-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bob, Thanks. I'm not good with routing tables, but sounds like I just need to add a network route table on my test server? My current routing table looks like following:
# netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface - -------------------- -------------------- ----- ----- ---------- --------- default 129.82.224.1 UG 1 273 129.82.224.0 129.82.225.54 U 1 444 eri0 192.168.128.0 192.168.128.1 U 1 77 ce0 224.0.0.0 129.82.225.54 U 1 0 eri0 127.0.0.1 127.0.0.1 UH 9 16005 lo0 I think I have the route for my thin client to go out and contact my session on the sunray server on the 129.82.224.0 network. But I don't have a way for the server to connect back to my thin client, is that right? My thin client on the test server is on the 192.168.128.0 network. Something like: route -p add -net 192.168.128.0/24 -gateway 129.82.225.54/24 [EMAIL PROTECTED] wrote: > Send SunRay-Users mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://www.filibeto.org/mailman/listinfo/sunray-users > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of SunRay-Users digest..." > > > Today's Topics: > > 1. about errors in message file (Anton Floor) > 2. Re: Session Broker Load Balancing / Windows Server 2008 > (P.S.M. Swamiji) > 3. Gobi8 VPN firmware (David Markey) > 4. BUG in new 4.1 firmware VPN client ?! (Anton Floor) > 5. Re: Gobi8 VPN firmware (Marcel Camijn) > 6. Re: Regional Hot Desking (AMGH) (Bob Doolittle) > 7. Solaris 10 x86 u5 + SRSS 4.1 + SRWC 2.1: To Vrtualize or Not > To Virtualize (Jason Jones) > 8. Re: BUG in new 4.1 firmware VPN client ?! (Kent Peacock) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 5 Nov 2008 12:40:09 +0200 > From: Anton Floor <[EMAIL PROTECTED]> > Subject: [SunRay-Users] about errors in message file > To: "'SunRay-Users mailing list'" <[email protected]> > Message-ID: > <[EMAIL PROTECTED]> > > Content-Type: text/plain; charset="us-ascii" > > Hi, > > are these "normal" errors and what do they mean? > > Here is some odd ldap serch failed things... > ------ > Oct 29 12:00:59 hel-srsxxx utdtsession: [ID 702911 user.info] Delete > (71,pseudo.00144fd6xxxx) > Oct 29 12:01:19 hel-srsxxx java[1345]: [ID 702911 user.info] > search_for_entries(): LDAP search failed - No such object > Oct 29 12:01:30 hel-srsxxx utauthd: [ID 281705 user.info] Worker3 NOTICE: > DISCONNECT IEEE802.00144fd6xxxx, --pseudo.00144fd6xxxx token removed: > pseudo.00144fd6cdb6 > ------- > > utauthd: [ID 794400 user.info] SessionManager0 NOTICE: EMPTY: ACTIVE session > Oct 29 12:10:19 hel-srsxxx java[1345]: [ID 702911 user.info] > search_for_entries(): LDAP search failed - No such object > Oct 29 12:10:28 hel-srsxxx kiosk:utkioskconfig:refresh[1284]: [ID 702911 > user.info] Enabled Kiosk Mode for display ':8' > -------- > > And here some config error messages... > > Oct 29 12:00:28 hel-srsxxx utauthd: [ID 470593 user.info] Worker4 NOTICE: > DESTROY pseudo.00144fd6xxxx lifetime=1924888 > Oct 29 12:00:28 hel-srsxxx utauthd: [ID 176266 user.info] Worker4 > CONFIG_ERROR: length or offset out of range (caught) > Oct 29 12:00:29 hel-srsxxx utauthd: [ID 962200 user.info] Worker6 > CONFIG_ERROR: Property [dtu.id] not found (caught) > Oct 29 12:00:29 hel-srsxxx utauthd: [ID 866206 user.info] Worker6 > CONFIG_ERROR: Property [dtu.type] not found (caught) > Oct 29 12:00:29 hel-srsxxx utauthd: [ID 512730 user.info] Worker7 NOTICE: > whichServer user.1220941860-4328: > > > So are these something to worry about or what? > > Cheers, > Anton > > > > ------------------------------ > > Message: 2 > Date: Wed, 05 Nov 2008 17:17:04 +0530 > From: "P.S.M. Swamiji" <[EMAIL PROTECTED]> > Subject: Re: [SunRay-Users] Session Broker Load Balancing / Windows > Server 2008 > To: SunRay-Users mailing list <[email protected]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; format=flowed; charset=ISO-8859-1 > > Frederico Marques wrote: > >> Hi everyone, >> >> I'm having trouble connecting a SunRay Thin client with uttsc (Kiosk >> Mode) to a Windows Server 2008 TS Farm configured with a Session >> Broker for Load