I'm in need of setting up cron-based VPN connectivity from Ubuntu "Jaunty" to a Windows-based VPN over PPTP for incremental DB synchronization. Using the default Network Manager and PPTP module everything seems to work fine. However, I have 2 issues:
1) Despite checking "Use this only for resources", I still lose my local internet connection and am routed through their servers.
2) As a result of 1 I have need to automate connecting to and disconnecting from the VPN in order to perform various tasks as the machine is at the office and I am not.
Much of the information I'm finding on PPTPing from Linux to Windows involves the use of GUI Network Manager, etc. However, I need to perform these steps from the command line for the sake of automation. Can anyone point me to a quality bit of documentation for this specific case?
Best.
http://pptpclient.sourceforge.net/
I think this site has everything that you need :)
Related
I am a newbie at PowerShell but wouldn't ask without spending a ton of time looking online first.
Is there any possible way of specifying ipv4 DNS Server (and alternate) without being connected to the VPN first?
I am installing VPN profile for a business which I can do manually but there is close to 180 users which I am trying to implement through a PowerShell script in Endpoint Configuration Manager. I am obviously trying to work smarter, not harder.
I already have the Add-VpnConnection script down which works great but I still have to manually change the Primary and Alternate DNS for ipv4.
In addition, I would like to turn off ipv6 for this VPN but that coincides with this originally problem I am running across.
Any help or ideas down the right path would be much appreciated!
I have a client who is remote. I need to debug some weird problem that none of my other clients are having. Before I try and set up a conference with this client, I would like to know if there is some way of remotely debugging our application.
I see that there are remote debugging tools available for Visual Studio, but from what I've read, I need to be on the same subnet. As the person is remote, this is not a possibility. Also, as I'd like to keep our connection secure, I would need to connect up some sort of encrypted tunnel (this is where I'm a little fuzzy as my networking skills are mostly theoretical).
As I understand it, an encrypted tunnel is a bridge to another (different) subnet. This is to ensure that those computers on the other side won't interfere with the local subnet computers.
So, because the client's computer is on a different subnet, I think that this is not possible. Or is it? Should there not be a way of making the client's computer show up as a virtual computer on my subnet, by forwarding packets from one subnet to another? I would think that this is theoretically possible, but I'm not exactly sure how I would go about this.
Also, at the moment, my current way that we connect to clients is through GoToMeeting, but I don't think that it supports tunneling. If not, then I may need some way of generating a tunnel, so I was also thinking of maybe using some SSH programme like PuTTY.
As I have said before, my knowledge of networking is quite theoretical, so if the tools that I am suggesting are not the correct ones, please correct me. (I'm a programmer, damm it! Not a network engineer!)
Both computers are Windows boxes. Windows 10 (client) and Windows 8.1 (development).
If you can connect to an ssh server in the remote network, you can (subject to configuration on the server) create a tunnel such that you connect to a socket on your local pic and the connection appears from the server to an endpoint on the remote network.
You'll want to investigate the -L command of OpenSSH, which combined with the PuTTY docs, should help explain what's required.
By default, the endpoint would be a port on the ssh server, but it could be a port on a different host that the remote server can connect to.
I'm not familiar with the current state of Windows SSH servers, but even if there isn't a system server to hand, you should be able to have on run 'on demand' - if you run it on a non-privileged port and by the user you want to connect in as, it shouldn't even need Admin privileges.
I'm not familiar with GoToMeeting, but the one thing with SSH tunnelling it that IT depts should be familiar with SSH. If trying that, focus on getting a working connection in, then setting up the tunnel, then connecting through it as separate steps.
Once you have an SSH connection, then it doesn't need to do something itself, and you can then investigate connecting while specifying the port forwarding, but will will need to get the basic connection working correctly first.
I have set up a Win XP machine at work that we use as our server, to allow RDP connections. This allows all our staff to access the server from home when needed. As it is not a server OS, we are missing many of the terminal services features a regular server would have. The machine only allows one RDP session at a time (which is a minor inconvenience, but not a big deal).
What is bothersome, is that no one can tell if the server is currently being used in an RDP session, and we all keep booting each other off. Every solution I have found online assumes the remote computer is a Server OS or on a local network/domain. Our staff's home computers are not connected to the office network and we have no domain set up at the office.
Is there any way to tell if the server is in an RDP session before remoting onto the server from home? Ideally we would be able to detect which home computer is accessing the server. But if that is not possible, it would be extremely helpful to at least know that an RDP session is running.
