Link to home
Start Free TrialLog in
Avatar of Allan_Fernandes
Allan_Fernandes

asked on

LAN or WAN ?

My Backup Application (using Sockets) has a Server.exe (on one machine) and Client.exe (on each desktop).
Currently all the Client.exe are meant to be within the LAN of the Server.exe.
Now I want to permit users to work across the WAN too.
I want to recognize the users connecting via WAN how do I check that ?
Can I understand from within the Sockets details or will I have to use Geolocation ?
I use Delphi / Windows OS/ TServerSocket+TClientSocket
Avatar of skullnobrains
skullnobrains

you probably should combine techniques among
- filtering by ip if you know your client's addresses. this is availablle in the socket's meta data
- i assume you already use passwords ?
- SSL authentication with client certificates

or you can take a different approach and setup a vpn orn ssh tunnels for your clients. if you have a commercial firewall, it probably comes with a VPN
the most important thing is overcoming connection loss
another issue is the speed

are meant to be within the LAN of the Server.exe.
> how can you be sure there is no WAN connections now ?

with a vpn in between it's possible the ip address looks like it's in the lan
Avatar of Allan_Fernandes

ASKER

Hi
Sorry for the Delay in responding.
>> filtering by ip if you know your client's addresses
My Application is being currently used on MPLS (LAN as far as I am concerned) and here the IP's across the country do not have any format that I can filter them on.

>> - i assume you already use passwords ?- SSL authentication with client certificates
No. I am transferring via WinSoc and I use an Identity pattern to avoid any external intrusion.

>> the most important thing is overcoming connection loss another issue is the speed
Very valid point and I have to check it out practically, but since the backups are incremental (even PST) it should not be much of an issue.

>> how can you be sure there is no WAN connections now ?
Currently I am using a separate Server/Client Socket pair to send files from the Server machine to the Clients. This fails as it is not to the Public IP of the clients.
backups incremental ? not an issue ?

if you have connection loss, then you need to "redo" the failed part
how the redo is done depends on what the failed part is ...

a really easy way ...
robocopy source dest backupfiles /Z

robocopy has a builtin retry mechanism
even across the wan

why reinvent the wheel ?

but i assume you want more control than that
given this extra information, i'd go the VPN way

if your server has to connect back to the client, you are bound to run into firewall issues on the client side so you'd have many things to change to get it to work over the WAN... or rewrite your app accordingly if for some reason setting up a VPN is not feasible for you
I think we have moved away from the question I seek. As far as Connectivity etc is concerned I will check that out and maybe come to you'll later. Now I want to know if there is any pattern of Public addresses allocated as per Geo location ?
Now I want to know if there is any pattern of Public addresses allocated as per Geo location ?

simple answer, no.

but then if a greek ISP possesses a number of ips, there are high chances that their owners/users are in greece.

there is a tool named geoiplookup that can resolve the country. it is about 90-95% reliable which is not great but not too bad. the paid version can resolve with better precision ( cities, states, ... ) and is supposed to be less error-prone regarding countries.

maybe if you provide more information regarding the users connexions, i'll be able to provide a useful tip. it could be sensible to register per user ips and ranges, or possibly get them to authenticate on the firewall in order to open the required network flow, or there may be a whole different way to get proper security without that much hassle both for yourself and the end users.

which country are you in, btw ?
I am in India.
>>  if you provide more information regarding the users connexions
I did not understand what kind of info you seek ?
i gather your app requires the client to access the server and the server to connect back to the client.

Currently I am using a separate Server/Client Socket pair to send files from the Server machine to the Clients. This fails as it is not to the Public IP of the clients.

the server is behind a router which is a problem you can handle.
the reverse is not unless you know something about the users that makes you sure a home or hotel router does not get in the way. any wifi internet connection won't probide a public ip so it just won't work.

the first thing you need is to modify your app so all connections are initiated by the clients

then you either build the security in your app. you can do client cert authentication with SSL for example,  use passwords, more or less complication depending on the criticity in terms of security.

or you can rely on an external tool such as SSH tunnels or VPNs. VPNs should let you work without changes to your existing code because your clients will receive a lan address that will be routed. SSH tunnels can be made to open remote tunnels on demand but i see no point in piloting ssh from your app.

... or you may consider modifying your app so it uses sftp or a similar standard protocol to discuss with the server rather than having a server.exe


from what i understand, the simplest is probably to use ssl as a transport and modify your code so connections are not initiated by the server any more
All my connections are initiated by the Client machine only.  The Client machine is fed with Server IP, in this case it will be a public IP. The Client connects to the Server and has a active connection. Until now I have been initiating a new connection from the Server to the Client for File copy. Recently I changed my plans and experimented with a VPS I have hired in Atlanta and send files back on the first connection itself (ie: Client initiated) this worked perfectly.
ASKER CERTIFIED SOLUTION
Avatar of skullnobrains
skullnobrains

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial