Static Routes With Linux & Shorewall (site To Site VPN Virtual Private Network)
Mar 29, 2009
Attached is a (badly) drawn diagram of two sites, connected by a vpn.
The site to the left, is network 10.0.0.0/24 which runs a linux server as the router for the network.
The site to the right, is network 10.1.0.0/24 which runs a windows 2003 server as the router for the network.
Now, my problem is, the clients behind the windows 2003 server can ping any machine on the first network because i setup a static route to route all traffic to 10.0.0.0/24 over the vpn interface.
now, my problem is, only the linux server can ping any machine on the windows 2003 network, any client behind the linux server cant seem to route over the interface.
I have the following route on the linux server: .....
I want to setup static routes on my servers so that my colo provider won't bill me for traffic among my servers.
I use FreeBSD 6 on my servers. I read the FreeBSD handbook on this and it looks like i should do this:
route add -net 0.0.0/24 0.0.0.3
where 0.0.0/24 is the C class I have from my provider and 0.0.0.3 is the IP address of my server (one of them/any of them).
However, this route appears to already exist as i get this error when running that route command:
route: writing to routing socket: File exists add net 0.0.0: gateway 0.0.0.3: route already in table
Do I need to use a non-routeable ip block (eg 192.168.x.x) for this? Can I use "real"/routeable ips? Does FreeBSD take care of this for me automatically?
Hi guys! I have a VPN in a VPS and would like to move it together with other stuff that I do know how to migrate ( websites, etc, etc). I have not setup the VPN and its an OpenVPN on CentOS.
I have a Softlayer Windows 2003 server and it comes with two Network cards. I was wondering how I can create a VPN to the server and then access internet from there on. Our local ISP has blocked Skype and I need to VPN into myu SL server to use it.
I happen to have a Nortel 2500 and 2600 they have really hit there limits and looking to a few alts... preferably open source or low cost... I have about 500 instant internet end points and slowly moving each location to a AVTS circuit (manage VPN via ATT).
So would any one know of a concentrator to work with nortel?...
I'm trying to setup a VPN server on windows 2003 standard. It suppose to work like this if configuration is correct: the server will have 20 static public IP addresses, each of my workstations will use one of the 20 IPs to connect to the server, then connect to the internet with the same IP it connects to the server. So if I do a IP lookup, each workstation will show a different public IP but the server will always assign the same IP to the same workstation.
Now all my workstations can connect to the server with any of the IPs I have, and they can surf the internet with no problems at all. However, if I do a IP lookup, every workstation shows the same pubilc IP which is totally not what I wanted. I have searched google and not much useful infor come up. Can any of the experts here help me out?
In previous posts in this forum I was talking about having each server have an internal and external network connection but people point out that as they were load balanced it was a bad setup
I am now looking at setting up a VPN to access the internal servers that are load balanced. Does and one have any recommendations for good tutorials or sorftware that I can use on debian?
The Swedish parliament just passed a law mandating all information passing the Swedish borders to be copied to the government (no kidding). We wish to offer people VPN tunnels out of the country to protect their communication and therefore need:
* A location with good connectivity with Sweden (like somewhere in Europe) * A location where traffic is not normally routed through Sweden (such as Finland) * Lots of bandwidth * Many IP addresses * No storage space * Linux
We need to upload to a virtual server (managed with Plesk 11.5) a Wordpress site developed locally. We made this operations without problems many times on other hostings managed with custom panels, non-Plesk.
On the virtual server with Plesk, however, once the files are uploaded via FTP, the database via phpMyAdmin and updated the Wordpress configuration file, when you go to visit the website, it does not display anything and the browser opens the download window for a text file called "download" that contains the code of the file index.php of WordPress.
I current have a VPS hosted with a host who rent racks from Gyron.net at Telstra Londong Hosting Center Datacenter (Docklands) and im very satisfied with the network but im looking to change hosts, so im looking to find hosting companies that also rent racks/network from Gyron.net.
So does anyone knows hosting companies that rent space/racks/network from Gyron.net?
I'm looking for a host located in UK that can accept/support vpn/tunnel connections to the VPS - creation and access to vps' /dev/net/tun (TAP/TUN device) for use with tunneling services like vtun.
I am currently a customer of webhosting.uk.com, they look very good host but unfortunately they dont accept or support vpn on their VPS plans.
The bigger the list of hosts supporting vpn, the best.
Maybe hosts of other european countries too, if connection speed is acceptable.
