I am planning to ship a "home server" type device to customers, that communicates with their (Android or iPhone) smart phone. The problem is that, depending on their internet service provider, the customer has no outside-reachable IPv4 address (DS-lite tunneling), so the smart phone can't just use an IPv4 DNS record to find the server.
Alternatives I can think of:
Make the server use an IPv6 DynDNS service, and make IPv6 take preference over IPv4 on the smart phone. Since the solution should work without the customer having to sign up for a DynDNS service, I have not found any service that allows me to do that.
Set up my own "directory server", such that the home server registers it's serial number in intervals - so similar like DynDNS, but on the application layer via HTTPS. A client could then simply enter the serial number into the app to find the server. Due to authentication/encryption requirements, this solution is harder to implement than I like.
Any other ideas on how to make a home server reachable? I would really like to avoid running my own "cloud service". Some type of peer to peer network discovery, perhaps?
[UPDATE:] This is what I am essentially looking for:
Home server Relay DynDNS Client
| | | |
|-------- open tunnel to port 80 ----->| | |
|<-success, listening on 192.0.2.1:80 -| | |
| | | |
|----- Register "my.ddns.net" ---------------------->| |
|<------------ "my.ddns.net" is now 192.0.2.1 -------| |
| | | |
| |<- GET http://my.ddns.net -|
|<------- GET http://my.ddns.net ----| | |
|--- HTTP response ------------------->| | |
| |----- HTTP response ------>|
Making connection from the internet to a server in a home is difficult. IPv6 is not available everywhere yet and with IPv4 you don't always have a public address available (with multiple NAT layers or DS-Lite).
The only reliable solution today is to have a publicly reachable server as rendezvous point and let the home box maintain a permanent collection to that server. Mobile devices (which might be behind NAT as well) can then reach the home box through the server or set up STUN/TURN style connectivity.
Thanks to the other responses, I had the starting points to find some existing solutions: ngrok and localtunnel solve the problem by mapping a dedicated subdomain to each Home Server, and dispatching requests based on HTTP(S) GET requests.
The latter is an open source project, and the server, as well as a javascript client are on Github.
Related
We have several servers in our infra for which we are unable to trace the Openstack Project Details.
Is there any way to fetch the associated project ID/ Name details from the VM?
On my cloud:
$ openstack server show ab852bda-978e-4fd0-ba60-f4eebab327d3 -c project_id
+------------+----------------------------------+
| Field | Value |
+------------+----------------------------------+
| project_id | dfe697576058427d96d59bf45433636d |
+------------+----------------------------------+
In VM,
ip a
So, learn ip of VM
(actually, you should be knowing IP, if you are able to connect it..)
Then, in openstack cli, filter according to ip addresses.. This way, you can learn which project it belongs to...
We need to identify all network traffic that a specific Android/iOS app induces. The app is using Firestore in the backend. By default, connections to Firestore always use the domain firestore.googleapis.com instead of a project-specific subdomain (like Cloud Functions do, for example). This way those connections can't be related to a specific app by only examining the outgoing or incoming network traffic of the device.
Is it possible to route the traffic through a proxy or similar to be able to identify connections uniquely?
+-----+ +---------------+ +----------------------------+
| App | ----> | Reverse Proxy | ----> | Firestore |
| | <---- | (mydomain.com)| <---- | (firestore.googleapis.com) |
+-----+ ^ +---------------+ +----------------------------+
|
|
Connections that must be
uniquely identifiable
for a specific app
Is this possible with Firestore (at least, there's a function setHost() in the client SDK) and if so, what drawbacks would it have?
You can try to create a reverse proxy server and install on it the Firebase Emulator. You can then connect to this server from your app. The emulator will receive your requests and redirect them to Firestore. This will give you some flexibility and achieve your use case to some extent. read more about the Firebase Emulator here
In order for my app to work for example, it needs to communicate with 3 different url:port. Lets say:
host1.com:1111
host2.com:1234
host3.com:1234
(Same port for 2 hosts)
What i want is to use a single url, and the route will be betterment by the port:
fathost.com:1111 --> host1.com:1111
fathost.com:2222 --> host2.com:1234
fathost.com:3333 --> host3.com:1234
(Port 2222 is redirected to 1234 on host2,
Port 3333 is redirected to 1234 on host3)
Keep in mind that the app is run on a clients machine, so changing iptables is not possible.
Tried a loadbalancer but it can only return a redirect (status code 302,301) and i need it to transfer the request.
Tried solve it with Dns records (srv), but no luck
Any ideas? (Cloud services also a possible option)
Thanks for the help
UPDATE:
Because the app is run on a clients machine, Im asking the client to allow traffic from all 3 hosts (host1, host2, host3), what I want is to only allow traffic from 1 host fasthost.com (that will probably will have a static ip)
This page from Redislabs, titled: Redis Enterprise: A Secure Database states the following:
Encryption | Data in transit | - Client<>Redis – SSL/TLS
| | - Inter cluster (between cluster’s nodes) – IPSec
| | - Across-cluster – SSL/TLS
It's unclear what Redislabs means when they state IPSec for the encryption of traffic among its own sub-components.
Question
Do they do anything internal to facilitate this or do they expect that customers would set up a secure tunnel using some other product to secure this communications?
Going through this presentation from the VP of Redislabs, titled: Secure Redis deployments for Simplified Compliance - HIPPA, PCI, GDPR | Redis Labs it would seem to be the case that Redis Enterprise does nothing to help secure the in-communications among its own nodes in a cluster.
The product fully expects that customers utilize IPSec technologies such as:
stunnel
spiped
strongswan
iptables
etc.
to encrypt/secure traffic however you deem necessary per your applications usage of Redis.
Redis Enterprise comes with a deployment tool that allows securing inter-node communication using IPSec. As a result, the secured inter-node communication has practically no effect on cluster performance.
Oren
I have just installed Kamailio SIP Server followed instructions on official site. Later I've started the server for listening SIP messages and added "test" user. So now the tutorial is ended up and i have no idea how i can test whether it works correctly or not. I mean if there is some "hello world" simple config to run or how to write simple test and execute in that environment. What I've found in google it's just module and function descriptions. Thanks for any help and "real" examples are vital :)
I assume you have choosen a domain for your sip server (mysipserver.com in the tutorial). I'm also assuming that you have choosen a domain name that you owns.
Step1: check NAPTR & SRV record (optional, but at least SRV is good to have)
In theory, SIP Applications, will do some NAPTR and SRV requests to locate your server for your service. This is described in rfc3263 and means you are supposed to configure your DNS entries to let SIP applications find the IP of your server. Check this page for an example!
Then, you can test NAPTR for your service (replace antisip.com, with your domain name)
~$ host -t NAPTR antisip.com
antisip.com has NAPTR record 0 0 "s" "SIPS+D2T" "" _sips._tcp.antisip.com.
antisip.com has NAPTR record 2 0 "s" "SIP+D2U" "" _sip._udp.antisip.com.
antisip.com has NAPTR record 1 0 "s" "SIP+D2T" "" _sip._tcp.antisip.com.
Then, use one the answers to test the SRV queries:
~$ host -t SRV _sips._tcp.antisip.com.
_sips._tcp.antisip.com has SRV record 0 0 5061 sip.antisip.com.
_sips._tcp.antisip.com has SRV record 0 0 5061 sip2.antisip.com.
In the example above sip.antisip.com and sip2.antisip.com are running the sip services for antisip.com
Step2: Without NAPTR/SRV, at least check DNS
To make it simple, if you have one server, just make sure your domain resolve to your server's IP address:
~$ ping antisip.com
PING antisip.com (91.121.78.130) 56(84) bytes of data.
Note that for me, antisip.com is also the sip.antisip.com server.
Step3: Testing from a windows
The easiest from this point is to test on your favorite desktop OS. This will allow you to start a network capture.
You can download this very simple demo. It's a very basic SIP app, but that's easier for testing: VoipByAntisip.exe for Windows
Install wireshark and start it. Then, start capture and put the "sip" filter. You may also later add the "DNS" filter and the "RTP" filter.
Test UDP, TCP and then TLS:
To test UDP, in settings, configure:
Proxy: mysipserver.com
username: test
password: yourpassword
protocol: UDP
To test TCP, in settings, modify:
protocol: TCP
To test TLS (without certificate verification), in settings, modify:
protocol: TLS
After applying the change, the box on the left of REFRESH button should become green with 200 OK written. If not, UDP doesn't work and either the answer code is written, or a 408 Timeout is provided to indicate no answer.
If you have registered correctly: that means you have received a 200 Ok, then, the "location" table of your kamailio database should contains the new registered user.
Test calls:
Of course, you also need to test calls.
The tutorial doesn't indicate that you need a rtp relay! But usually, if you wish to makes calls between SIP User-Agents, an application relaying RTP, like rtpproxy will need to be installed and configured to work with kamailio on your server. Without the relay, you should be able to call (talk) between two SIP applications running on the same LAN.
In order to test calls, you will need to create a second user (test2?) and configure another PC to use this account. Then, in Voip By Antisip for windows, use the start call box and enter sip:test2#mysipserver.com. The network capture should show an INVITE being sent to your server. This INVITE should be relayed to second user and received by test2 SIP application.
If your SIP server is up and running, then go ahead and use an android phone to test whether it works fine. You can use 'csipsimple' client to connect to a SIP server. For more details checkout this tutorial.
And there are other SIP clients available for various devices PC, Android, iOS, etc.