Cygwin/X XDMCP over VPN to Solaris 10 server

If I'm in the office on the LAN, I can successfully connect to my Solaris 10 server via cygwin/x, by simply doing:

XWin.exe -query x.x.x.x

However, when I'm at home connected via VPN, if I do the same thing, I get a blank X display come up and then after about 10 seconds it dies with:

Fatal server error:
XDMCP fatal error: Session failed Session 8 failed for display x.x.x.x:0: Cannot open display

where x.x.x.x is my VPN address.

I then tried to connect via an ssh with X11 forwarding, but couldn't find a combination that worked.

Any suggestions?
LVL 48
TintinAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
GnsConnect With a Mentor Commented:
What type of VPN is that? What firewalling is involved?
What it seems like is that you successfully connect from your client (cygwin) to the server, but the server (coming back to you on port 6000 (actually 6000 + display number)) is somehow blocked/lost.
Now, this can be caused by any number of differing things. It might be that there is a routing issue, so that your VPN isn't really functional, or functioning when used towards server resources that have static routing set up... and not with all else. It might be some firewall (anywhere in between, including your clients windoze firewall (M$ or other), blocking port 6000/tcp.

You mention ssh, which makes the first theory (bad routing) less than likely, since ssh wouldn't work if that were the case. So so look at all firewalls;-).
What ssh client are you using? PuTTY? Cygwin/ssh? If the latter, remember that that one needs you to start a local X session first, and set DISPLAY=:0, prior to the "ssh -X ..." call, or else it will not forward X properly, even if you've seen to it that X is forwarded in both the client and server ssh configuration (yep, you need to check that too;).

So, to sum up: you might have two issues: One concerning the ssh configuration, and the other (first:) concerning firewalling, both conspiring to prevent you from running X over the VPN.
Lots of things to look at, and we'll be here to help decipher anything that is just too strange:-):-)

-- Glenn
0
 
GnsCommented:
Man, sorry for the "newbie mode answer" Tintin. Didn't look at the "Asker" field until after I submitted...
Anyway, still sound advice... There are a few icky places to go look, although I'm sure you've looked at most already:-).

-- Glenn
0
 
TintinAuthor Commented:
I've done a bit more research and have found the following:

1.  You can't do XDMCP queries over ssh tunnels as the query is over UDP not TCP.  

2.  VNC might be an option.  I'm going to try installing VNC server that comes on the Solaris 10 companion CD.

3.  There's a lot of talk recently about NX server, which sounds like the ideal solution.  However, the Solaris 10 version has currently is buggy and won't work and the Windows client doesn't work on my XP laptop due to some cygwin DDL incompatibilities.
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
GnsConnect With a Mentor Commented:
1. So not really "VPN", but rather ssh tunneling (yeah, I know... Not much difference:-). That explains that.
2. True, that might help.
3. I never liked NX, mostly because the simplicity it promises never really came to be (for me at least:-).

If you want a really easy and workable solution you should go with SSL-Explorer from 3sp.com ... The Community edition is pure OSS, no cost. Yes, it's java, yes you need ant, yes there is a build phase, but .... it's really quite simple to setup, and works like a dream.
I've successfully used it to publish all sorts of applications, network resources (diverse proxies) etc. Very good.
The best thing is that it is a "client-less" SSL VPN (well, for the apps that need a client, it pushes a java client... So all you need is a browser and a JRE:-).
Try it, you'll quickly fall in love;-). Go to http://3sp.com ... you'll find links to the sourceforge pages from that.

-- Glenn
0
 
TintinAuthor Commented:
In the end, I used VNC and that works just fine for me.  Another plus with VNC is that I can tunnel it via ssh.
0
 
GnsCommented:
Did you look at SSL-Explorer Tintin? It's like OpenVPN without the hassle:-).
Don't mean to nag, but it is really worth your time... Since you're in the business for RATs anyway (and this is one area where it really shines:-). Can use diverse authentication methods (not that many in the Community Edition...) and is rather low-cost (compared to the competition:-) ... The neterprise edition enables some really useful extentions/plugins, so might be worth considering:-):-).

What it adds (over a pure ssh tunnel) is ease of use, flexibility and versatility.

And no, I'm not associated with 3sp, just a happy customer:-D.

Will you request a PAQ/refund or a Delete/refund?

Cheers
-- Glenn
0
 
TintinAuthor Commented:
I'll try to look at SSL Explorer as soon as I get a chance.
0
 
TintinAuthor Commented:
Should point out that in order to run JDS, the following workaround needs to be done:

http://sunsolve.sun.com/search/document.do?assetkey=1-9-81175-1
0
 
GnsCommented:
Hm, good info Tintin, thanks. I'm just about to re-enter the fun world of Solaris (10), so this really helps me:-). Holler if you want a question to match the answer (if that is still allowed here... Have had a "sabbatical" re: EE too:-).

-- Glenn
0
 
cupCommented:
Have you tried xhost+ after starting up the x server on cygwin?
0
 
TintinAuthor Commented:
running xhost isn't going to have any affect, as XDMCP queries won't reach the server.
0
 
TintinAuthor Commented:
I thought I'd just allocate the points out anyway.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.