Is there best way to setup VPN on windows server to access net (PPTP) . I have try few guide that let me login to server using vpn, but can not access th internet.
My new router ZyWall USG 300 supports IPsec, OpenVPN and L2TP for VPN protocol.
I don't know which protocol to choose! IPsec afaik is more compatible (windows supports natively), altough less secure. OpenVPN is more "friendly" to configure.
i looking for the servers (powerfull and cheap) i take this post in vps forum 2 day's ago but i understand that it is better for me to take the post in dedicated forum my friend's : 1-vpn server(with many ip)-->with high transfer + good performance(for start)
2-server for starting image hosting (with high or unlimited transfer + 100mbps )+atleast 50_60gb h.d.d
We recently began to mirror a large number of open source projects with a dedicated mirror server on our network and I was surprised not only with how popular the mirror server has become, is, but also of the ability of the hardware we're using to keep up with the load.
At an given time, the mirror seems to be pushing at least 50 Megabits of trafficthe server is also an IRC server (irc.igsobe.com) for customers and internal staff communications.
The hardware is a low end Dell Pentium 4 @ 2.66 GHZ server, running with 512MB of RAM and a 400 GB ATA hard drive. CentOS v5.3 is the operating system.
If you're interested, you can view the HTML logfile analysis here but that doesn't tell the full story as FTP users make up a good portion of the traffic. We've received over a quarter million hits in the first few days of November alone.
The only change that I made to the default configuration was lowering the maximum number of Apache servers to 128.
Just thought I'd share this information as I wouldn't have thought a server with such a small amount of RAM would be able to serve up so much data, even though we are talking strictly static HTML files.
I'll definitely keep this in mind when clients ask me for those "what type of dedicated server should I use for XXX" type discussions that are had all too often with clients.
I really wanna know if you've seen any other trace routes similar to this?
Wanna know the catch? Look what I put into CMD...
tracert core2.te5-2-bbnet2.wdc002.pnap.net
Code: Tracing route to core2.te5-2-bbnet2.wdc002.pnap.net.changeme.com [216.34.131.135] over a maximum of 30 hops:
2 <1 ms <1 ms <1 ms tr3.tpa-rt1.hivelocity.net [69.46.31.105] 3 3 ms <1 ms <1 ms xe-8-0-0.bar1.Tampa1.Level3.net [4.53.172.1] 4 18 ms 31 ms 18 ms ae-6-6.ebr2.Atlanta2.Level3.net [4.69.137.114] 5 22 ms 19 ms 19 ms ae-73-70.ebr3.Atlanta2.Level3.net [4.69.138.20] 6 37 ms 35 ms 35 ms ae-2.ebr1.Washington1.Level3.net [4.69.132.86] 7 41 ms 35 ms 35 ms ae-71-71.csw2.Washington1.Level3.net [4.69.134.134] 8 33 ms 34 ms 33 ms ae-2-79.edge2.Washington4.Level3.net [4.68.17.83] 9 33 ms 33 ms 33 ms savvis-level3-te.Washington1.Level3.net [4.68.110.102] 10 34 ms 34 ms 34 ms cr1-tengig0-7-2-0.washington.savvis.net [204.70.197.242] 11 85 ms 85 ms 85 ms cr2-pos0-0-0-0.sanfrancisco.savvis.net [204.70.192.90] 12 90 ms 90 ms 90 ms kar1-ge-1-0-0.SanFranciscosfo.savvis.net [206.24.211.22] 13 90 ms 91 ms 91 ms 204.70.200.142 14 86 ms 86 ms 86 ms cr1-gigabitethernet-0-7-1-0.SanFrancisco.savvis.net [206.24.211.9] 15 86 ms 86 ms 85 ms er1-7-0-0.SanJoseEquinix.savvis.net [204.70.200.197] 16 86 ms 86 ms 86 ms hr1-te-1-0-0.santaclarasc8.savvis.net [204.70.200.214] 17 86 ms 86 ms 86 ms hr1-te-2-0-1.santaclarasc9.savvis.net [204.70.200.18] 18 * 325 ms 322 ms csr11-ve242.santaclarasc8.savvis.net [66.35.194.98] 19 832 ms 86 ms 87 ms 216.34.131.135
Trace complete.
if you know any carrier that doesn't peer with Level3, Cogent, and Global Crossing...
After having my site on an Win2k3 virtual server for the last 10 years I've finally bitten the bullet and purchased a VPS account.