We were previously using logmein, which could tell us if the remote computer keyboard and mouse were active and allow a chat with the user currently remoted on/physically on the machine. This was extremely convenient, but involves logging onto the logmein website and going through a semi-lengthy process of connecting. It is also much slower and resolution is much worse than RDP. Not super convenient for regular daily use.
This post deals with the same issue
https://superuser.com/questions/313390/ways-to-check-if-user-is-active-on-remote-machine-before-rdping
but the accepted response is to use qwinsta on cmd, which I believe is only available on server OS's. Other responses include using psexec (I've tried using psloggedon.exe, but this appears to only work for users on the same domain). Another suggests using the wmic.exe command, but when I try that I get the error: The RPC Server is unavailable (I think this also needs to be run on the same domain).
So basically - is there any way to check for active rdp sessions on a Win XP machine from a remote computer not on the local network/domain?
I'm open to outside-the-box solutions like writing a simple app to run on the xp server and tell remote machines what IP is connected in an RDP session.
Going on Harry Johnston's suggestion, I wrote an app which finds who is connected to the xp machine on port 3389, and relays that information by udp to receiving apps. Now we can check if someone is connected and who it is before unwittingly booting them off. Thanks Harry!
I have a program consisting of a server and a client processes. Both run on Windows systems - Windows 2000 or later versions. The two processes can run on the same machine or on two different machines.
How can the client determine if it is run on the same machine as the server? If the server is not running the client can't work anyway and doesn't care where the server possibly is - so this case is out of the question. I've heard that each Windows machine has an UUID - can I obtain it and use for that purpose?
Windows networking requires computer names to be unique, so calling the GetComputerName api and having the client and server swap names (and compare the received name to the name they see) should suffice. If the client and server can start up independently of one another then you'll need some sort of protocol for this process. It seems logical for the client to initiate the exchange, and the server to only send its name when it has received a name from a client. The client can then abort the connection if it sees the same name.
I believe most virtual machine systems will allow the virtual machine to have its own name, so it should still be possible for you to test on virtual machines. However I don't have extensive experience of all the virtualisation technologies out there, so can't say for sure.
Previous question about generating a unique machine id that might help.
Link to previous answer which mentions MachineGUID
It is straightforward to add an API to the server that reports its machine name. The environment variable is COMPUTERNAME. The client could check that, right?
Do you need to deal with any of these cases?
The client is running, but the server is not responding, and you want to know whether the unresponsive server is on a remote machine.
The client and the server are running in two distinct virtual machines on the same host machine, and you want to report that as "running on the same machine."
The client is running in a virtual machine hosted by the same machine as the server is running on, and you want to report that as "running on the same machine."
The client and the server are running on uncoordinated networks and both might have been assigned the same name.
The server is possibly hostile, and will attempt to deceive the client.
The network card will have a unique MAC. If both server and client report the same MAC then they are using the same network card. If both client and server are running in different virtual machines but using the same network card, do you consider them running on the same machine or different machines?
how about trying to establish a loopback tcp connection? or maybe checking for some lock file created by the server in a predefined folder...
I don't know exactly how, but there's for sure something equivalent in Win32 to the /proc filesystem in Unix (I think there are free replacements for the windows taskmanager, maybe you could look at their sources) where you could search for your server process.
Scenario.
3rd party admins want to administer systems with PS remoting/direct login of clients and servers behind NAT gateways.
The systems are SBS 2003 or W2K3. all are behind NAT firwalls with varying RFC1918 subnets and no site to site VPNs (although a solution would likely require this.)
Each site has its own unrelated AD setup.
The 3rd party admin network (also behind a NAT)has no trusts with the target sites (obviously SBS sites have this problem by default an It seems VPNs have problems if the same RFC1918 subnet address range is used on both sides.
Name resolution across VPN would be a prerequisite. advice
Is there some "reflection" approach (similar to Ultra VNC that would serialize PS objects and pass them through NATs without requiring router reconfig? or is portforwarding to SSH or similar required with direct remote logins? can any of this be accomplished or automated without use of a mouse?
what .NET remoting approaches might help solve this problem?
the nsoftware Powershell server solution works for SSH it seems but only where machines are publically addressable and it was also discounted due to its per CPU licensing scheme.
are there other similar alternatives to it?
You're probably best off finding a way to tunnel to a single machine, and then hop from there to the machines you want to administer. You'd need to forward a port to that first machine.
Your network security people should be very concerned about this machine; if they're not, they don't know their jobs.
My first approach would be to use PowerShell V2's remoting for both hops.
I concur with #JayBazuz,i Powershell V2 (currently in CTP3) uses WinRM, which can be configured to work over HTTPS(really any port you choose), thus working through firewalls and NATS.
james