i am trying to add multi ssl sites to my azure vm machine, but i am missing something.
i tried "Add-AzureVirtualIP" ,"New-AzureReservedIP","Set-AzureReservedIPAssociation","Set-AzurePublicIP"
i can see the new ip in powershell , but when i add the bindings in the iis dialog box, its doesn't work
on my own servers i usually added the new IPs that my isp provided withen the network ip4 properties and it was so easy, now i have no internal ips nor external port forword working
any ideas
Related
So I have GCP set up and Kubernetes, I have a web app (Apache OFBiz) running on pods in the GKE cluster. We have a domain that points itself to the web app, so essentially it's accessible from anywhere on the internet. Our issue is since this is a school project, we want to limit the access to the web app to the internal network on GCP, we want to simulate a VPN connection. I have a VPN gateway set up, but I have no idea what to do on any random computer to simulate a connection to the internal network on GCP. Do I need something else to make this work? What are the steps on the host to connect to GCP? And finally, how do I go about limiting access to the webapp so only people in the internal network have access to the webapp?
When I want to test a VPN, I simply create a new VPC in my project and I connect both with Cloud VPN. Then, in the new VPC, you can create VM that simulate computer in the other side of the VPN and thus simulate what you want.
To setup a VPN on GCP you can use Cloud VPN using static or dynamic routing, you will need to configure a remote peer from the location you want to access your GCP resources to establish the connection towards the Cloud VPN gateway on GCP end.
This means you may require a router that supports creating VPN tunnels on your on-premises or use a host that acts like a router to establish this connection using a VPN software towards Cloud VPN (like Strongswan, for example).
You can block external access to the resources on your VPC network by using GCP firewall rules and just allow specific ports or source IP ranges as you wish.
Another option, even if it's not a VPN or encrypted traffic, is to only allow ingress traffic from the public IP from where you would like to connect to your internal VPC, but this is less secure and would only work if you have an static public IP on your on-premises.
Since you said this is a school project, I would recommend asking your teacher for more direct advice. That said, you can't "simulate" a VPN but you can set up an IPSec client on your laptop or whatever and actually connect to it. Unfortunately Google doesn't appear to have any documentation on this so I'm guessing they presume you already know IPSec well enough to write a connection config yourself.
Using kubectl port-forward might be an easier solution.
I am close to getting this to work but need some assistance.
I have OpenVPN Access server running on a Droplet in Digital ocean.
I have a RaspberryPi with a wireless connection on my network.
IP = 192.168.20.205
The user the pi connects to the Access server is set to be a VPN gateway with :
Allow Access From: all server-side private subnets
Allow Access From: all other VPN clients
192.168.20.0/24.
I have another user that connects to the Access server without the gateway settings.
When both users connect I can see them both in the web GUI of the access server with an IP assigned. 172.27.232.XXX
Now from the remote user I can ping the Pis 172.xxx.xxx.xxx IP address and even SSH into it using the 172 address.
However, it seems like the Pi isn't bridging / routing correctly or getting stopped by a firewall, as from the remote user I cant see the local network 192.168.20.xxx.
any pointers for me here?
Thanks!
The solution to your problem is clearly explained here:
https://openvpn.net/vpn-server-resources/site-to-site-routing-explained-in-detail/
You have to set the static routes on both routers and set the ip forward on the raspberry pi
I'm trying to implement a web server on my pc, connected to router.
Since my PC is connected to router, It identifies private IP address, starting with
192.168...
However,it could not accept any clients that is not connected to the same router, even I specified tried with public IP address.
Is it possible to implement Web server that can be accept clients from anywhere with my PC connected to local router?
Or should I connect my web server directly to public IP directly without router?
It'll be pleasure to learn from your answers.
The problem may be, that your web server routing may not be configured correctly to your external IP, or your web server ports may be blocked, or another possibility is that your firewall is blocking your service connections outside the local network.
So, a solution to misconfiguration would be, to forward your port to your internal IP of the web server from your router menu.
And, for the case of firewall blocking, you may give special access to your web server through the firewall by setting inbound and outbound rules.
And if all that is correct then most probably your ISP(Internet Service Provider) is not allowing ports to be opened to you, maybe due to dynamic IP or service restrictions.
For the similar problem, you may refer to my answer to another post Here
What router do you have? go into the router using a web browser, mine is 192.168.0.1 with username and password as admin. or username admin, password blank.
Then set a dmz route or for port forwarding 80 to you own internal IP address.
I have successfully created a scale set using (https://github.com/Azure/azure-quickstart-templates/tree/master/201-vmss-windows-customimage) with one instance from the my custom image:
The custom image has microsoft server data center DS1 V2 and node.js installed in and a copy of my application.
From the new portal I can see the IP of the VM.
I have also successfully started it from the powershell.
However the RDP on that IP with port 3389 or 50000, 50001 are not working.
I tried to add some inboud rules but the situation is same (may inboud rules not correct).
Please can you let me know the steps required after the scale set is created in order to make a RDP ?
You won't be able to connect to the IP of the VM from outside the VNET as each VM has an internal IP address. You need to connect to the public IP of the load balancer (you probably meant that implicitly but being precise just in case).
You will also need to create inbound NAT rules to map a port range on the load balancer public IP address to port 3389 on the backend, and double check that RDP was enabled on the source image before uploading it.
Take a look at this template for an example of inbound NAT rules.. https://github.com/Azure/azure-quickstart-templates/blob/master/201-vmss-windows-nat/azuredeploy.json
I am using Appache Tomcat to host webpages that can be accessed by authenticated users and a UDP socket has been opened on port 14550 in which devices sends a stream of communication messages. The system is working fine in the local network. I tried to host the this in Openshift and later found that Openshift does not allow external UDP communication. Now I am considering Amazon EC2 instance, new VM in Azure or in GCP. I would like to know that will there be any issue in using the sockets from my application. Thank you in advance.
No, on AWS EC2 everything is allowed, you just need to configure your Security Group to allow specific web traffic, UDP traffic can also be allowed their.
I was also looking for possible workaround for this issue, but it's quite easy irrespective of what platform language you are using to develop socket program on AWS EC2, as am using Node.js nginx in my case, this should work for all supporting platforms.
Configure Security Group
In the AWS console, open the EC2 tab.
Select the relevant region and click on Security Group.
You should have an default security group if you
have launched an Elastic Beanstalk instance in that region for your
app.
click on Actions button at top, and select Edit inbound rules.
here in Type column select All UDP, or you can set some Custom UDP
rule as well to listen at your socket port.
And there just enter port of your UDP server Ex: 2020.
And that's it!
Note: If something is not working, check the "Events" tab in the Beanstalk application / environments and find out what went wrong.