Unable to connect on LAN using VNCViewer to a TigerVNC-Server on Centos
My Centos 6 installation of Vino or more accurately tigervnc-server is set up and starts successfully as defined by the procedure here:
http://wiki.centos.org/HowTos/VNC-Server
I am however unable to connect to the server using the vnc-client on a W7 machine or using a java enabled browser.
I have configured a user, namely '1:mark'
After running "ss -l" to determine the port (thanks to arcyqwerty for the netstat suggestion), I determined the correct port is 5901 or 5902.
ss -l output
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 50 *:mysql *:*
LISTEN 0 5 :::vnc-server :::*
LISTEN 0 5 *:5901 *:*
LISTEN 0 128 :::41485 :::*
LISTEN 0 5 :::5902 :::*
Below is the output of my /home/mark/.vnc/log after service start
Thu Dec 5 12:09:58 2013
vncext: VNC extension running!
vncext: Listening for VNC connections on all interface(s), port 5901
vncext: created VNC server for screen 0
GNOME_KEYRING_SOCKET=/tmp/keyring-icjZAi/socket
SSH_AUTH_SOCK=/tmp/keyring-icjZAi/socket.ssh
GNOME_KEYRING_PID=7644
Failed to play sound: File or data not found
An instance of nm-applet is already running.
** Message: adding killswitch idx 2 state KILLSWITCH_STATE_SOFT_BLOCKED
** Message: killswitch 2 is KILLSWITCH_STATE_SOFT_BLOCKED
** Message: killswitches state KILLSWITCH_STATE_SOFT_BLOCKED
05/12/2013 12:10:02 PM Autoprobing TCP port in (all) network interface
05/12/2013 12:10:02 PM Listening IPv{4,6}://*:5900
05/12/2013 12:10:02 PM Listening IPv4://0.0.0.0:5900
05/12/2013 12:10:02 PM Problems in NewSocketListenTCP(), sock=-1
05/12/2013 12:10:02 PM Listening IPv{4,6}://*:5901
05/12/2013 12:10:02 PM Listening IPv4://0.0.0.0:5901
05/12/2013 12:10:02 PM Problems in NewSocketListenTCP(), sock=-1
05/12/2013 12:10:02 PM Listening IPv{4,6}://*:5902
05/12/2013 12:10:02 PM Autoprobing selected port 5902
05/12/2013 12:10:02 PM Advertising authentication type: 'VNC Authentication' (2)
05/12/2013 12:10:02 PM Advertising security type: 'VNC Authentication' (2)
** Message: killswitch 2 is KILLSWITCH_STATE_SOFT_BLOCKED
** Message: killswitches state KILLSWITCH_STATE_SOFT_BLOCKED
(polkit-gnome-authentication-agent-1:7711): GLib-GObject-WARNING **: cannot register
existing type `_PolkitError'
(polkit-gnome-authentication-agent-1:7711): GLib-CRITICAL **: g_once_init_leave: assertion `initialization_value != 0' failed
Initializing nautilus-gdu extension
Initializing nautilus-open-terminal extension
(null): Warning no default label for /home/mark/.gvfs`
My /etc/sysconfig/vncservers contains
VNCSERVERS="1:mark"
VNCSERVERARGS[1]="-geometry 800x600"
However from the netstat it appears that ports 5900, 5901 and 5902 are involved.
Here are the results of my tests:
browsed on the host using 'localhost:5900' Result: RFB 003.007
browsed on the host using 'localhost:5901' Result: RFB 003.008. (note: user:mark)
browsed on the host using 'localhost:5902' Result: RFB 003.007
VNC'd on the host using 'localhost:5901' Result: worked.
Note: From http://www.realvnc.com/docs/rfbproto.pdf RFB represents the Remote Frame Buffer required protocol version numbers.
I tried 1,2,3 and 4 from above substituting localhost:port for the 'hosts ip':port on a network client machine and all timed-out.
The following extra steps have been taken
Turned off the firewall
Temporarily disabled SeLinux
Successfully pinged host from client on LAN.
