Posts Tagged ‘Java’

Allowing MySQL users access from all hosts – Fixing mysql ERROR 1045 (28000): Access denied for user ‘root’@’remote-admin.com’ (using password: YES)

Friday, June 20th, 2014

mysql_allow_access-from-remote-any-host-fix-access-error-after-sql-migration

I recently migrated MySQL database server from host A to host B (remotesystemadministration.com), because I wanted to have the mysql database server on a separate machine (have separation of server running services and have a dedicated mysql server).

MySQL server host (running on localhost previously was set from my mysql config my.cnf to listen and serve connections on localhost with

bind-address = 127.0.0.1

). MySQL is used by a Tomcat running Java application on localhost and my task was to set the Tomcat to use the MySQL database remotely to MySQL host B (new remote hostname where MySQL is moved is  remotesystemadminsitration.com and is running on IP 83.228.93.76).

Migration from MySQL Db server 1 (host A) to MySQL Db server 2 (host B) is done by binary copying the mysql database directory which in this case is (as it is a Debian server installed MySQL), the standard directory where mysql stores its database data is /var/lib/mysql ( datadir = /var/lib/mysql in /etc/mysql/my.cnf)

Binary copying of data from MySQL db (host A) to MySQL Db (host B) is done with rsync

After migrating and trying to login on migrated mysql  database on remotesystemadministration.net with mysql cli client:

remotesysadmin:~$ mysql -u root -p

I got following error:
 

ERROR 1045 (28000): Access denied for user 'root'@'remotesystemadministration.com' (using password: YES)


To fix the issue I had to login remotely from old migration server mysql (host A) cli:

mysql:~$ mysql -u root -p -h remotesystemadministration.com

and  run SQL commands:

GRANT ALL PRIVILEGES ON *.* TO 'root'@'remotesystemadministration.com' WITH GRANT OPTION;
GRANT USAGE ON *.* TO 'root'@'remotesystemadministration.com' IDENTIFIED BY 'secret-mysql-pass';
FLUSH PRIVILEGES;

Query OK, 0 rows affected (0.03 sec)
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)


Another way to solve the problem is to add the root user to be able to connect from any host (Enable MySQL root access from all host), to do so issue:

GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;

Note: In newer version of MySQL, flush privileges could be omitted.

Another approach if you want to substitute access from localhost for all users and enable all users to be able to authenticate to mysql remotely is to execute SQL Query:

UPDATE USER SET host='%' WHERE host='localhost';

Allowing all users to be able to connect from anywhere on the internet is a very bad security practice anyways, if you already have a tight firewall setup and you can only access the server via specific remote IP addresses allowing MySQL access from all hosts / ips should be ok.

Ditaa convert ASCII diagrams into bitmap graphic (pictures)

Monday, May 12th, 2014

ditta_convert-ascii-art-diagram-to-png-jpg-picture
As part of my passion for ASCII art, I've found another interesting tool useful to ASCII art maniacs like me, the tool is called ditta and is able to convert manually drawn ASCII art diagrams to graphics, below is tool description from my debian apt-cache as well as a screenshot:

 apt-cache show ditaa|grep -i ditaa -A 4

Package: ditaa
Priority: optional
Section: graphics
Installed-Size: 164
Maintainer: David Paleino <dapal@debian.org>

Filename: pool/main/d/ditaa/ditaa_0.9+ds1-2_all.deb
Size: 107270
MD5sum: 05ec52d9274b954b053f1835ca5d7a7f
SHA1: 792d91d05fff2a2a19c0ebce317351d138436c18
SHA256: c4319d32e7918aab782e2f38cdad745bc9023f9f09a999033d983095ee4f70d5

 DiTAA is a small command-line utility that can convert diagrams drawn using
 ASCII art ("drawings" that contain characters that resemble lines, like | /
 and -), into proper bitmap graphics.
 .
 DiTAA also uses special markup syntax to increase the possibilities of shapes
 and symbols that can be rendered.
Homepage: http://ditaa.org

 

To install ditaa on Debian and Ubuntu Linux:

debian:~# apt-get install --yes ditaa
...

Ditaa text diagram to Graphics converter is also available in Fedora Linux and in Source RPMs to be used on Redhat Based RPM distributions.
To install in most of RPM based Linuxes:

[root@fedora:~]# yum install -y ditaa

For most people probably Ditta will not be of any value except as a PoC and of a Hack value just like Ditaa's home page suggests. Nomatter that Ditta is cool but has just 2 drawback it doesn't understand non-latin characters i.e. Cyrillic and requires Java Virtual Machine .. but if you're a real geek you will do  the sacrifice to install a whole bunch of the heavy java for the sake of some oldschool fun 🙂 Being written in Java makes Ditta multi-platform, but you will need a Java VM version of at least 1.6 (it doesn't work with Java 1.5).

