On Fri, 2012-06-29 at 09:33 -0400, Darryl L. Pierce wrote:
> On Wed, Jun 27, 2012 at 02:45:15PM -0700, Joe Zeff wrote:
> > On 06/27/2012 02:34 PM, Lawrence Graves wrote:
> > >192.168.1.84 israel.risingstar.local
> >
> > That's on a non-routable subnet. Considering that nslookup is a
> > program to query Internet domain name servers, there's no way in the
> > world that they'd know its address.
>
> Not necessarily. If you have a _local_ DNS server then it can resolve a
> hostname on a non-routable IP block.
(Realized I had inadvertently top-posted this reply - sorry! Need more
coffee...)
That's correct. Sorry for jumping in on this thread late. I not only
know Lawrence personally, I also set up the network he is trying to
access. I've just been out of town...
The actual domain name of the internal network in this case is
risingstar.local. He is trying to connect remotely first using the
NetworkManager vpnc client to a VPN gateway (a Cisco ASA5505) that is
configured to provide/refer DNS name resolution services for the
internal domain as a part of the VPN configuration setup. The
risingstar.local domain is added to the domain search list as a part of
connecting to the VPN.
What we are having trouble with is that gnome-rdp simply dies when
trying to connect. Even when successful, the VPN connection appears to
just hang after a few seconds.
Conversely, I can run a Windows 7 virtual machine on the same physical
computer that's having trouble with vpnc/gnome-rdp using VMware
Workstation, with the virtual networking set to NAT mode, and connect to
the VPN from that Windows VM via the Cisco VPN Client for Windows with
no issues at all. Further, Windows Remote Desktop rdp client works
without a hitch. Again, we can resolve host names both via the local
host name (because risingstar.local is one of the VPN provided domain
search names) and the FQDN.
The issue is that the combination of using the vpnc client and gnome-rdp
(or for that matter, any of the available rdp clients on F16/F17) either
do not properly resolve the host name, or they connect briefly and then
hang or crash outright.
This *used* to *not* happen on our Fedora based systems. It *used* to
work perfectly using the exact same vpnc VPN configuration profiles. I
suspect that something got broken when a few vpnc and Gnome-rdp updates
came along, and I also I suspect vpnc is the root cause here.
So, I hope that helps a little more with the situation. We could use a
hand on this from the vpnc and rdp folks on the list...
Cheers,
Chris
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
06-30-2012, 03:06 PM
Ed Greshko
Gnome-rdp (re-post)
On 06/30/2012 10:00 PM, Christopher A. Williams wrote:
> So, I hope that helps a little more with the situation. We could use a
> hand on this from the vpnc and rdp folks on the list...
I looked back on the messages in the thread. I don't think I missed anything....but
this is the first time I can find anything being mentioned about a VPN.
First it sounded as if there was a simple problem with making a Remote Desktop
connection. Then it sounded like either a misunderstanding between how hostnames are
resolved.
I, for one, am confused. I don't know the network topology. I don't know what
"boxes" are involved or IP addresses or anything that would "really" define the
problem.
I'll tell you what I *think* may be the layout.
You have a Cisco VPN Gateway with 2 interfaces. Let's call them "inside" and
"outside".
For argument sake I'll assign the IP addresses for the Cisco as
inside=192.168.0.1
outside=192.168.1.1
You have 2 Linux boxes. One on the outside and one on the inside. The one on the
inside is running the xrdp server....and the client is on the outside.
For argument sake I'll call them IN and OUT with the following IP addresses.
IN=192.168.0.20
OUT=192.168.1.20
First you establish a VPN connection from OUT to the Cisco. Then, you want to use
the Gnome-rdp client or Remmina client to obtain a remote desktop connection.
Is that correct so far? If it is, could you fill in the correct names/IP addresses
involved?
If not, could you correct my understanding of the topology?
Now, assuming the topology is correct......
Without making a RDP attempt.... Can you ping IN from OUT using the hostname? IP
address? Can you ssh to IN from OUT using the hostname? IP address?
