unixwiz

28 Jan

Tonight Justin and I started testing the SunRay’s at home with out a VPN. I never got a good response back from Linksys. (In fact they responded to my question with something that was not even related to my question. They tried to say you could not have two routers connected together. Now some this just made me laugh more than anything. Do they assume that there is only one router in the world?) Anyways, I scraped the idea of using the Cisco 831 routers instead I am going the route of exploiting the new features in version 3.1. So I created my 2 dns entries of “sunray-config-servers” and “sunray-servers” and then configured my local LinkSys router to hand off the proper domain name to the SunRay. Once that was done I made sure that the IP’s from our home cable modems where opened completely to the SunRay server so that nothing would block us. We then plugged in the SunRay’s and up popped the Solaris 10 login screen (after we put our Java Cards in, before we did that the screen shows the 26B code.)

So everything seems to work ok, with the exception of using removable media (probably a port issue that I have not worked with yet. So next up was to tighten the security on the server, with ipfilter. Currently this is what is in the ipf.conf for the sunray servers:

#SunRay Services
pass in quick on ge0 proto tcp from any to any port = 7007 flags S keep state
pass in quick on ge0 proto tcp from any to any port = 7008 flags S keep state
pass in quick on ge0 proto tcp from any to any port = 7009 flags S keep state
pass in quick on ge0 proto udp from any to any port = 7009 flags S keep state
pass in quick on ge0 proto tcp from any to any port = 7010 flags S keep state
pass in quick on ge0 proto tcp from any to any port = 7011 flags S keep state
pass in quick on ge0 proto tcp from any to any port = 7012 flags S keep state
pass in quick on ge0 proto tcp from any to any port = 7013 flags S keep state
pass in quick on ge0 proto udp from any to any port = 7013 flags S keep state
pass in quick on ge0 proto udp from any to any port 40000 >< 42000 flags S keep state
pass out quick on ge0 all keep state
block in log on ge0 all

