Re: [SunRay-Users] SRS 4.1 attempts to open ALP traffic to DTU behind a NAT

Tue, 13 Dec 2011 09:11:54 -0800

You state that both servers have the same policy. Do you mean that they are not part of a host group (aka FOG)?
With your policy, unregistered smart cards are not allowed. The Sun Ray Server, when asked to start a session for an unregistered token will attempt to stream down AYUV graphic that looks like a "Do Not Enter" sign. However, you'll never see this since your DTU is behind NAT. 


Can you drop the registered card requirement?  It really isn't buying 
you anything since you allow non-registered kiosk sessions and card mode 
is setup for kiosk as well.



If not in a host group, it it possible that you have not registered the 
smart cards on both servers? If the two servers are in a host group, is 
it healthy?  What does utgstatus show?



Finally, what version of the 4.1 core services patch are you running? 
139548(SPARC)/139549(x86)/139550(Linux).  There are callme protocol 
changes that you'd want to have on your servers.


I'll post the same to the forum.



On 12/13/11 3:07 AM, Ing Etienne V. Depasquale wrote:

Good day,

This question is also posted at the oracle.com communities.

My Sun Ray 2 DTU sits behind a NAT agent. It is therefore pointless for
my Sun Ray Server 4.1 to do what it is currently doing, specifically: it
is trying to open the ALP UDP connection, rather than wait for the DTU
to open it. Can anyone tell me how to convince the server to wait for
the UDP connection - not initiate it? Another server that I manage does
not pose the same problem with the DTU - it waits for the connection.
Both the servers have the same authentication policy: -r card –z pseudo
–k both

Below, I have posted the snoop output, for both the un-complying server
(posted first) and the complying server.

Cheers,

Etienne

##################START OF snoop OUTPUT with regard to un-complying SRS
server.

Using device vmxnet3s0 (promiscuous mode)
sunray -> <my DTU's public IP address>TCP D=60369 S=7009 Push
Ack=1507568071 Seq=2884057562 Len=252 Win=49368
<my DTU's public IP address>-> sunray TCP D=7009 S=60369 Rst
Seq=1507568071 Len=0 Win=0
<my DTU's public IP address>-> sunray TCP D=7009 S=60405 Syn
Seq=3886511282 Len=0 Win=4096 Options=<mss 1452>
sunray -> <my DTU's public IP address>TCP D=60405 S=7009 Syn
Ack=3886511283 Seq=2908956285 Len=0 Win=49368 Options=<mss 1460>
<my DTU's public IP address>-> sunray TCP D=7009 S=60405 Ack=2908956286
Seq=3886511283 Len=0 Win=4096
<my DTU's public IP address>-> sunray TCP D=7009 S=60405 Push
Ack=2908956286 Seq=3886511283 Len=481 Win=4096
sunray -> <my DTU's public IP address>TCP D=60405 S=7009 Ack=3886511764
Seq=2908956286 Len=0 Win=49368
sunray -> <my DTU's public IP address>TCP D=60405 S=7009 Push
Ack=3886511764 Seq=2908956286 Len=93 Win=49368
<my DTU's public IP address>-> sunray TCP D=7009 S=60405 Push
Ack=2908956379 Seq=3886511764 Len=430 Win=8095
sunray -> <my DTU's public IP address>TCP D=60405 S=7009 Ack=3886512194
Seq=2908956379 Len=0 Win=49368
sunray -> <my DTU's public IP address>TCP D=60405 S=7009 Push
Ack=3886512194 Seq=2908956379 Len=419 Win=49368
<my DTU's public IP address>-> sunray TCP D=7009 S=60405 Push
Ack=2908956798 Seq=3886512194 Len=427 Win=8095
sunray -> <my DTU's public IP address>TCP D=60405 S=7009 Ack=3886512621
Seq=2908956798 Len=0 Win=49368
sunray -> <my DTU's public IP address>TCP D=60405 S=7009 Push
Ack=3886512621 Seq=2908956798 Len=39 Win=49368
<my DTU's public IP address>-> sunray TCP D=7009 S=60405 Ack=2908956837
Seq=3886512621 Len=0 Win=8095
sunray -> <my DTU's public IP address>TCP D=60405 S=7009 Push
Ack=3886512621 Seq=2908956837 Len=42 Win=49368
<my DTU's public IP address>-> sunray TCP D=7009 S=60405 Ack=2908956879
Seq=3886512621 Len=0 Win=8095
sunray -> <my DTU's public IP address>TCP D=60405 S=7009 Push
Ack=3886512621 Seq=2908956879 Len=42 Win=49368
sunray -> <my DTU's public IP address>TCP D=60405 S=7009 Push
Ack=3886512621 Seq=2908956921 Len=42 Win=49368
sunray -> <my DTU's public IP address>TCP D=60405 S=7009 Push
Ack=3886512621 Seq=2908956963 Len=42 Win=49368
sunray -> <my DTU's public IP address>UDP D=0 S=40000 LEN=56
sunray -> <my DTU's public IP address>UDP D=0 S=40000 LEN=56
sunray -> <my DTU's public IP address>UDP D=0 S=40000 LEN=56
sunray -> <my DTU's public IP address>UDP D=0 S=40000 LEN=56