Balancing (and other things). Looking from the way >> this all thing works, the TS Gateway Server at the Farm talks with >> the Session Broker Server and asks where it's going to land the rdp >> session. This implies a reply to the rdp client for a reconnect on a >> specific ip address. I'm afraid this isn't supported on uttsc. Are >> you aware of any deployment regarding SunRay Server and a Session >> Broker / TS Farm in Windows Server 2008? > > Session directory with W2008 not yet working with uttsc. > So it is very unlikely that somebody is deploying. > > Thanks > P.S.M.Swamiji > > Note:These are my personal opinions, nothing to do with my employer > >> http://www.thincomputing.net/articles/a-closer-look-at-session-broker-load-balancing-in-windows-server.html >> >> >> >> Thanks for any help, >> >> Fred >> _______________________________________________ >> SunRay-Users mailing list >> [email protected] >> http://www.filibeto.org/mailman/listinfo/sunray-users > > > > ------------------------------ > > Message: 3 > Date: Wed, 05 Nov 2008 13:54:50 +0000 > From: David Markey <[EMAIL PROTECTED]> > Subject: [SunRay-Users] Gobi8 VPN firmware > To: SunRay-Users mailing list <[email protected]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1 > > Would anyone have a copy of the latest gobi8 VPN firmware(2.1.5)? > > > Thanks. > > David > > ------------------------------ > > Message: 4 > Date: Wed, 5 Nov 2008 16:04:19 +0200 > From: Anton Floor <[EMAIL PROTECTED]> > Subject: [SunRay-Users] BUG in new 4.1 firmware VPN client ?! > To: "'SunRay-Users mailing list'" <[email protected]> > Message-ID: > <[EMAIL PROTECTED]> > > Content-Type: text/plain; charset="iso-8859-1" > > Hi, > > > With old firmaware GUI4.0_127553-03_2008.05.14.13.48 VPN connection worked > but now with new GUI4.1_50_2008.09.25.12.37 it doesn´t > seems to me that DTU´s vpn client doesn´t send group name correctly or vpn > server doesn´t get it for some reason??? > >>From Cisco syslog I found this line after every connection trials with the >>new firmware > ---- > (Server) Authentication PASSED User=nbiuser Group= > Client_public_add=xxx.xxx.xx.xx Server_public_addr=xxx.xxx.xxx.xxx > Group: does not exist > ---- > DTU shows "PH1 Connection expired 28G > > and after downgrading to GUI4.0_127553-03_2008.05.14.13.48 > ---- > (Server) Authentication PASSED User=nbiuser Group=nbigroup > Client_public_add=xxx.xxx.xx.xx Server_public_addr=xxx.xxx.xxx.xxx > ----- > DTU connects to Sun Ray server through VPN > > This is our current configuration of the cisco 1800 box > > Current configuration : 2850 bytes > ! > ! Last configuration change at 14:48:10 Riga Wed Nov 5 2008 by admin > ! > version 12.4 > service timestamps debug datetime msec > service timestamps log datetime msec > no service password-encryption > ! > hostname xxx-vpn001 > ! > boot-start-marker > boot-end-marker > ! > logging buffered 4096 debugging > ! > aaa new-model > ! > ! > aaa authentication login default local > aaa authentication login sdm_vpn_xauth_ml_1 local > aaa authorization exec default local > aaa authorization network default if-authenticated > aaa authorization network sdm_vpn_group_ml_1 local > aaa authorization network test local > ! > aaa session-id common > ! > resource policy > ! > clock timezone Riga 2 > clock summer-time Riga date Mar 30 2003 3:00 Oct 26 2003 4:00 > ! > ! > ip cef > ! > ! > ! > ! > ! > username nbiuser secret 5 xxxxxxxxxxxxxxxxxxx. > ! > ! > crypto logging ezvpn > ! > crypto isakmp policy 1 > encr aes > hash md5 > authentication pre-share > group 2 > lifetime 28800 > crypto isakmp client configuration address-pool local SDM_POOL_1 > ! > crypto isakmp client configuration group nbigroup > key srss135NOW > pool SDM_POOL_1 > save-password > max-users 50 > max-logins 10 > crypto isakmp profile sdm-ike-profile-1 > match identity group nbigroup > client authentication list sdm_vpn_xauth_ml_1 > isakmp authorization list sdm_vpn_group_ml_1 > client configuration address respond > virtual-template 1 > ! > ! > crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac > crypto