My site is an old legacy of MS Frontpage, complete with FPSE, Access databases, asp, html pages and lots of images. Total size is just over 4Gb.
I've tried publishing the site using MS ExpressionWeb direct from the virtual server to the VPS, plus I've tried to Publish them from the backup on my PC. Nothing works. I just get error after error after error.
EW starts to publish and maybe will run for 4 hours before throwing up an error saying that it can't find the web server or FPSE aren't installed. They are basically the same old error messages that all of Microsoft's Frontpage and Expression Web software have been throwing up since the day Frontpage was first marketed back in 1998! If they can't solve the problem you'd at least think they could change the error messages.
I've tried uploading them via FTP but without the MS server extensions the child webs aren't created so therefore I just end up with permission problems and nothing works properly-
I just want to know how can I enable directory listing while someone is browsing a directory that doesnt have an index.* created.. i know its a security risk but i really need it right now, right now a forbidden message appears, i just want that removed and all my files listed.
Can anyone explain me how to do that on Ensim Pro 4.1 for just 1 virtual site?
I plan on starting a social networking website similar to facebook using this script: www.socialengine.net
After talking to a host gator associate he mentioned that the only way to get it up was to buy a dedicated server because they won't allow it on any of their shared plans
My question is, which host/plan would you recommend for this particular project...we won't be offering photo albums and such but are expecting quite a bit of traffic and don't want the site to slow down or crash..also, any tips for a first timer?
If a network administrator decides sniff on you and do some damage on you, can you securely work from that network with your dedicated hosting server (I mean here using fpt client and ssh client to work on your system)?
If yes, what are the security steps one should follow in such an environment?
Can ftp and ssh clients be trusted in such an environment and if yes what ftp and ssh clients would you recommend?
I created a new virtual site and cloned an existing to to the new docroot to have content. But when I access it I receive the Access Denied you do not have permission to access . . .I've checked all my entries and unless I'm blind I cannot figure out how to remedy this on my Windows 2003R2 server running apache 2.2.x
I am currently with the planet and am happy with them, however as part of a new venture I need to gather a list of hosts as well as the planet that will be able to cater to the ventures needs and go to tender with the requirements.
ThePlanet offer something called a virtual rack. This is cheaper than renting a dedicated rack, allows for Gb networking but doesnt not allow for a SAN. Do other providers offer something similar? The cost of putting a machine on the virtual rack is not that much more expensive than just renting the machine. I guess there isn't too much to these set-ups to be fair.
If not, then we are looking for dedicated racks, with the ability to host a SAN at some point, but starting off with say 3 servers (2 web servers, 1 storage server with raid5 6Tb of hdd). These servers will be dealing with network cameras although I don't think that many will be streaming at once but the network capacity does need to be there.
Who's door should I be knocking on to find out some prices?
One final thing, should I bother looking for co-lo providers as well? We are in the Uk but not precious about our host being in the same country at all (it would be nice but uk prices are ££). Really, all we would be able to do with co-lo is buy the hardware outright to save price as we are not interested in looking after the hardware.
Starting point: a working site using a shared IPv4, dedicated IPv6, and SSL. HTTP and HTTPS work, the latter only using SNI of course.
The good news: If I simply allocate an IP resource of 1 to a subscription it is pulled from the pool, assigned to the service node, assigned to the web site, DNS is updated, and the site is automatically changed to using a Dedicated IPv4 and Dedicated IPv6.
The bad news: visitors land on the default web site of the service node, with the default SSL certificate.
Other info: I can't ping the new IP, even though it shows in "ip a l" and /etc/sysconfig/network-scripts/ifcfg-eth0:0. [edited]
After the IP assignment, it is still installed, and /etc/httpd/conf/plesk.conf.d/ip_default/domainname.conf shows the new certificate is being used.
However, a second set of VirtualHost entries is created in server.conf for this IP for ports 80 and 443, with NameVirtualHost enabled on the new IP. The port 443 entry uses the default certificate. Apache's setup this default VirtualHost entry will override the web site configuration because Apache is listening on port 443 with the wrong cert.
If I go to "Change webspace settings" and toggle to Shared IPv4, Dedicated IPv6 the site works again via HTTPS, and Dedicated IPv4 and Dedicated IPv6 breaks it again. Setting the SSL cert to None and back again does not work.
Setting the SSL cert to None, changing to a dedicated IP, and enabling SSL results in the server being inexplicably inaccessible...browsers no longer connect to either the default site or the correct site, and I don't see any entries in the vhosts's logs.