What is intresting

 # /opt/SUNWut/sbin/utcapture -r # TERMINALID LocalSunRay1 20060127212032 RemoteRay001 20060127212032 LocalSunRay1 20060127212047 RemoteRay001 20060127212047 LocalSunRay1 20060127212102 RemoteRay001 20060127212102 LocalSunRay1 20060127212117 RemoteRay001 20060127212117 LocalSunRay1 20060127212132 RemoteRay001 20060127212132 LocalSunRay1 20060127212147 RemoteRay001 20060127212147 LocalSunRay1 20060127212202 RemoteRay001 20060127212202 LocalSunRay1 20060127212217 LocalSunRay1 20060127212232 RemoteRay001 20060127212232 LocalSunRay1 20060127212247 RemoteRay001 20060127212247 LocalSunRay1 20060127212302 RemoteRay001 20060127212302 LocalSunRay1 20060127212317 RemoteRay001 20060127212317 LocalSunRay1 20060127212332 RemoteRay001 20060127212332 LocalSunRay1 20060127212347 RemoteRay001 20060127212347 LocalSunRay1 20060127212402 RemoteRay001 20060127212402 LocalSunRay1 20060127212417 RemoteRay001 20060127212417 LocalSunRay1 20060127212432 RemoteRay001 20060127212432 LocalSunRay1 20060127212447 RemoteRay001 20060127212447 LocalSunRay1 20060127212502 RemoteRay001 20060127212502 LocalSunRay1 20060127212517 RemoteRay001 20060127212517 LocalSunRay1 20060127212532 RemoteRay001 20060127212532 LocalSunRay1 20060127212547 RemoteRay001 20060127212547 LocalSunRay1 20060127212602 RemoteRay001 20060127212602 LocalSunRay1 20060127212617 RemoteRay001 20060127212617 RemoteRay002 20060127212617 LocalSunRay1 20060127212632 RemoteRay001 20060127212632 RemoteRay002 20060127212632 LocalSunRay1 20060127212647 RemoteRay001 20060127212647 RemoteRay002 20060127212647 LocalSunRay1 20060127212702 RemoteRay001 20060127212702 RemoteRay002 20060127212702 LocalSunRay1 20060127212717 RemoteRay001 20060127212717 RemoteRay002 20060127212717 LocalSunRay1 20060127212732 RemoteRay001 20060127212732 RemoteRay002 20060127212732 LocalSunRay1 20060127212747 RemoteRay001 20060127212747 RemoteRay002 20060127212747 LocalSunRay1 20060127212802 RemoteRay001 20060127212802 RemoteRay002 20060127212802 LocalSunRay1 20060127212817 RemoteRay001 20060127212817 RemoteRay002 20060127212817 LocalSunRay1 20060127212832 RemoteRay001 20060127212832 RemoteRay002 20060127212832 LocalSunRay1 20060127212847 RemoteRay001 20060127212847 RemoteRay002 20060127212847 LocalSunRay1 20060127212902 RemoteRay001 20060127212902 RemoteRay002 20060127212902 LocalSunRay1 20060127212917 RemoteRay001 20060127212917 RemoteRay002 20060127212917 LocalSunRay1 20060127212932 RemoteRay001 20060127212932 RemoteRay002 20060127212932 LocalSunRay1 20060127212947 RemoteRay001 20060127212947 RemoteRay002 20060127212947 LocalSunRay1 20060127213002 RemoteRay001 20060127213002 RemoteRay002 20060127213002 LocalSunRay1 20060127213017 RemoteRay001 20060127213017 RemoteRay002 20060127213017 LocalSunRay1 20060127213032 RemoteRay001 20060127213032 RemoteRay002 20060127213032 LocalSunRay1 20060127213048 RemoteRay001 20060127213048 RemoteRay002 20060127213048 LocalSunRay1 20060127213103 RemoteRay001 20060127213103 RemoteRay002 20060127213103 LocalSunRay1 20060127213118 RemoteRay001 20060127213118 RemoteRay002 20060127213118 LocalSunRay1 20060127213133 RemoteRay001 20060127213133 RemoteRay002 20060127213133 LocalSunRay1 20060127213148 RemoteRay001 20060127213148 RemoteRay002 20060127213148 LocalSunRay1 20060127213203 RemoteRay001 20060127213203 RemoteRay002 20060127213203 LocalSunRay1 20060127213218 RemoteRay001 20060127213218 RemoteRay002 20060127213218 LocalSunRay1 20060127213233 RemoteRay001 20060127213233 RemoteRay002 20060127213233 LocalSunRay1 20060127213248 RemoteRay002 20060127213248 LocalSunRay1 20060127213303 RemoteRay001 20060127213303 RemoteRay002 20060127213303 LocalSunRay1 20060127213318 RemoteRay001 20060127213318 RemoteRay002 20060127213318 LocalSunRay1 20060127213333 RemoteRay001 20060127213333 RemoteRay002 20060127213333 LocalSunRay1 20060127213348 RemoteRay001 20060127213348 RemoteRay002 20060127213348 LocalSunRay1 20060127213403 RemoteRay001 20060127213403 RemoteRay002 20060127213403 LocalSunRay1 20060127213418 RemoteRay001 20060127213418 RemoteRay002 20060127213418 LocalSunRay1 20060127213433 RemoteRay001 20060127213433 RemoteRay002 20060127213433 LocalSunRay1 20060127213448 RemoteRay001 20060127213448 RemoteRay002 20060127213448 LocalSunRay1 20060127213503 RemoteRay001 20060127213503 RemoteRay002 20060127213503 LocalSunRay1 20060127213518 RemoteRay002 20060127213518 LocalSunRay1 20060127213533 RemoteRay001 20060127213533 RemoteRay002 20060127213533 LocalSunRay1 20060127213548 RemoteRay001 20060127213548 RemoteRay002 20060127213548 LocalSunRay1 20060127213603 RemoteRay001 20060127213603 RemoteRay002 20060127213603 LocalSunRay1 20060127213618 RemoteRay001 20060127213618 RemoteRay002 20060127213618 LocalSunRay1 20060127213633 RemoteRay002 20060127213633 LocalSunRay1 20060127213648 RemoteRay001 20060127213648 RemoteRay002 20060127213648 LocalSunRay1 20060127213703 RemoteRay001 20060127213703 RemoteRay002 20060127213703 LocalSunRay1 20060127213718 RemoteRay001 20060127213718 RemoteRay002 20060127213718 LocalSunRay1 20060127213733 RemoteRay001 20060127213733 RemoteRay002 20060127213733 LocalSunRay1 20060127213748 RemoteRay001 20060127213748 RemoteRay002 20060127213748 LocalSunRay1 20060127213803 RemoteRay001 20060127213803 RemoteRay002 20060127213803 LocalSunRay1 20060127213818 RemoteRay001 20060127213818 RemoteRay002 20060127213818 LocalSunRay1 20060127213833 RemoteRay001 20060127213833 RemoteRay002 20060127213833 LocalSunRay1 20060127213848 RemoteRay001 20060127213848 RemoteRay002 20060127213848 LocalSunRay1 20060127213903 RemoteRay001 20060127213903 RemoteRay002 20060127213903 LocalSunRay1 20060127213918 RemoteRay001 20060127213918 RemoteRay002 20060127213918

