Solved

Cygwin/X XDMCP over VPN to Solaris 10 server

Posted on 2006-11-22
13
6,295 Views
Last Modified: 2013-12-21
If I'm in the office on the LAN, I can successfully connect to my Solaris 10 server via cygwin/x, by simply doing:

XWin.exe -query x.x.x.x

However, when I'm at home connected via VPN, if I do the same thing, I get a blank X display come up and then after about 10 seconds it dies with:

Fatal server error:
XDMCP fatal error: Session failed Session 8 failed for display x.x.x.x:0: Cannot open display

where x.x.x.x is my VPN address.

I then tried to connect via an ssh with X11 forwarding, but couldn't find a combination that worked.

Any suggestions?
0
Comment
Question by:Tintin
  • 6
  • 5
13 Comments
 
LVL 20

Accepted Solution

by:
Gns earned 500 total points
Comment Utility
What type of VPN is that? What firewalling is involved?
What it seems like is that you successfully connect from your client (cygwin) to the server, but the server (coming back to you on port 6000 (actually 6000 + display number)) is somehow blocked/lost.
Now, this can be caused by any number of differing things. It might be that there is a routing issue, so that your VPN isn't really functional, or functioning when used towards server resources that have static routing set up... and not with all else. It might be some firewall (anywhere in between, including your clients windoze firewall (M$ or other), blocking port 6000/tcp.

You mention ssh, which makes the first theory (bad routing) less than likely, since ssh wouldn't work if that were the case. So so look at all firewalls;-).
What ssh client are you using? PuTTY? Cygwin/ssh? If the latter, remember that that one needs you to start a local X session first, and set DISPLAY=:0, prior to the "ssh -X ..." call, or else it will not forward X properly, even if you've seen to it that X is forwarded in both the client and server ssh configuration (yep, you need to check that too;).

So, to sum up: you might have two issues: One concerning the ssh configuration, and the other (first:) concerning firewalling, both conspiring to prevent you from running X over the VPN.
Lots of things to look at, and we'll be here to help decipher anything that is just too strange:-):-)

-- Glenn
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
Man, sorry for the "newbie mode answer" Tintin. Didn't look at the "Asker" field until after I submitted...
Anyway, still sound advice... There are a few icky places to go look, although I'm sure you've looked at most already:-).

-- Glenn
0
 
LVL 48

Author Comment

by:Tintin
Comment Utility
I've done a bit more research and have found the following:

1.  You can't do XDMCP queries over ssh tunnels as the query is over UDP not TCP.  

2.  VNC might be an option.  I'm going to try installing VNC server that comes on the Solaris 10 companion CD.

3.  There's a lot of talk recently about NX server, which sounds like the ideal solution.  However, the Solaris 10 version has currently is buggy and won't work and the Windows client doesn't work on my XP laptop due to some cygwin DDL incompatibilities.
0
 
LVL 20

Assisted Solution

by:Gns
Gns earned 500 total points
Comment Utility
1. So not really "VPN", but rather ssh tunneling (yeah, I know... Not much difference:-). That explains that.
2. True, that might help.
3. I never liked NX, mostly because the simplicity it promises never really came to be (for me at least:-).

If you want a really easy and workable solution you should go with SSL-Explorer from 3sp.com ... The Community edition is pure OSS, no cost. Yes, it's java, yes you need ant, yes there is a build phase, but .... it's really quite simple to setup, and works like a dream.
I've successfully used it to publish all sorts of applications, network resources (diverse proxies) etc. Very good.
The best thing is that it is a "client-less" SSL VPN (well, for the apps that need a client, it pushes a java client... So all you need is a browser and a JRE:-).
Try it, you'll quickly fall in love;-). Go to http://3sp.com ... you'll find links to the sourceforge pages from that.

-- Glenn
0
 
LVL 48

Author Comment

by:Tintin
Comment Utility
In the end, I used VNC and that works just fine for me.  Another plus with VNC is that I can tunnel it via ssh.
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
Did you look at SSL-Explorer Tintin? It's like OpenVPN without the hassle:-).
Don't mean to nag, but it is really worth your time... Since you're in the business for RATs anyway (and this is one area where it really shines:-). Can use diverse authentication methods (not that many in the Community Edition...) and is rather low-cost (compared to the competition:-) ... The neterprise edition enables some really useful extentions/plugins, so might be worth considering:-):-).

What it adds (over a pure ssh tunnel) is ease of use, flexibility and versatility.

And no, I'm not associated with 3sp, just a happy customer:-D.

Will you request a PAQ/refund or a Delete/refund?

Cheers
-- Glenn
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 48

Author Comment

by:Tintin
Comment Utility
I'll try to look at SSL Explorer as soon as I get a chance.
0
 
LVL 48

Author Comment

by:Tintin
Comment Utility
Should point out that in order to run JDS, the following workaround needs to be done:

http://sunsolve.sun.com/search/document.do?assetkey=1-9-81175-1
0
 
LVL 20

Expert Comment

by:Gns
Comment Utility
Hm, good info Tintin, thanks. I'm just about to re-enter the fun world of Solaris (10), so this really helps me:-). Holler if you want a question to match the answer (if that is still allowed here... Have had a "sabbatical" re: EE too:-).

-- Glenn
0
 
LVL 11

Expert Comment

by:cup
Comment Utility
Have you tried xhost+ after starting up the x server on cygwin?
0
 
LVL 48

Author Comment

by:Tintin
Comment Utility
running xhost isn't going to have any affect, as XDMCP queries won't reach the server.
0
 
LVL 48

Author Comment

by:Tintin
Comment Utility
I thought I'd just allocate the points out anyway.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
I have been running these systems for a few years now and I am just very happy with them.   I just wanted to share the manual that I have created for upgrades and other things.  Oooh yes! FreeBSD makes me happy (as a server), no maintenance and I al…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now