--
Never be afraid to laugh at yourself, after all, you could be missing out on the joke
of the century. -- Dame Edna Everage
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
07-01-2012, 01:58 PM
"Christopher A. Williams"
Gnome-rdp (re-post)
On Sat, 2012-06-30 at 23:06 +0800, Ed Greshko wrote:
> On 06/30/2012 10:00 PM, Christopher A. Williams wrote:
> > So, I hope that helps a little more with the situation. We could use a
> > hand on this from the vpnc and rdp folks on the list...
>
> I looked back on the messages in the thread. I don't think I missed anything....but
> this is the first time I can find anything being mentioned about a VPN.
I missed the first part of the thread, so I don't know if it was
mentioned or not. But, yes, there is a VPN. I'll be in the building
later today, so I'll also be able to test this from the inside network,
taking the VPN piece out of the picture. I'll get back to you with more
on that.
> First it sounded as if there was a simple problem with making a Remote Desktop
> connection. Then it sounded like either a misunderstanding between how hostnames are
> resolved.
>
> I, for one, am confused. I don't know the network topology. I don't know what
> "boxes" are involved or IP addresses or anything that would "really" define the
> problem.
>
> I'll tell you what I *think* may be the layout.
>
> You have a Cisco VPN Gateway with 2 interfaces. Let's call them "inside" and
> "outside".
> For argument sake I'll assign the IP addresses for the Cisco as
> inside=192.168.0.1
> outside=192.168.1.1
...Not exactly the IP address ranges used, but for argument's sake the
basic part here is correct.
> You have 2 Linux boxes. One on the outside and one on the inside. The one on the
> inside is running the xrdp server....and the client is on the outside.
>
> For argument sake I'll call them IN and OUT with the following IP addresses.
> IN=192.168.0.20
> OUT=192.168.1.20
Again, pretty close. Actually the box (actually, there are several) are
running Windows Server 2008 and have the standard Windows RDP server
(Windows Terminal Services) running for remote administration purposes.
All of these boxes are actually VMs running in a VMware vSphere based
virtual environment (not necessary to the conversation, but so you have
the full picture).
> First you establish a VPN connection from OUT to the Cisco. Then, you want to use
> the Gnome-rdp client or Remmina client to obtain a remote desktop connection.
>
> Is that correct so far? If it is, could you fill in the correct names/IP addresses
> involved?
> If not, could you correct my understanding of the topology?
Correct, with exceptions noted as above...
> Now, assuming the topology is correct......
>
> Without making a RDP attempt.... Can you ping IN from OUT using the hostname? IP
> address? Can you ssh to IN from OUT using the hostname? IP address?
Here's where the answer is a little more complicated:
When using a Windows system with the Cisco VPN client, the answer across
the board is yes. We can ping, use Remote Desktop, and use all Web
services on the inside network. We can also use the VI Client from
VMware to remotely administer the system and all additional feature
work.
When using the vpnc client and Network Manager, the answers are
different. We are able to ping (at least to allowed systems), and we can
use Web based network services. However Gnome-RDP and Reminna fail as
noted earlier. Host names are not resolved by either client, and both
are unable to connect and maintain RDP sessions.
That's why I'm certain there is nothing wrong with the VPN
configuration. The reason I suspect there couls be something amiss with
Network Manager / vpnc is that the VPN connection with these does error
out and drop with a frequency that's best described as frustrating. I'm
also pretty suspicious that something with RDP is also gone awry.
Hope that makes sense!
Chris
--
Christopher A. Williams <chriswfedora@cawllc.com>
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
07-01-2012, 02:56 PM
Ed Greshko
Gnome-rdp (re-post)
On 07/01/2012 09:58 PM, Christopher A. Williams wrote:
Look forward to hearing how your test without the VPN work out....
>> You have a Cisco VPN Gateway with 2 interfaces. Let's call them "inside" and
>> "outside".
>> For argument sake I'll assign the IP addresses for the Cisco as
>> inside=192.168.0.1
>> outside=192.168.1.1
> ...Not exactly the IP address ranges used, but for argument's sake the
> basic part here is correct.
OK. I didn't expect to be able to guess the IP's in use. :-) :-)
>> You have 2 Linux boxes. One on the outside and one on the inside. The one on the
>> inside is running the xrdp server....and the client is on the outside.