I am also successfully running a visible httpd service from the offending host
Any pointers would be appreciated.
Make sure that the server is actually runnning (try ps or ps aux).
If that works, then try netstat to make sure it's LISTEN on the right port
Related
Avahi/mDNS is running by default on recent versions of Raspian. Great. Very convenient to just ssh pi#mypi.local.
I am doing development on a Mac and operating a local network of headless Raspberry Pis. Up until now, I was able to use mDNS to access the Pis, and the Pis used mDNS to connect to each other.
Today, I shifted the RPis to a private local network by setting them up on a wireless router unconnected to the internet. Once I join the private network, I am still able to access them via mDNS:
% ssh pi#scheduler.local
Linux scheduler 5.10.63-v7l+ #1459 SMP Wed Oct 6 16:41:57 BST 2021 armv7l
Last login: Mon Aug 1 09:07:43 2022
pi#scheduler:~ $
and
wes#macbook % ssh pi#crossing.local
Linux crossing 5.10.17-v7l+ #1414 SMP Fri Apr 30 13:20:47 BST 2021 armv7l
Last login: Mon Aug 1 09:07:46 2022
pi#crossing:~ $
But when they try to access each other, I get some results I don't understand:
pi#scheduler:~ $ ping crossing.local
PING crossing.local (10.0.0.1) 56(84) bytes of data.
From 192.168.0.1 (192.168.0.1) icmp_seq=1 Destination Net Unreachable
From 192.168.0.1 (192.168.0.1) icmp_seq=2 Destination Net Unreachable
From 192.168.0.1 (192.168.0.1) icmp_seq=3 Destination Net Unreachable
From 192.168.0.1 (192.168.0.1) icmp_seq=4 Destination Net Unreachable
Here's what Avahi reports:
pi#scheduler:~ $ service avahi-daemon status
● avahi-daemon.service - Avahi mDNS/DNS-SD Stack
Loaded: loaded (/lib/systemd/system/avahi-daemon.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2022-08-01 09:07:37 PDT; 41min ago
Main PID: 388 (avahi-daemon)
Status: "avahi-daemon 0.7 starting up."
Tasks: 2 (limit: 1438)
CGroup: /system.slice/avahi-daemon.service
├─388 avahi-daemon: running [scheduler.local]
└─414 avahi-daemon: chroot helper
Aug 01 09:08:08 scheduler avahi-daemon[388]: Leaving mDNS multicast group on interface wlan0.IPv4 with address 169.
Aug 01 09:08:08 scheduler avahi-daemon[388]: Joining mDNS multicast group on interface wlan0.IPv4 with address 192.
Aug 01 09:48:29 scheduler avahi-daemon[388]: Files changed, reloading.
Aug 01 09:48:29 scheduler avahi-daemon[388]: No service file found in /etc/avahi/services.
Here's my hosts and hostname files:
pi#scheduler:~ $ cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
127.0.1.1 scheduler
pi#scheduler:~ $ cat /etc/hostname
scheduler
What does avahi say about it? Let's see:
pi#brs-scheduler:~ $ avahi-resolve --name brs-crossing.local -4
brs-crossing.local 192.168.0.214
pi#brs-scheduler:~ $ ifconfig | grep "inet 192"
inet 192.168.0.109 netmask 255.255.255.0 broadcast 192.168.0.255
pi#brs-scheduler:~ $ ping brs-crossing.local
PING brs-crossing.local (10.0.0.1) 56(84) bytes of data.
From 192.168.0.1 (192.168.0.1) icmp_seq=1 Destination Net Unreachable
So for some reason, on this private network, mDNS is resolving correctly, but ping and ssh don't resolve properly?
What am I missing?
Unsurprisingly, since the pis worked fine on the local net and stopped working on a private net with a new router, it had to do with the configuration of the new router not mDNS.
mDNS was working fine:
pi#scheduler:~ $ avahi-resolve --name crossing.local -4
crossing.local 192.168.0.214
The new router on the private net had two operating modes "router" and "access point." In "router" mode, the router was pushing a DNS nameserver IP to clients which was somehow hosing ping and ssh and other services, despite mDNS working okay.
pi#scheduler:~ $ cat /etc/resolv.conf
# Generated by resolvconf
nameserver 192.168.0.1
Once the router was placed in "access point" mode, and DHCP was turned on manually, everything worked.
