| View previous topic :: View next topic |
| Author |
Message |
bforpc
Guest
|
 Posted: Wed Nov 11, 2015 5:49 Post subject: IP Change does not work |
 |
|
Hi,
m23 has access over an Tunnel to a ubuntu client. If i run on the client
| Code: | cd /tmp; wget http://<serverIP>/work.php -O work.php; sh work.php
|
then the script tells m23 a wrong IP (not the Tunnel ip, but the "eth0" IP) and this does not work from the m23 server.
First i have change it in m23 client settings - but it always want to connect to the client with the real client address.
Then i have change the "work.php" script also, but it doesent work too.
I have try to delete the client and re_add it, run the prepared script again, no chance. m23 will always connect to the "eth0" address.
Also I have remove some temp scripts and configs in m23, also look into the database. But i havent found the right one/place to change it.
bfo |
|
| Back to top |
|
 |
Hauke
Joined: 02 Mar 2003
Posts: 1072
|
| Posted: Wed Nov 11, 2015 21:12 Post subject: |
|
|
Hi,
I'm not really sure what you mean 
What kind (e.g. openVPN with /dev/tunX) of tunnel is it? Is the tunnel software run on the m23 server? What runs on the m23 client?
Could you make a structure diagram (ASCII art will do) of the network from the m23 client to the m23 server?
Maybe the function CLIENT_getClientName in /m23/inc/client.php is what you are searching for. It returns the client name only, if the given m23 ID and its IP are matching. In your case it may be helpful to disable this security feature for the tunnel IP.
_________________
Hauke Goos-Habermann
- project leader m23 (http://m23.sf.net) -
Jabber: dodgerm23@jabber.org
Schulung, Entwicklung und Support zu m23 und anderen OpenSource-Produkten: www.goos-habermann.de
Auch DU kannst etwas gegen Softwarepatente tun! www.patentfrei.de |
|
| Back to top |
|
|
bforpc
Guest
|
| Posted: Thu Nov 12, 2015 6:06 Post subject: |
|
|
Hi,
first the structure:
Intranet -> firewall (openvpn) ->tunnel->external client.
The m23 server stands in the intranet. The intranet has 192.168.0.x Range, the tunnel is 10.10.0.x and the external client has a 192.168.2.x address.
m23 can only connect to the client over the 10.10.0.x address of the client.
But in the Web Gui i see, that it would connect to the client via 192.168.2.x
You say, i can "disable this security feature for the tunnel ip".
How ?
bfo |
|
| Back to top |
|
|
Hauke
Joined: 02 Mar 2003
Posts: 1072
|
| Posted: Thu Nov 12, 2015 10:45 Post subject: |
|
|
Hi,
it seems that you need settings for or to make the packages from the server to the clien gets redirected with the correct destination IP.
I had an example for a similar setup somewhere, but cannot find it now. Maybe I have time later to search more.
To disable the security check, replace
| Code: | | ('127.0.0.1' == $clientIP) || (getServerIP() == $clientIP) |
by
.
_________________
Hauke Goos-Habermann
- project leader m23 (http://m23.sf.net) -
Jabber: dodgerm23@jabber.org
Schulung, Entwicklung und Support zu m23 und anderen OpenSource-Produkten: www.goos-habermann.de
Auch DU kannst etwas gegen Softwarepatente tun! www.patentfrei.de |
|
| Back to top |
|
|
bforpc
Guest
|
| Posted: Thu Nov 12, 2015 12:18 Post subject: |
|
|
Hi,
Thanks for your "solution", but i dont want and can't change our network routing because of the problem of m23 server to use the right ip address.
Also I cant believe, that it dont exist a better solution for this - in my eyes - small m23 problem with the client.
bfo |
|
| Back to top |
|
|
bforpc
Guest
|
| Posted: Thu Nov 12, 2015 12:59 Post subject: |
|
|
Addon:
i have change the entry in the database. After a reboot the connection was working and i was able to update the clinet .... ONE TIME. After taht, m23 will contect the same client at the eth address of it.