>>
>> For argument sake I'll call them IN and OUT with the following IP addresses.
>> IN=192.168.0.20
>> OUT=192.168.1.20
> Again, pretty close. Actually the box (actually, there are several) are
> running Windows Server 2008 and have the standard Windows RDP server
> (Windows Terminal Services) running for remote administration purposes.
> All of these boxes are actually VMs running in a VMware vSphere based
> virtual environment (not necessary to the conversation, but so you have
> the full picture).
OK. The client side that fails in Linux. The server sides are Windows Server.
>
>> Now, assuming the topology is correct......
>>
>> Without making a RDP attempt.... Can you ping IN from OUT using the hostname? IP
>> address? Can you ssh to IN from OUT using the hostname? IP address?
> Here's where the answer is a little more complicated:
>
> When using a Windows system with the Cisco VPN client, the answer across
> the board is yes. We can ping, use Remote Desktop, and use all Web
> services on the inside network. We can also use the VI Client from
> VMware to remotely administer the system and all additional feature
> work.
>
> When using the vpnc client and Network Manager, the answers are
> different. We are able to ping (at least to allowed systems), and we can
> use Web based network services. However Gnome-RDP and Reminna fail as
> noted earlier. Host names are not resolved by either client, and both
> are unable to connect and maintain RDP sessions.
OK.... When you say the ping works from the Linux system you are using the IP
address, right? I say that since you say the "hostnames are not resolved". Are you
expecting the hostnames to be resolved via DNS? Are they actually registered in the
DNS...or only in the hosts file?
I ask this since applications will normally resolve hostnames based on the
configuration in /etc/nsswitch.conf. But, the DNS tools like dig and nslookup ignore
nsswitch.conf and go directly to DNS.
My nsswitch.conf contains....
hosts: files dns
and my /etc/hosts file has a line
192.168.0.18 nickel nickel.greshko.com
But nickel is not in the DNS.....
So....
[egreshko@meimei ~]$ ping nickel
PING nickel (192.168.0.18) 56(84) bytes of data.
64 bytes from nickel (192.168.0.18): icmp_req=1 ttl=64 time=0.024 ms
64 bytes from nickel (192.168.0.18): icmp_req=2 ttl=64 time=0.033 ms
works.... But....
[egreshko@meimei ~]$ host nickle
Host nickle not found: 3(NXDOMAIN)
fails.... All as expected.
>
> That's why I'm certain there is nothing wrong with the VPN
> configuration. The reason I suspect there couls be something amiss with
> Network Manager / vpnc is that the VPN connection with these does error
> out and drop with a frequency that's best described as frustrating. I'm
> also pretty suspicious that something with RDP is also gone awry.
>
The thing about VPN's and DNS is that in many cases the /etc/resolv.conf should be
altered by the action of connecting the VPN so "internal" servers are used as opposed
to "external" servers since the "internal" servers would contain "private" DNS
information.
I use OpenVPN... Prior to connecting the VPN the resolv.conf contains....
# Generated by NetworkManager
search greshko.com
nameserver 192.168.0.55
I'm not familiar with vpnc .... but I would expect this to be the same.
When it comes to rdp....the other test that I suggested it to "telnet" from the
client to the server rdp port to see if a connection is made.
telnet WinServerIP 3389
Should make a connection assuming the server side is using the standard port.
--
Never be afraid to laugh at yourself, after all, you could be missing out on the joke
of the century. -- Dame Edna Everage
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
07-01-2012, 02:58 PM
Ed Greshko
Gnome-rdp (re-post)
On 07/01/2012 10:56 PM, Ed Greshko wrote:
> When you say the ping works from the Linux system you are using the IP
> address, right?
That was a dumb thing for me to say since I showed you could use the hostname if you
have it in the hosts file.....
Sue me.... It is late here in Taiwan. :-) :-)
--
Never be afraid to laugh at yourself, after all, you could be missing out on the joke
of the century. -- Dame Edna Everage
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
07-01-2012, 09:43 PM
"Christopher A. Williams"
Gnome-rdp (re-post)
On Sun, 2012-07-01 at 22:56 +0800, Ed Greshko wrote:
> On 07/01/2012 09:58 PM, Christopher A. Williams wrote:
>
> Look forward to hearing how your test without the VPN work out....
OK - I was able to test inside the building today. Using my Linux (F17)
laptop, and getting a DHCP assigned IP address. Ping works to all hosts
normally, and I am also able to resolve all DNS host names as expected.
RDP sessions still fail however. They either connect and hang after a
few seconds, or they simply don't connect at all. It's exactly the same
symptoms as when connected via the VPN. Clearly, there's some sort of
issue with both gnome-rdp and Reminna.
> OK.... When you say the ping works from the Linux system you are using the IP
> address, right? I say that since you say the "hostnames are not resolved". Are you
> expecting the hostnames to be resolved via DNS? Are they actually registered in the
> DNS...or only in the hosts file?
>
> I ask this since applications will normally resolve hostnames based on the
> configuration in /etc/nsswitch.conf. But, the DNS tools like dig and nslookup ignore
> nsswitch.conf and go directly to DNS.
>
> My nsswitch.conf contains....
>
> hosts: files dns
>
> and my /etc/hosts file has a line
>
> 192.168.0.18 nickel nickel.greshko.com
>
> But nickel is not in the DNS.....
So, in this case, my nsswitch.conf has files, dns as its entry (which is
the default).
We're not using local host files for name resolution. Too much work when
you have a valid DNS server already handling that for you. I generally
only modify /etc/hosts as a last resort.
So I think there actually are probably two issues here - one with
Network Manager / vpnc, and the other with RDP sessions in general.
Again, my Windows clients - both physical systems and VMs - are working
just fine from both inside the building and via the VPN. It's
specifically Network Manager and gnome-rdp / Reminna that are having
issues.
Hope that helps a little more!
Chris
--
Christopher A. Williams <chriswfedora@cawllc.com>
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
07-01-2012, 09:46 PM
"Christopher A. Williams"
Gnome-rdp (re-post)
On Sun, 2012-07-01 at 22:58 +0800, Ed Greshko wrote:
> On 07/01/2012 10:56 PM, Ed Greshko wrote:
> > When you say the ping works from the Linux system you are using the IP
> > address, right?
>
> That was a dumb thing for me to say since I showed you could use the hostname if you
> have it in the hosts file.....
>
> Sue me.... It is late here in Taiwan. :-) :-)
I feel your pain. :-)
It's why, when I'm at a restaurant, I usually tell the waiter with the
coffee to just start an IV...
Chris
--
Christopher A. Williams <chriswfedora@cawllc.com>
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
07-01-2012, 10:02 PM
Joe Zeff
Gnome-rdp (re-post)
On 07/01/2012 02:43 PM, Christopher A. Williams wrote:
It's
specifically Network Manager and gnome-rdp / Reminna that are having
issues.
Do you need NM running, or can you turn it off and use the older network
service? My experience with NM has been that unless I need WiFi, I'm
better off without it. Even if you normally need it, try using network
instead on one box and see if it makes a difference.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
07-02-2012, 02:08 AM
Ed Greshko
Gnome-rdp (re-post)
On 07/02/2012 05:43 AM, Christopher A. Williams wrote:
> On Sun, 2012-07-01 at 22:56 +0800, Ed Greshko wrote:
>> On 07/01/2012 09:58 PM, Christopher A. Williams wrote:
>>
>> Look forward to hearing how your test without the VPN work out....
> OK - I was able to test inside the building today. Using my Linux (F17)
> laptop, and getting a DHCP assigned IP address. Ping works to all hosts
> normally, and I am also able to resolve all DNS host names as expected.
I hope you recorded what was in your /etc/resolv.conf at that time. Frankly, it is
much easier to lend assistance if actual information is given as opposed to words.
For example..... It really would be beneficial if you'd show something like this....
[egreshko@meimei ~]$ host meimei
meimei.greshko.com has address 192.168.0.18 (This is my F16 box)
[egreshko@meimei ~]$ host winserv
winserv.greshko.com has address 192.168.0.186 (This is my Win2003 server box)
[egreshko@meimei ~]$ ping winserv
PING winserv.greshko.com (192.168.0.186) 56(84) bytes of data.
