I have access to the paid plan on ngrok. I want to have port 9000 open on a public domain.
What I have now:
Session Status online
Account ... (Plan: Pro)
Version 2.3.35
Region United States (us)
Web Interface http://127.0.0.1:4040
Forwarding tcp://6.tcp.ngrok.io:19004 -> localhost:9000
Connections ttl opn rt1 rt5 p50 p90
0 0 0.00 0.00 0.00 0.00
What I want:
Session Status online
Account ... (Plan: Pro)
Version 2.3.35
Region United States (us)
Web Interface http://127.0.0.1:4040
Forwarding tcp://whatever.ngrok.io:9000 -> localhost:9000 <= public port is 9000
Connections ttl opn rt1 rt5 p50 p90
0 0 0.00 0.00 0.00 0.00
I can create my own subdomain like foobar.eu.ngrok.io, how do I reuse that and open the port 9000 on it?
Have you tried this from the docs?
ngrok tcp --region=us --remote-addr 1.tcp.ngrok.io:20301 22
Listening on a reserved remote address
Normally, the remote address and port is assigned randomly each time you start a TCP tunnel. For production services (and convenience) you often want a stable, guaranteed remote address. To do this, first, log in to your ngrok.com dashboard and click "Reserve Address" in the "Reserved TCP Addresses" section. Then use the -remote-addr option when invoking ngrok to bind a tunnel on your reserved TCP address. Make sure the -region you specify matches the region in which you reserved your address.
Reference: https://ngrok.com/docs#tcp-remote-addr
Related
I'd like to set up a vpn to allow two separate computers to connect to each other.
I've found a bunch of places where they say you should remove redirect-gateway def1 bypass-dhcp from the server config and add a route route 10.0.0.0 255.255.255.0 vpn_gateway to make connecting to the private network work. But this doesn't seem to do what I want.
Yes it now makes all requests via my local gateway (All servers report my public ip is my own ip, rather than that of the vpn), but now connecting to other clients no longer works.
I can still connect to my own private ip (10.0.0.0) as assigned by the vpn, but other clients can not reach me on this same ip.
My client.conf:
client
dev tun
proto udp
remote vpn.example.com 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-GCM
auth SHA256
verb 3
key-direction 1
My server.conf:
port 1194
proto udp
dev tun
ca ca.crt
cert vpnserver.crt
key vpnserver.key
dh none
topology subnet
server 10.8.0.0 255.255.255.0
route 10.0.0.0 255.255.255.0
ifconfig-pool-persist /var/log/openvpn/ipp.txt
client-config-dir ccd
# push "redirect-gateway def1 bypass-dhcp"
push "route 10.0.0.0 255.255.255.0 vpn_gateway 1"
client-to-client
keepalive 10 120
tls-crypt ta.key
cipher AES-256-GCM
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
verb 3
explicit-exit-notify 1
ccd/myclient
ifconfig-push 10.0.0.0 255.255.255.255
How can I make client-to-client work without making all my regular traffic flow through the vpn?
edit: After some more experimenting I've figured out that this setup is working fine as long the assigned private ip is in the 10.8.0.x range. I have a few static private ips in the 10.0.0.x range, so that's why it isn't working. I'd still like to use these ips though.
I ended up changing the server config to use 10.0.0.x as default pool.
I changed:
server 10.8.0.0 255.255.255.0
route 10.0.0.0 255.255.255.0
to
server 10.0.0.0 255.255.255.0
I don't like that static and dynamic ips are now both using the same pool, but this is the best I can do.
I have a question about establishing a stable internet connection (IuPS_PS) between MS and our developed network core system using our home nodeB (HNB).
In our core system, we can see the the internet packets which are sent from MS to HNB and from HNB to the core system. I attached a screenshot of the wireshark log on the interface between HNB and core.
As you can see in this picture, the user query is server.hnb. Source IP (MS IP) is 10.250.0.114 and destination IPs are 172.60.3.154 (core IP) and 8.8.8.8 which we are set as DNS address in Activate PDP Context Accept (Activate PDP Context Accept is a message which is sent from core to HNB and from HNB to MS which contains some internet parameters such as DNS IPs, bit-rates, ... ). The protocol is GTP-DNS and the stacked layers are DNS / UDP / IP / GTP / UDP / IP. I attached the stacked layers in the following images:
Destination IP is 172.60.3.154
Destination IP is 8.8.8.8
Also, we know that to handle GTP packets, a GTP tunnel is required to listen to UDP port 2152. To do that, we use libgtpnl (osmocome project) and to establish a GTP tunnel, at first, we have to create a GTP interface using the following command of libgtpnl:
gtp-link add gtp1 --sgsn
where gtp1 is interface name. After executing the above command, we use netstat to display network connections and here is the result:
and every thing is OK. Finally, we add GTP tunnel using the following command of libgtpnl:
gtp-tunnel add gtp1 v1 100 1 10.250.0.114 172.60.3.154
where v1 is GTP version, 100 is the gTP-TEI field in RAB-Assignment Request (GTP tunnel configurations which is sent from core to HNB) and 1 is the similar filed obtained from RAB-Assignment Response (GTP tunnel configurations which is sent from HNB to core). Also, 10.250.0.114 is the MS IP and 172.60.3.154 is the core IP.