So here is a list is I ran a utcapture while we were using the sunrays and here is the output (over a couple minute period). There are two remote sunrays (Mine and Justin’s) and one local to the server. Overall we were experiencing around a 60 ms latency on our remote ones. But we were able to do work and it appears almost the same as being at the office. The only time there were real lag problems was when we tried to stream an MP3 while we were doing work with StarOffice and Firefox.
TIMESTAMP TOTAL PACKET TOTAL LOSS BYTES SENT PERCENT LOSS LATENCY 415630 1 55007774 0.000 3.099 293 2 177202 0.000 60.321 415640 1 55008674 0.000 5.685 2275 106 2605968 5.247 60.759 415650 1 55009574 0.000 2.867 2275 106 2605968 0.000 60.759 415660 1 55010474 0.000 3.008 3726 318 4246494 14.611 162.577 415669 1 55011284 0.000 2.911 7744 492 8446402 4.331 60.114 415669 1 55011284 0.000 2.911 7744 492 8446402 0.000 60.114 415679 1 55012184 0.000 3.252 8544 492 9319590 0.000 65.008 415689 1 55013084 0.000 2.661 415699 1 55013984 0.000 3.202 150 0 55268 0.000 65.251 415699 1 55013984 0.000 3.202 150 0 55268 0.000 65.251 415708 1 55014794 0.000 8.556 384 0 183444 0.000 211.021 415718 1 55015694 0.000 3.084 519 0 240422 0.000 70.828 415728 1 55016594 0.000 2.895 703 0 325290 0.000 66.071 415728 1 55016594 0.000 2.895 703 0 325290 0.000 66.071 415737 1 55017404 0.000 2.925 917 1 426688 0.467 60.672 415747 1 55018304 0.000 2.729 1115 3 498688 1.010 66.997 415757 1 55019204 0.000 2.849 1303 4 543746 0.532 61.344 415757 1 55019204 0.000 2.849 1303 4 543746 0.000 61.344 415767 1 55020104 0.000 2.581 1495 7 582708 1.562 1559.543 415776 1 55020914 0.000 2.641 1656 9 613218 1.242 60.368 415786 1 55021814 0.000 2.763 1826 13 644554 2.353 66.937 415786 1 55021814 0.000 2.763 1826 13 644554 0.000 66.937 415796 1 55022714 0.000 2.566 1978 13 672190 0.000 61.018 415806 1 55023614 0.000 2.521 2145 17 702136 2.395 64.240 0 0 0 0.000 -1.000 415815 1 55024424 0.000 2.967 2299 19 733300 1.299 63.950 198 0 118228 0.000 17245.461 415815 1 55024424 0.000 2.967 2299 19 733300 0.000 63.950 198 0 118228 0.000 17245.461 415825 1 55025324 0.000 3.460 2453 19 764404 0.000 60.885 461 2 297160 0.760 55.686 415835 1 55026224 0.000 2.547 2643 21 808484 1.053 74.242 499 2 300908 0.000 56.162 415845 1 55027124 0.000 2.839 2810 22 843784 0.599 63.110 1100 3 933680 0.166 56.513 415845 1 55027124 0.000 2.839 2810 22 843784 0.000 63.110 1100 3 933680 0.000 56.513 415854 1 55027934 0.000 3.203 2982 22 883504 0.000 60.873 1297 7 1034476 2.030 57.056 415864 1 55028834 0.000 3.114 3149 22 918342 0.000 1560.664 1756 8 1416534 0.218 82.559 415874 1 55029734 0.000 2.977 3321 22 958594 0.000 61.332 3566 16 3439790 0.442 56.387 415874 1 55029734 0.000 2.977 3321 22 958594 0.000 61.332 3566 16 3439790 0.000 56.387 415883 1 55030544 0.000 2.904 3488 24 993352 1.198 63.419 5383 42 5450500 1.431 58.693 415893 1 55031444 0.000 2.657 3663 26 1048334 1.143 60.049 7202 55 7473348 0.715 57.001 415903 1 55032344 0.000 3.127 3835 28 1085246 1.163 61.622 9021 76 9486720 1.154 55.797 415913 1 55033244 0.000 2.933 3835 28 1085246 0.000 61.622 9021 76 9486720 0.000 55.797 415913 1 55033244 0.000 2.933 4001 30 1120086 1.205 59.759 10834 97 11499864 1.158 55.693 415922 1 55034054 0.000 3.072 4223 31 1217756 0.450 