Obscure problem. Obscure solution.
I can connect to my DigitalOcean Ubuntu 20LTS VM instant that has PostgreSQL 14 installed without issue, but I'm trying to make it more secure with only specific IPs that can connect to the database.
I heard the way to do this is to modify the /etc/postgresql/14/main/postgresql.conf file.
When I have this line, I can connect to my database without issue.
listen_addresses='0.0.0.0'
However, if I modify this line with:
listen_addresses='123.123.123.123'
I get this DataGrip error message: [08001] Connection to 111.111.111.111:12345 refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.
111.111.111.111:12345 is my (fake) VM's IP and port that I already set up.
123.123.123.123 is my (fake) computer's external IP that I get from here or here
Any suggestions? Is there a log I can search from that will give me a better understanding of what is going on?
Also to note, with listen_addresses='0.0.0.0', running ss -ptl gives an output of
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 4096 127.0.0.53%lo:domain 0.0.0.0:*
LISTEN 0 128 0.0.0.0:ssh 0.0.0.0:*
LISTEN 0 244 0.0.0.0:12345 0.0.0.0:*
LISTEN 0 128 [::]:ssh [::]:*
with listen_addresses='123.123.123.123', running ss -ptl gives an output of
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 4096 127.0.0.53%lo:domain 0.0.0.0:*
LISTEN 0 128 0.0.0.0:ssh 0.0.0.0:*
LISTEN 0 128 [::]:ssh [::]:*
Documentation that I used so far:
https://www.postgresql.org/docs/current/runtime-config-connection.html
https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
I am trying to set up OpenVPN on Ubuntu 20.04. I'm not experienced in this area. After I set up OpenVPN, I perform test connectivity. I received handshake error message:
Sun Jul 26 05:53:17 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]68.228.217.219:1194
Sun Jul 26 05:53:17 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Jul 26 05:53:17 2020 UDP link local: (not bound)
Sun Jul 26 05:53:17 2020 UDP link remote: [AF_INET]My_Public_ISP_IP:1194
Sun Jul 26 05:54:17 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Jul 26 05:54:17 2020 TLS Error: TLS handshake failed
Sun Jul 26 05:54:17 2020 SIGUSR1[soft,tls-error] received, process restarting
Sun Jul 26 05:54:17 2020 Restart pause, 5 second(s)
Then I check to log
journalctl --identifier openvpn
I found two error message I believe why my OpenVPN cannot connect:
This is one of the error messages:
Could not determine IPv4/IPv6 protocol. Using AF_INET
I notice it's using my old client .conf file:
Error Message
My new .conf file is local.ovpn/
I tried removing client conf. sudo rm -vf BigK and replace it with local.ovpn. but it didnt work.
I need help figuring this issue out. i tried researching on my own but i came up short.
UPDATE
After several hours of researching online. the closet post I see helping me is this post https://unix.stackexchange.com/questions/385966/openvpn-error-status-2-and-cant-connect-to-internet-while-usingwhich didn't help.
I checked my client.conf
client
dev tun
proto udp
remote Public_IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
block-outside-dns
verb 3
<ca>
Here is my server.conf
local IP
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
explicit-exit-notify
Here is localvpn.ovpn
client
dev tun
proto udp
remote Public_IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
block-outside-dns
verb 3
I faced the same problem and didn't find any solution. I was looking for another way to connect to OpenVPN server and it helped me.
Ubuntu 20.04 has a default tool for using OpenVPN:
Settings -> Network
Click + icon on one line with the VPN title
Choose Import from file... option and select your .ovpn config file in the popup window
Click Add button and that's it
PS: I hope it will help somebody to save any hours
if Mongo server run on port 65500.
Now on which port, I can access simple HTTP rest ?