After receiving some packets from MS to core and using netstat, we see that Recv-Q (bytes in UDP port 2152 which are ready to read) is increased to a value more than 0, but the added GTP tunnel is not read the GTP packets and the gtp1 interface which we already added is empty in wireshark. What is the problem that GTP packets are not inserted in my GTP tunnel (gtp1)?
You want to handle GTP-U packets so your test machine is GGSN rather than SGSN, thus your git-link command is not correct, the parameter "--sgsn" must be removed.
The commands of libgtpnl on SGSN and GGSN are as similar as below:
SGSN:
gtp-link add gtp1 --sgsn
gtp-tunnel add gtp1 v1 100 200 1.1.1.1 2.2.2.10
GGSN:
gtp-link add gtp1
gtp-tunnel add gtp1 v1 200 100 1.1.1.1 2.2.2.2
2.2.2.2 is IP address of SGSN node
2.2.2.10 is IP address of GGSN node
1.1.1.1 is IP address of user/terminal
I have enabled 1 port [8081] and it's accessible from the remote computer. but the same for other port [7500] not working?
I would like to know the meaning of the below line?
TCP [::]:8081 [::]:0 LISTENING
And how to enable the same for port [7500]?
Attached listening port status:
netstat -na outputs 4 columns of data:
Proto, Local Address, Foreign Address, and State.
When looking for port 8081, you find 2 entries - one for TCP on 0.0.0.0:8081 for IPv4, and one for TCP [::]:8081 for IPv6.
When looking for port 7500, you find 1 entry - one for TCP 0.0.0.0:7500 for IPv4 only.
In both cases, you have local sockets listening via wildcard IPs to all local network adapters, and there is no "Foriegn Address" assigned because a listening socket is not connected to any remote party. TCP sockets in the ESTABLISHED state have remote parties.
You have not shown any code, or explained your network setup, so nobody can really explain why you have 2 entries for port 8081 but only 1 entry for port 7500, or why remote computers can connect to port 8081 but not to port 7500. Maybe those clients are only using IPv6? Maybe your listening computer is behind a router that doesn't forward port 7500? We don't know.
I would appreciate any help with configuration of MS Windows Server 2012 R2. I have tried more solutions, but any of them were not so appropriate.
The idea is on the attached schema belove.
Server has AD.
Server has 2 NICs. Both are configured on the same subnet. (192.168.1.0) with IP addresses manually configured as is on the schema.
NIC 1:
IP:192.168.1.254
MASK: 255.255.255.0
GW: 192.168.1.1
DNS 1: 192.168.1.254
DNS 2: 192.168.1.1
Metric: 10
NIC 2:
IP:192.168.1.154
MASK: 255.255.255.0
GW: no
DNS 1: 192.168.1.154
DNS 2: 192.168.1.1
Metric 100
NIC 1 is connected to router from ISP 2.
NIC 2 is connected to router from ISP 1.
The goal is: All clients should have access to the internet via ISP 2. Some clients have acces also via ISP 1 via VPN. ISP 1 does not provide public static IP address. ISP 1 yes. So only via ISP 1 is possible to access the local network via VPN.
How to configure server to accept VPN connection and route whole traffic from VPN to local and to ISP 2?
Also I have tried 2 subnets (for VPN clients 192.168.2.0, for local clients 192.168.1.0 but no success to setup routing).
Thanks.
This is not how you do this, rather you need a firewall that supports multiple WAN interfaces - examples are Peplink (great if you also want to load balance the ISPs or get increased throughput by leveraging both of them) other examples include the Cisco RVx series, or Zywall USG series.
Then your server can have one IP on the LAN (as it should) and you can use the ACL/Firewall rules to control what goes in/out which ISP.
Does SIP v2.0 permit to have the protocol running over non-standard ports
(not 5060)? I've checked through the specification, but wasn't able to find
an answer. It looks like a port can be negotiated and determined during a
registration phase, but I could not confirm this with RFC.
Yes, port 5060/5061 are just the default ports if no other port is given. RFC3261 also only gives listening to port 5060/5061 as a recommendation;
It is also RECOMMENDED that a server
listen for requests on the default SIP ports (5060 for TCP and UDP,
5061 for TLS over TCP) on all public interfaces.
For example, if you use DNS lookup according to RFC3263, the port is looked up at the same time as the address;
That lookup would return:
;; Priority Weight Port Target
IN SRV 0 1 5060 server1.example.com
IN SRV 0 2 5060 server2.example.com
Well Yes you can use the other ports for sending Sip packets... Port Forwarding is a Hint...