64 bytes from winserv.greshko.com (192.168.0.186): icmp_req=1 ttl=128 time=0.394 ms
[egreshko@meimei ~]$ telnet winserv 3389
Trying 192.168.0.186...
Connected to winserv.
Escape character is '^]'.
So, you can see all of my hosts are resolvable via DNS. I can ping winserv from
meimei using the hostname. I can telnet to the winserv on port 3389
I can also tell you that I have installed Window 2003 Server and added the role of
"Terminal Server". The Windows 2003 is running in a Virtual Box VM with the VM
network adapter *Bridged* to the network adapter of meimei (F16).
I used Remmina on meimei and very successfully connected to winserv and got a remote
desktop. No problems at all.
>
> RDP sessions still fail however. They either connect and hang after a
> few seconds, or they simply don't connect at all. It's exactly the same
> symptoms as when connected via the VPN. Clearly, there's some sort of
> issue with both gnome-rdp and Reminna.
Unfortunately, I don't have a Window 2008 server at the moment that I could try.
However, I don't think there would be much difference between 2003 and 2008. So, I
would not jump to any conclusion at the moment.
>
>> OK.... When you say the ping works from the Linux system you are using the IP
>> address, right? I say that since you say the "hostnames are not resolved". Are you
>> expecting the hostnames to be resolved via DNS? Are they actually registered in the
>> DNS...or only in the hosts file?
>>
>> I ask this since applications will normally resolve hostnames based on the
>> configuration in /etc/nsswitch.conf. But, the DNS tools like dig and nslookup ignore
>> nsswitch.conf and go directly to DNS.
>>
>> My nsswitch.conf contains....
>>
>> hosts: files dns
>>
>> and my /etc/hosts file has a line
>>
>> 192.168.0.18 nickel nickel.greshko.com
>>
>> But nickel is not in the DNS.....
> So, in this case, my nsswitch.conf has files, dns as its entry (which is
> the default).
>
> We're not using local host files for name resolution. Too much work when
> you have a valid DNS server already handling that for you. I generally
> only modify /etc/hosts as a last resort.
>
> So I think there actually are probably two issues here - one with
> Network Manager / vpnc, and the other with RDP sessions in general.
> Again, my Windows clients - both physical systems and VMs - are working
> just fine from both inside the building and via the VPN. It's
> specifically Network Manager and gnome-rdp / Reminna that are having
> issues.
>
> Hope that helps a little more!
I feel this problem should be worked "locally" first without needed to create a VPN
connection. Better to reduce the number of potential blocks.
In the mean time, I'm going to try and get a Win2008 server up....if I can get the
software.
But, at the moment, I cannot duplicate your problem. It "works for me". It seems to
me, also, that you have 2 issues. DNS resolution when connected via VPN and Remote
Desktop Connection.
--
Never be afraid to laugh at yourself, after all, you could be missing out on the joke
of the century. -- Dame Edna Everage
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
07-02-2012, 05:15 AM
Ed Greshko
Gnome-rdp (re-post)
On 07/02/2012 10:08 AM, Ed Greshko wrote:
> I can also tell you that I have installed Window 2003 Server and added the role of
> "Terminal Server". The Windows 2003 is running in a Virtual Box VM with the VM
> network adapter *Bridged* to the network adapter of meimei (F16).
OK.... I have installed Windows 2008 Server in a VM. I simply did an "Enable
Remote Desktop" from the "Initial Configuration Tasks". I didn't "Add roles" since
that seemed not necessary according to the prompts when I started doing that.
I only used IP addresses since I didn't want to put that system in my DNS.
192.168.0.184 is the IP address it was assigned via DHCP.
[egreshko@meimei ~]$ telnet 192.168.0.184 3389
Trying 192.168.0.184...
Connected to 192.168.0.184.
Escape character is '^]'.
I then used Remmina on my F16 box (meimei) to connect. Everything worked 100%.
So, to me, that confirms a configuration issue at your end.
--
Never be afraid to laugh at yourself, after all, you could be missing out on the joke
of the century. -- Dame Edna Everage
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
Gnome-rdp (re-post)
