02-19-2013
Did you get your reverse tunnel working? Can your share any error during execute last command?
10 More Discussions You Might Find Interesting
1. Programming
hi everybody and thank you for this wondefrul forum
this is my first thread posted here and i hope that i could find some help from your part (i am even sure) :D
here is the situation: i am to develop an application of remote desktop access such as vnc, vpn and especially nx
i want to develop... (0 Replies)
Discussion started by: bolboln01
0 Replies
2. UNIX for Advanced & Expert Users
Two question here, but it's only one on the protocol point of view.
If two persons use the same key to connect to a SSH server is there a risk they can decipher the other tunnel. In other terms is that less safe than if they have two separate keys.
Same question if two persons use the same user... (2 Replies)
Discussion started by: moi
2 Replies
3. Shell Programming and Scripting
Hello all,
First time posting, although the site has helped solve many problems in the past!
I would like to create a script to simplify a series of commands that I run:
Log into the ssh-server (RSA key)
ssh username@hostname -p 6110
Once there, I mount a truecrypt volume:
truecrypt... (3 Replies)
Discussion started by: freshtoast
3 Replies
4. UNIX for Advanced & Expert Users
I have initiated a tunnel for vncserver. now i want to stop it. is there any way except sleep option? (2 Replies)
Discussion started by: majid.merkava
2 Replies
5. Cybersecurity
Hi all,
I'm trying have an alternative way of connecting into a Corporate network. Mostly in case the VPN down as I cannot also change the security policy.
I want to expose windows RDP over ssh tunnel.
I have 3 hosts in my scenario
1- Host a : Windows 2k8 has no internet access just only an... (3 Replies)
Discussion started by: h@foorsa.biz
3 Replies
6. IP Networking
I have a Java web app on machine (X) that needs to talk to an LDAP server (Y) on :636, but the LDAP server is only accessible on a particular network.
I can login to a machine (Z) on that network from X, and this machine can talk to the LDAP server on :636.
How can I tunnel so that X can... (2 Replies)
Discussion started by: spacegoose
2 Replies
7. UNIX for Advanced & Expert Users
Hi all
I have a suite of scripts that ssh to remote servers within a cluster and run some tests. This is done from a central server so that all of the test results can be captured in one location.
Problem is I now have 509 tests and the number is growing. The scripts work by establishing a... (2 Replies)
Discussion started by: steadyonabix
2 Replies
8. Proxy Server
Hello,
I have a video streaming application that utilizes a WebSocket for the server <-> client communication. My goal is to make the video streaming service available over the internet in the cases where neither the server nor client have public IPs.
One way to do this is over a VPN... (8 Replies)
Discussion started by: Vladislav
8 Replies
9. Solaris
Hello Solaris experts:
Trying to bring the 11.3 gdm screen over ssh to a Linux Box:
I did the following:
1. made chanes to /etc/ssh/sshd_config & bounced ssh daemon:
# X11 tunneling options
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
2. From the remote Linux box:
... (6 Replies)
Discussion started by: delphys
6 Replies
10. UNIX for Advanced & Expert Users
I am not clear with the part of concept of Tunneling using ssh.
ssh -f -N -L 1029 192.168.1.47:25 james@192.168.1.47
I found out that above code works for me . but didn't quite well understood how ti works and need to ask you guys some questions.
since we are using tunnel through ssh ... (2 Replies)
Discussion started by: lobsang
2 Replies
LEARN ABOUT MOJAVE
tc-tunnel_key
Tunnel metadata manipulation action in tc(8) Linux Tunnel metadata manipulation action in tc(8)
NAME
tunnel_key - Tunnel metadata manipulation
SYNOPSIS
tc ... action tunnel_key { unset | SET }
SET := set src_ip ADDRESS dst_ip ADDRESS id KEY_ID dst_port UDP_PORT [ csum | nocsum ]
DESCRIPTION
The tunnel_key action combined with a shared IP tunnel device, allows to perform IP tunnel en- or decapsulation on a packet, reflected by
the operation modes UNSET and SET. The UNSET mode is optional - even without using it, the metadata information will be released automati-
cally when packet processing will be finished. UNSET function could be used in cases when traffic is forwarded between two tunnels, where
the metadata from the first tunnel will be used for encapsulation done by the second tunnel. SET mode requires the source and destination
ip ADDRESS and the tunnel key id KEY_ID which will be used by the ip tunnel shared device to create the tunnel header. The tunnel_key
action is useful only in combination with a mirred redirect action to a shared IP tunnel device which will use the metadata (for SET ) and
unset the metadata created by it (for UNSET ).
OPTIONS
unset Unset the tunnel metadata created by the IP tunnel device. This function is not mandatory and might be used only in some specific
use cases (as explained above).
set Set tunnel metadata to be used by the IP tunnel device. Requires id , src_ip and dst_ip options. dst_port is optional.
id Tunnel ID (for example VNI in VXLAN tunnel)
src_ip Outer header source IP address (IPv4 or IPv6)
dst_ip Outer header destination IP address (IPv4 or IPv6)
dst_port
Outer header destination UDP port
[no]csum
Controlls outer UDP checksum. When set to csum (which is default), the outer UDP checksum is calculated and included in the
packets. When set to nocsum, outer UDP checksum is zero. Note that when using zero UDP checksums with IPv6, the other tunnel
endpoint must be configured to accept such packets. In Linux, this would be the udp6zerocsumrx option for the VXLAN tunnel
interface.
If using nocsum with IPv6, be sure you know what you are doing. Zero UDP checksums provide weaker protection against cor-
rupted packets. See RFC6935 for details.
EXAMPLES
The following example encapsulates incoming ICMP packets on eth0 into a vxlan tunnel, by setting metadata to VNI 11, source IP 11.11.0.1
and destination IP 11.11.0.2, and by redirecting the packet with the metadata to device vxlan0, which will do the actual encapsulation
using the metadata:
#tc qdisc add dev eth0 handle ffff: ingress
#tc filter add dev eth0 protocol ip parent ffff:
flower
ip_proto icmp
action tunnel_key set
src_ip 11.11.0.1
dst_ip 11.11.0.2
id 11
action mirred egress redirect dev vxlan0
Here is an example of the unset function: Incoming VXLAN traffic with outer IP's and VNI 11 is decapsulated by vxlan0 and metadata is unset
before redirecting to tunl1 device:
#tc qdisc add dev eth0 handle ffff: ingress
#tc filter add dev vxlan0 protocol ip parent ffff: flower
enc_src_ip 11.11.0.2 enc_dst_ip 11.11.0.1 enc_key_id 11 action tunnel_key unset action mirred egress redirect dev tunl1
SEE ALSO
tc(8)
iproute2 10 Nov 2016 Tunnel metadata manipulation action in tc(8)