19:28 - [USER AGENT SERVICE]: Verifying Client session
b5495ff5-827a-4bd2-98ee-2eb3e5dfe036 with reported IP 165.230.192.41.
15:19:28 - [USER AGENT SERVICE]: Comparing 165.230.192.41 with login
IP and MyIP ; result is False
Can the values of "IP" and MyIP" be shown in the console?
-_Rick
--
Rick Anderson
Director of Virtual Worlds
Division of Continuing Studies (DoCS)
Rutgers University
(732) 586-3265
_______________________________________________
Opensim-users mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/opensim-users