1561.235 12638 105 13513512 0.443 54.271 415932 1 55034954 0.000 2.956 4913 34 1799792 0.435 62.053 14467 129 15540674 1.312 88.139 415942 1 55035854 0.000 2.973 4913 34 1799792 0.000 62.053 14467 129 15540674 0.000 88.139 415942 1 55035854 0.000 2.973 6788 56 3829206 1.173 58.612 16277 148 17545888 1.050 56.562 415952 1 55036754 0.000 3.060 8296 60 5308802 0.265 63.716 18095 162 19567348 0.770 55.829 415961 1 55037564 0.000 3.786 10221 80 7349944 1.039 61.901 19908 182 21580534 1.103 53.680 415971 1 55038464 0.000 2.939 10221 80 7349944 0.000 61.901 19908 182 21580534 0.000 53.680 415971 1 55038464 0.000 2.939 12141 104 9385032 1.250 69.672 21725 182 23618124 0.000 56.509 415981 1 55039364 0.000 2.980 13819 112 11132928 0.477 61.087 23680 199 25789016 0.870 1555.052 415990 1 55040174 0.000 3.145 13819 112 11132928 0.000 61.087 25499 216 27809010 0.935 58.646 416000 1 55041074 0.000 2.945 25499 216 27809010 0.000 58.646 416000 1 55041074 0.000 2.945 428 7 185414 1.299 61.538 27241 224 29755664 0.459 56.809 416010 1 55041974 0.000 2.901 581 7 214456 0.000 63.445 28494 239 31110796 1.197 55.366 416020 1 55042874 0.000 3.279 581 7 214456 0.000 63.445 28532 239 31113428 0.000 56.449 416029 1 55043684 0.000 3.189 738 9 242934 1.274 61.834 28532 239 31113428 0.000 56.449 416029 1 55043684 0.000 3.189 890 12 270336 1.974 59.571 28581 239 31123886 0.000 54.903 416039 1 55044584 0.000 2.930 1046 12 299380 0.000 61.425 28631 239 31143414 0.000 56.714 416049 1 55045484 0.000 2.865 1046 12 299380 0.000 61.425 28678 239 31157692 0.000 58.201 416059 1 55046384 0.000 2.968 1046 12 299380 0.000 61.425 28678 239 31157692 0.000 58.201 416059 1 55046384 0.000 2.968 1046 12 299380 0.000 61.425 28720 239 31165836 0.000 68.539 416068 1 55047194 0.000 3.244 28775 242 31178372 5.455 56.119 416078 1 55048094 0.000 2.819 0 0 0 0.000 -1.000 28826 243 31194000 1.961 56.887 416088 1 55048994 0.000 3.251 222 1 126958 0.450 16443.648 28826 243 31194000 0.000 56.887 416088 1 55048994 0.000 3.251 372 1 156198 0.000 60.601 28875 243 31208638 0.000 85.348 416098 1 55049894 0.000 7.079 372 1 156198 0.000 60.601 28926 243 31220128 0.000 57.287 416107 1 55050704 0.000 2.721 28963 243 31222670 0.000 53.920 416117 1 55051604 0.000 4.412 374 0 375244 0.000 -1.000 28963 243 31222670 0.000 53.920 416127 1 55052504 0.000 2.919 526 1 426594 0.658 61.767 29013 243 31238130 0.000 73.850 416127 1 55052504 0.000 2.919 526 1 426594 0.000 61.767 29054 243 31246176 0.000 56.418 416137 1 55053404 0.000 2.681 680 1 478966 0.000 59.486 29104 243 31261636 0.000 55.011 416146 1 55054214 0.000 2.694 830 3 529146 1.333 65.108 29144 243 31274764 0.000 55.642 416156 1 55055114 0.000 2.997 984 7 577674 2.597 61.091 29144 243 31274764 0.000 55.642 416156 1 55055114 0.000 2.997 984 7 577674 0.000 61.091 29190 243 31293372 0.000 59.216 416166 1 55056014 0.000 2.561 1149 7 635536 0.000 1674.703 29232 245 31306500 4.762 54.096 416176 1 55056914 0.000 2.480 1304 7 686134 0.000 62.842 29262 245 31309400 0.000 54.375 416185 1 55057724 0.000 2.430 1456 8 738924 0.658 61.507 29262 245 31309400 0.000 54.375 416185 1 55057724 0.000 2.430 1456 8 738924 0.000 61.507 29443 249 31433822 2.210 56.026 of hardware we have tried this setup with and it appears to work (except for the removeable media):