Seemingly it has change his database to the old (wrong) values.
bad ... 
bfo |
|
| Back to top |
|
|
bforpc
Guest
|
| Posted: Mon Nov 16, 2015 12:20 Post subject: |
|
|
has nobody a solution?
Bfo |
|
| Back to top |
|
|
Hauke
Joined: 02 Mar 2003
Posts: 1072
|
| Posted: Tue Nov 17, 2015 13:32 Post subject: |
|
|
Hi,
does the client has a dynamic IP?
If yes, the client will send its current IP address to the m23 server. Any changes you made to the m23 DB will be overwritten the next time the client sends its IP.
To change this behaviour (will be undone by the next update of the m23 server software), you can change MSR_curDynIPCommand in /m23/inc/messageReceive.php to
| Code: |
function MSR_curDynIPCommand($return)
{
return('');
}
|
or you add a routing rule on your m23 server (not on your complete network) like:
| Code: | | route add -host [IP of the m23 client as seen by the m23 client] gw [IP of the m23 client as seen by the m23 server] |
_________________
Hauke Goos-Habermann
- project leader m23 (http://m23.sf.net) -
Jabber: dodgerm23@jabber.org
Schulung, Entwicklung und Support zu m23 und anderen OpenSource-Produkten: www.goos-habermann.de
Auch DU kannst etwas gegen Softwarepatente tun! www.patentfrei.de |
|
| Back to top |
|
|
bforpc
Guest
|
| Posted: Mon Nov 23, 2015 10:02 Post subject: |
|
|
Maybe i'm wrong, but i get this error:
| Code: |
root@m23:~# route add -host 192.168.2.2 gw 10.10.0.2
SIOCADDRT: Das Netzwerk ist nicht erreichbar
|
But ping is working:
| Code: |
root@m23:~# ping 10.10.0.2
PING 10.10.0.2 (10.10.0.2) 56(84) bytes of data.
64 bytes from 10.10.0.2: icmp_seq=1 ttl=63 time=43.6 ms
|
bfo[/code] |
|
| Back to top |
|
|
Hauke
Joined: 02 Mar 2003
Posts: 1072
|
| Posted: Tue Nov 24, 2015 8:30 Post subject: |
|
|
What is the output from
| Code: | | traceroute 10.10.0.2 |
?
_________________
Hauke Goos-Habermann
- project leader m23 (http://m23.sf.net) -
Jabber: dodgerm23@jabber.org
Schulung, Entwicklung und Support zu m23 und anderen OpenSource-Produkten: www.goos-habermann.de
Auch DU kannst etwas gegen Softwarepatente tun! www.patentfrei.de |
|
| Back to top |
|
|
bforpc
Guest
|
| Posted: Tue Nov 24, 2015 12:21 Post subject: |
|
|
It looks like it should be:
| Code: |
root@m23:~# traceroute 10.10.0.2
traceroute to 10.10.0.2 (10.10.0.2), 30 hops max, 60 byte packets
1 firewall.xxx.xxx (192.168.0.101) 0.230 ms 0.177 ms 0.116 ms
2 cb (10.10.0.2) 43.644 ms 45.442 ms 47.166 ms
|
bfo |
|
| Back to top |
|
|
Hauke
Joined: 02 Mar 2003
Posts: 1072
|
| Posted: Thu Nov 26, 2015 15:58 Post subject: |
|
|
Only a guess: Maybe the firewall doesn't allow forwarded packages.
_________________
Hauke Goos-Habermann
- project leader m23 (http://m23.sf.net) -
Jabber: dodgerm23@jabber.org
Schulung, Entwicklung und Support zu m23 und anderen OpenSource-Produkten: www.goos-habermann.de
Auch DU kannst etwas gegen Softwarepatente tun! www.patentfrei.de |
|
| Back to top |
|
|
bforpc
Guest
|
| Posted: Fri Nov 27, 2015 8:00 Post subject: |
|
|
hmmm... no.
I use openvpn with ipfire.
Package (ip) forwarding is enabled.
bfo |
|
| Back to top |
|
|
Hauke
Joined: 02 Mar 2003
Posts: 1072
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