##################END OF snoop OUTPUT with regard to un-complying SRS
server.

##################START OF snoop OUTPUT with regard to complying SRS server.
snoop <my public ip address>
Using device /dev/rtls0 (promiscuous mode)
<my public ip address>-> sunray TCP D=7009 S=54610 Syn Seq=1239401623
Len=0 Win=4096 Options=<mss 1412>
sunray -> <my public ip address>TCP D=54610 S=7009 Syn Ack=1239401624
Seq=62520706 Len=0 Win=49420 Options=<mss 1460>
<my public ip address>-> sunray TCP D=7009 S=54610 Ack=62520707
Seq=1239401624 Len=0 Win=4096
<my public ip address>-> sunray TCP D=7009 S=54610 Push Ack=62520707
Seq=1239401624 Len=419 Win=4096
sunray -> <my public ip address>TCP D=54610 S=7009 Ack=1239402043
Seq=62520707 Len=0 Win=49420
<my public ip address>-> sunray TCP D=7009 S=54610 Push Ack=62520707
Seq=1239402043 Len=158 Win=4096
sunray -> <my public ip address>TCP D=54610 S=7009 Ack=1239402201
Seq=62520707 Len=0 Win=49420
sunray -> <my public ip address>TCP D=54610 S=7009 Push Ack=1239402201
Seq=62520707 Len=394 Win=49420
sunray -> <my public ip address>TCP D=54610 S=7009 Push Ack=1239402201
Seq=62521101 Len=13 Win=49420
<my public ip address>-> sunray TCP D=7009 S=54610 Push Ack=62521114
Seq=1239402201 Len=335 Win=8095
sunray -> <my public ip address>TCP D=54610 S=7009 Ack=1239402536
Seq=62521114 Len=0 Win=49420
sunray -> <my public ip address>TCP D=54610 S=7009 Push Ack=1239402536
Seq=62521114 Len=46 Win=49420
<my public ip address>-> sunray TCP D=7009 S=54610 Ack=62521160
Seq=1239402536 Len=0 Win=8095
<my public ip address>-> sunray UDP D=40001 S=54612 LEN=24
sunray -> <my public ip address>UDP D=54612 S=40001 LEN=460
sunray -> <my public ip address>UDP D=54612 S=40001 LEN=56
sunray -> <my public ip address>UDP D=54612 S=40001 LEN=100
sunray -> <my public ip address>UDP D=54612 S=40001 LEN=100
sunray -> <my public ip address>UDP D=54612 S=40001 LEN=44
sunray -> <my public ip address>UDP D=54612 S=40001 LEN=44
sunray -> <my public ip address>UDP D=54612 S=40001 LEN=52
<my public ip address>-> sunray UDP D=40001 S=54612 LEN=24
<my public ip address>-> sunray UDP D=40001 S=54612 LEN=152
<my public ip address>-> sunray UDP D=40001 S=54612 LEN=152
<my public ip address>-> sunray UDP D=40001 S=54612 LEN=152
<my public ip address>-> sunray UDP D=40001 S=54612 LEN=152
<my public ip address>-> sunray UDP D=40001 S=54612 LEN=152
<my public ip address>-> sunray UDP D=40001 S=54612 LEN=152
<my public ip address>-> sunray UDP D=40001 S=54612 LEN=88
<my public ip address>-> sunray UDP D=40001 S=54612 LEN=24

##################END OF snoop OUTPUT with regard to complying SRS server.





_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users

_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users






















					Reply via email to