LinkSys WRT54G v3 Wireless/Router
dlink d-524 router
SunRay 150’s

So Since this works with just normal cheap hardware from your local computer store, we will be ordering 8 SunRay 170’s to give to the other staff to take home.

Here is also a picture of the test setup we did tonight:

SunRay Diagram

So now we are one step closer to maybe being able to work from home for part of the week.

Technorati Tags: SunRay, WanRay, Solaris

Posted by unixwiz, filed under Solaris, Sun, Sun Ray, VPN. Date: January 28, 2006, 12:04 am | No Comments »

24 Jan

SunRay VPN Troubles

Well it seems that there is something in the LinkSys routers that is stoping the Cisco IPSec VPN Traffic. I spent 2 hours on the phone this evening with Cisco trying to figure out what was wrong. The weird part is the Tunnel will establish, but the SunRay never really connects (when I have it configured as below). But as soon as I remove the Linksys router it works fine. I have gotten it some how to sort of work, but the screen is not painted correctly which usually means a MTU problem, but I have dropped the MTU all the way down to 1000 and it still does not work. So I sent a ticket to Linksys to see if they know what is wrong, and I will try sniffing the sunray traffic tomorrow night. Any one ever seen this? I really need it to work with the Linksys router in there as these devices (Cisco 831 + SunRay) will be put at other people’s house on their own network behind what ever router they happen to have (and most of them have the Linksys one).

Technorati Tags: SunRay, VPN, WanRay
SunRay VPN test setup at home

Posted by unixwiz, filed under Sun Ray, VPN. Date: January 24, 2006, 11:47 pm | 1 Comment »

17 Jan

Cisco’s NAT-T broke?

Well before I tried my VPN stuff over the Internet, I set up a little fake internet in my house. It seems that for whatever reason the Cisco 831’s are not using NAT-T (NAT with Transperency). See if you are going to be running an IPSec tunnel you can’t have it behind a NAT because the NAT corrupts the IP headers and therefore the VPN server does not like it. But the Cisco 831’s are supposed to be able to detect if their is a NAT between the client and the server and if there is one, it changes how the IPSec is handled so that it works from behind the NAT. But right now the only thing I get is that the client is DOWN and trying to connect to the server, but I don’t see any traffic at the moment. So I am going to have to talk to Cisco and get some sniffer traces to see what is going on.

Posted by unixwiz, filed under Sun Ray, VPN. Date: January 17, 2006, 9:26 pm | No Comments »

anything dealing with *NIX or what ever I want to write about

Categories

Archives

Blogroll

Other Sites

Sun Microsystems