Let a case,
MongoDB provides a simple http interface listing information of interest to administrators. This interface may be accessed at the port with numeric value 1000 more than the configured mongod port.
if MongoDB runs on localhost with port number 65500.
Then which port does Mongo rest interface run?
Port no. 66500 is not possible value for port
Port numbers are only 16 bits, so mongod will fail to even start on that port (greater than 65535)
> mongod --port 65555 --dbpath .
Sat Mar 29 13:00:31.488 bad --port number
Sat Mar 29 13:00:31.488 dbexit:
Sat Mar 29 13:00:31.488 shutdown: going to close listening sockets...
If you really mean an allowed port that would just make the web port go above 65536, it will wrap around to 0 (which would mean 65535+1000 would wrap to 999, or your new sample port 65500 would wrap to 964);
Sat Mar 29 13:01:53.448 [initandlisten] waiting for connections on port 65500
Sat Mar 29 13:01:53.448 [websvr] ERROR: listen(): bind() failed errno:13
Permission denied for socket: 0.0.0.0:964
I'd like to start a Tomcat debug session on my remote host from Eclipse, but it fails with this error:
Failed to connect to remote VM
com.sun.jdi.connect.spi.ClosedConnectionException
My Tomcat is, I think, correctly configured to received debug session on port 8000:
tomcat 18771 1 1 17:18 ? 00:00:16 /usr/lib/jvm/java/bin/java -Xdebug -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n -Djava.rmi.server.hostname=10.30.0.17 -Dcatalina.ext.dirs=/usr/share/tomcat5/shared/lib:/usr/share/tomcat5/common/lib -Djavax.sql.DataSource.Factory=org.apache.commons.dbcp.BasicDataSourceFactory -Djava.endorsed.dirs=/usr/share/tomcat5/common/endorsed -classpath /usr/lib/jvm/java/lib/tools.jar:/usr/share/tomcat5/bin/bootstrap.jar:/usr/share/tomcat5/bin/commons-logging-api.jar:/usr/share/java/mx4j/mx4j-impl.jar:/usr/share/java/mx4j/mx4j-jmx.jar -Dcatalina.base=/usr/share/tomcat5 -Dcatalina.home=/usr/share/tomcat5 -Djava.io.tmpdir=/usr/share/tomcat5/temp org.apache.catalina.startup.Bootstrap start
There is a firewall between my PC and the remote server, but the port is well opened, as I can see these packets with tcpdump on the server:
17:41:17.110977 IP X.X.X.X.57010 > Y.Y.Y.Y.irdmi: S 868833744:868833744(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK>
17:41:17.111183 IP Y.Y.Y.Y.irdmi > X.X.X.X.57010: S 3571247457:3571247457(0) ack 868833745 win 5840 <mss 1460,nop,nop,sackOK,nop,wscale 7>
17:41:17.112624 IP X.X.X.X.57010 > Y.Y.Y.Y.irdmi: . ack 1 win 256
17:41:19.113216 IP Y.Y.Y.Y.irdmi > X.X.X.X.57010: F 1:1(0) ack 1 win 46
17:41:19.114246 IP X.X.X.X.57010 > Y.Y.Y.Y.irdmi: P 1:15(14) ack 1 win 256
17:41:19.114279 IP Y.Y.Y.Y.irdmi > X.X.X.X.57010: R 3571247458:3571247458(0) win 0
The only message writtent in Tomcat logs is
Debugger failed to attach: timeout during handshake
I can't figure out what's wrong dispite informations I found on the web.
Can anyone can help me?
My server: RHEL 5.9, Tomcat 5.5, java 1.6
Regards,
Robert
I solved my issue : there were a packet inspection activated on the firewall between my PC and the server. It lets certain TCP packets trough, so the TCP handshack can occure, but block data TCP packet.
As I understand, first, a TCP connection is made, then an application handshake is done by the java server with TCP data packet. As data packet was filtered by the firewall, the application handshake could not been completed, and the application close the TCP connection by sending a FIN packet.
Regards,
Robert