ipsec transform-set test esp-aes esp-sha-hmac > crypto ipsec transform-set ESP_MD5_3DES esp-3des esp-md5-hmac > ! > crypto ipsec profile SDM_Profile1 > set transform-set ESP-3DES-SHA > set isakmp-profile sdm-ike-profile-1 > ! > ! > ! > ! > ! > interface FastEthernet0 > description $ETH-LAN$ > ip address xx.xx.xx.xx 255.255.240.0 > speed auto > full-duplex > ! > interface FastEthernet1 > description $ETH-LAN$ > ip address xx.xx.xx.xxx 255.255.255.224 > duplex auto > speed auto > ! > interface FastEthernet2 > ! > interface FastEthernet3 > ! > interface FastEthernet4 > ! > interface FastEthernet5 > ! > interface FastEthernet6 > ! > interface FastEthernet7 > ! > interface FastEthernet8 > ! > interface FastEthernet9 > ! > interface Virtual-Template1 type tunnel > ip unnumbered FastEthernet1 > tunnel mode ipsec ipv4 > tunnel protection ipsec profile SDM_Profile1 > ! > interface Vlan1 > no ip address > ! > interface Async1 > no ip address > encapsulation slip > ! > ip local pool SDM_POOL_1 192.168.150.1 192.168.150.254 > ip route 0.0.0.0 0.0.0.0 xx.xx.xx.xx permanent > ! > ! > ip http server > ip http authentication local > no ip http secure-server > ! > logging trap debugging > ! > ! > ! > ! > ! > ! > control-plane > ! > ! > line con 0 > line 1 > modem InOut > stopbits 1 > speed 115200 > flowcontrol hardware > line aux 0 > line vty 0 4 > transport input telnet ssh > line vty 5 15 > transport input telnet ssh > ! > ! > webvpn context Default_context > ssl authenticate verify all > ! > no inservice > ! > end > > > Cheers, > Anton > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anton Floor > Sent: 5. marraskuuta 2008 10:29 > To: 'SunRay-Users mailing list' > Subject: [SunRay-Users] Sun Ray VPN with Cisco > > Hi, > > We have an odd problem with our Sun Ray VPN setup > > We managed to get it work ones, but somehow after changing the password of > the VPN group > it stopped working and now DTU says PH1 connection expired 28G ? >>From cisco log we found line " group not found" ? but it is in there!!! > So does anyone have cisco ios vpn config working? We use Cisco 1800 box > > we use local groups and local users of the cisco box.. > > > Cheers, > Anton > > _______________________________________________ > SunRay-Users mailing list > [email protected] > http://www.filibeto.org/mailman/listinfo/sunray-users > > > ------------------------------ > > Message: 5 > Date: Wed, 05 Nov 2008 15:44:16 +0100 > From: Marcel Camijn <[EMAIL PROTECTED]> > Subject: Re: [SunRay-Users] Gobi8 VPN firmware > To: SunRay-Users mailing list <[email protected]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1 > > Are there any improvements over 2.1.0 ? I still can't connect to our > debian based srss servers with that version on a Gobi 7. > > Regards, > > Marcel > > David Markey wrote: >> Would anyone have a copy of the latest gobi8 VPN firmware(2.1.5)? >> >> >> Thanks. >> >> David >> _______________________________________________ >> SunRay-Users mailing list >> [email protected] >> http://www.filibeto.org/mailman/listinfo/sunray-users >> > > ------------------------------ > > Message: 6 > Date: Wed, 05 Nov 2008 10:07:14 -0500 > From: Bob Doolittle <[EMAIL PROTECTED]> > Subject: Re: [SunRay-Users] Regional Hot Desking (AMGH) > To: SunRay-Users mailing list <[email protected]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; format=flowed; charset=ISO-8859-1 > > William Yang wrote: >> The Sun Ray has to have some way of directly reaching your other Sun Ray >> server. Based on your description, it seems like you're using two >> independent private interconnects. The Sun Ray server does not act as a >> "proxy" to reach other Sun Ray servers, so I think what you are trying to do >> (without modifications) can't work. >> > > Right. AMGH uses the SRSS redirection mechanism, which merely tells a > Sun Ray to disconnect from the local server and reconnect to another > server. Both servers must be network reachable by the Sun Ray and IP > routable. > > -Bob > > > > ------------------------------ > > Message: 7 > Date: Wed, 5 Nov 2008 10:54:49 -0500 > From: "Jason Jones" <[EMAIL PROTECTED]> > Subject: [SunRay-Users] Solaris 10 x86 u5 + SRSS 4.1 + SRWC 2.1: To > Vrtualize or Not To Virtualize > To: [email protected] > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="iso-8859-1" > > Guys - I'm moving an existing customer from older SRSS to modern day > stuff. They have about 50 DTUs potentially growing to 100 DTUs over the > next 3 years. > > They have a robust VMware landscape today with Windows and a little NetWare > being virtualized. The only Solaris in house is in support of the > SRSSlandscape, and these servers are today run Solaris x86 natively > (they are > not virtualized) > > The customer has existing server hardware and licenses for VMware where they > could easily virtualize the Solaris landscape. These server could easily be > put into the existing VMware datacenter configuration, and this "foreign" > operating system (to them Solaris would be foreign) could at least have the > benefits of having some of the administrative / management functions fold > into their standard operating procedures (they won't have to worry about > mirroring the boot drives, they won't really have to worry about any kind of > backup / recovery, they will have the ability to reimage from a gold > template in a moment notice should something get sideways unexpectedly, > etc). > > The question is - does anyone have any experience or feedback about running > Solaris 10 x86 + SRSS + SRWC in a virtual landscape for production support > of < 100 DTUs compared to not running that in a virtualized server > environment? Any guidance / experience about what the possible performance > impact might be? Any other gotchas I might not be considering as I evaluate > the SRSS stack in a VM vs bare metal? > > Thanks! > -jason > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://www.filibeto.org/pipermail/sunray-users/attachments/20081105/b3e195ce/attachment-0001.html > > ------------------------------ > > Message: 8 > Date: Wed, 05 Nov 2008 08:02:53 -0800 > From: Kent Peacock <[EMAIL PROTECTED]> > Subject: Re: [SunRay-Users] BUG in new 4.1 firmware VPN client ?! > To: SunRay-Users mailing list <[email protected]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; format=flowed; charset=ISO-8859-1 > > What kind of Cisco gateway are you using? If it's a PIX, this is a known > issue that will be fixed as soon as possible. > > Kent > > > > On 11/05/08 06:04, Anton Floor wrote: >> Hi, >> >> >> With old firmaware GUI4.0_127553-03_2008.05.14.13.48 VPN connection worked >> but now with new GUI4.1_50_2008.09.25.12.37 it doesn´t >> seems to me that DTU´s vpn client doesn´t send group name correctly or vpn >> server doesn´t get it for some reason??? >> >> >From Cisco syslog I found this line after every connection trials with the >> >new firmware >> ---- >> (Server) Authentication PASSED User=nbiuser Group= >> Client_public_add=xxx.xxx.xx.xx Server_public_addr=xxx.xxx.xxx.xxx >> Group: does not exist >> ---- >> DTU shows "PH1 Connection expired 28G >> >> and after downgrading to GUI4.0_127553-03_2008.05.14.13.48 >> ---- >> (Server) Authentication PASSED User=nbiuser Group=nbigroup >> Client_public_add=xxx.xxx.xx.xx Server_public_addr=xxx.xxx.xxx.xxx >> ----- >> DTU connects to Sun Ray server through VPN >> >> This is our current configuration of the cisco 1800 box >> >> Current configuration : 2850 bytes >> ! >> ! Last configuration change at 14:48:10 Riga Wed Nov 5 2008 by admin >> ! >> version 12.4 >> service timestamps debug datetime msec >> service timestamps log datetime msec >> no service password-encryption >> ! >> hostname xxx-vpn001 >> ! >> boot-start-marker >> boot-end-marker >> ! >> logging buffered 4096 debugging >> ! >> aaa new-model >> ! >> ! >> aaa authentication login default local >> aaa authentication login sdm_vpn_xauth_ml_1 local >> aaa authorization exec default local >> aaa authorization network default if-authenticated >> aaa authorization network sdm_vpn_group_ml_1 local >> aaa authorization network test local >> ! >> aaa session-id common >> ! >> resource policy >> ! >> clock timezone Riga 2 >> clock summer-time Riga date Mar 30 2003 3:00 Oct 26 2003 4:00 >> ! >> ! >> ip cef >> ! >> ! >> ! >> ! >> ! >> username nbiuser secret 5 xxxxxxxxxxxxxxxxxxx. >> ! >> ! >> crypto logging ezvpn >> ! >> crypto isakmp policy 1 >> encr aes >> hash md5 >> authentication pre-share >> group 2 >> lifetime 28800 >> crypto isakmp client configuration address-pool local SDM_POOL_1 >> ! >> crypto isakmp client configuration group nbigroup >> key srss135NOW >> pool SDM_POOL_1 >> save-password >> max-users 50 >> max-logins 10 >> crypto isakmp profile sdm-ike-profile-1 >> match identity group nbigroup >> client authentication list sdm_vpn_xauth_ml_1 >> isakmp authorization list sdm_vpn_group_ml_1 >> client configuration address respond >> virtual-template 1 >> ! >> ! >> crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac >> crypto ipsec transform-set test esp-aes esp-sha-hmac >> crypto ipsec transform-set ESP_MD5_3DES esp-3des esp-md5-hmac >> ! >> crypto ipsec profile SDM_Profile1 >> set transform-set ESP-3DES-SHA >> set isakmp-profile sdm-ike-profile-1 >> ! >> ! >> ! >> ! >> ! >> interface FastEthernet0 >> description $ETH-LAN$ >> ip address xx.xx.xx.xx 255.255.240.0 >> speed auto >> full-duplex >> ! >> interface FastEthernet1 >> description $ETH-LAN$ >> ip address xx.xx.xx.xxx 255.255.255.224 >> duplex auto >> speed auto >> ! >> interface FastEthernet2 >> ! >> interface FastEthernet3 >> ! >> interface FastEthernet4 >> ! >> interface FastEthernet5 >> ! >> interface FastEthernet6 >> ! >> interface FastEthernet7 >> ! >> interface FastEthernet8 >> ! >> interface FastEthernet9 >> ! >> interface Virtual-Template1 type tunnel >> ip unnumbered FastEthernet1 >> tunnel mode ipsec ipv4 >> tunnel protection ipsec profile SDM_Profile1 >> ! >> interface Vlan1 >> no ip address >> ! >> interface Async1 >> no ip address >> encapsulation slip >> ! >> ip local pool SDM_POOL_1 192.168.150.1 192.168.150.254 >> ip route 0.0.0.0 0.0.0.0 xx.xx.xx.xx permanent >> ! >> ! >> ip http server >> ip http authentication local >> no ip http secure-server >> ! >> logging trap debugging >> ! >> ! >> ! >> ! >> ! >> ! >> control-plane >> ! >> ! >> line con 0 >> line 1 >> modem InOut >> stopbits 1 >> speed 115200 >> flowcontrol hardware >> line aux 0 >> line vty 0 4 >> transport input telnet ssh >> line vty 5 15 >> transport input telnet ssh >> ! >> ! >> webvpn context Default_context >> ssl authenticate verify all >> ! >> no inservice >> ! >> end >> >> >> Cheers, >> Anton >> >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anton Floor >> Sent: 5. marraskuuta 2008 10:29 >> To: 'SunRay-Users mailing list' >> Subject: [SunRay-Users] Sun Ray VPN with Cisco >> >> Hi, >> >> We have an odd problem with our Sun Ray VPN setup >> >> We managed to get it work ones, but somehow after changing the password of >> the VPN group >> it stopped working and now DTU says PH1 connection expired 28G ? >> >From cisco log we found line " group not found" ? but it is in there!!! >> So does anyone have cisco ios vpn config working? We use Cisco 1800 box >> >> we use local groups and local users of the cisco box.. >> >> >> Cheers, >> Anton >> >> _______________________________________________ >> SunRay-Users mailing list >> [email protected] >> http://www.filibeto.org/mailman/listinfo/sunray-users >> >> _______________________________________________ >> SunRay-Users mailing list >> [email protected] >> http://www.filibeto.org/mailman/listinfo/sunray-users > > > ------------------------------ > > _______________________________________________ > SunRay-Users mailing list > [email protected] > http://www.filibeto.org/mailman/listinfo/sunray-users > > > End of SunRay-Users Digest, Vol 58, Issue 6 > ******************************************* - -- C. J. Keist Email: [EMAIL PROTECTED] UNIX/Network Manager Phone: 970-491-0630 Engineering Network Services Fax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJEhRWA29OFr7C6jcRAvY0AJwOKixLl6YJrZJOKECqdfRshTQqPQCfQfjm UllUvFIdYL1FELySR5WsIPM= =Thej -----END PGP SIGNATURE----- _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