The format Ditta understands is close to HTML

<ditaa [optional parameters]>
 
... (some ditaa-code) ...
 
</ditaa>


There are also special tags understood by Ditta which are automatically turned into shaped graphical buttons and forms.
 

Possible tags

Not all shape selector tags are documented on the ditaa site. A quick source scan revealed:

tag Description
{c} decision(Choice)
{d} document
{io} input/output, parallelogram
{mo} manual operation
{o} ellipse, circle
{s} storage
{tr} trapezoid (looks like an inverted {mo} )

Here is an example Ditta code
 

<ditaa round noedgesep right>
    +--------+   +-------+    +-------+
    |        | --+ ditaa +--> |       |
    |  Text  |   +-------+    |diagram|
    |Document|   |!magic!|    |       |
    |     {d}|   |  c478 |    |       |
    +---+----+   +-------+    +-------+
        :                         ^
        |       Lots of work      :
        +-------------------------+
</ditaa>

This Ditta code will generate following picture:

ditaa_convert-ascii-art-picture-to-graphic-png-jpg-bmp


To learn more on ditta please check Ditaa's Project homepage on Sourceforge
Many thanks to Cybercity's 30 Cool Open Source Software of 2013 for inspiring this post.

Windows Explorer (Open directory in command prompt preserving dir PATH) – Add Dos Prompt Here feature via tiny registry tweak

Friday, January 10th, 2014

Windows explorer dos prompt here open directory in windows command line

If you have to use Windows on system administration level, you had to use command prompt daily, thus its useful to be able to be able to open Command Line starting from desired directory with no need to copy directory Path by hand and CD to it manually.

By default Command Prompt, cmd.exe always opens itself setting a path to user home directory, reading what is defined by win system variable %USERPROFILE% or %HOMEPATH% – MS Windows equivalent of UNIX's $HOME shell variable.

To add open in  DOS Prompt Here Command Prompt option to Windows Explorer menus its necessary to apply few rules to Windows registry DB
Use above Download link and launch it and from there on clicking with right Mouse button to any directory will enable you to open directory in CMD.EXE.

Here is content of little registry tweak adding the new menu Dos Prompt Here button
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Directory\shell\DosHere]
@="Dos &Prompt Here"

[HKEY_CLASSES_ROOT\Directory\shell\DosHere\Command]
@="cmd.exe /k cd %1"

[HKEY_CLASSES_ROOT\Drive\shell\DosHere]
@="Dos &Prompt Here"

[HKEY_CLASSES_ROOT\Drive\shell\DosHere\Command]
@="cmd.exe /k cd %1"

Windows explorer open program files or any specific directory in windows command line

windows opening directory in command line program files screenshot win 7

This little registry code is originally for Windows 2000, anyways it is compatible with all NT technology based Windowses, Add DOS Prompt Here tweak works fine on Windows XP, Windows 7 and Windows 8 (Home, Pro and Business editions).

By Mentioning $HOME its interesting to say Windows equivalent of Linux's as it might be useful to know:

linux:~# echo $HOME
/home/hipo

is

C:\\> echo %USERPROFILE%
C:\\Users\\georgi

To list all Windows Command Prompt environment variable equivalent to Linux's bash shell env / setenv is SET command), here is example output from my Winblows;

C:\Users\georgi> SET
ALLUSERSPROFILE=C:\\ProgramData
APPDATA=C:\\Users\georgi\AppData\Roaming
CLASSPATH=.;C:\\Program Files (x86)\\Java\\jre6\\lib\\ext\\QTJava.zip
CommonProgramFiles=C:\\Program Files\Common Files
CommonProgramFiles(x86)=C:\\Program Files (x86)\\Common Files
CommonProgramW6432=C:\\Program Files\\Common Files
COMPUTERNAME=GEORGI
ComSpec=C:\\Windows\\system32\\cmd.exe
DEFLOGDIR=C:\\ProgramData\\McAfee\\DesktopProtection
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\\Users\\georgi
LOCALAPPDATA=C:\\Users\\georgi\\AppData\\Local
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\\Program Files\\RA2HP\\;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\S
Wbem;C:\\Windows\\System32\\WindowsPowerShell\v1.0\;C:\\Program Files\\WIDCOM
oth Software\\;C:\\Program Files\\WIDCOMM\\Bluetooth Software\\syswow64;C:\\Pr
les (x86)\\Hewlett-Packard\\HP ProtectTools Security Manager\\Bin\\;C:\\Progr
\\ActivIdentity\\ActivClient\\;C:\\Program Files (x86)\\ActivIdentity\\ActivCl
\\Program Files (x86)\\QuickTime\\QTSystem\\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=AMD64
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=3a09
ProgramData=C:\\ProgramData
ProgramFiles=C:\\Program Files
ProgramFiles(x86)=C:\\Program Files (x86)
ProgramW6432=C:\\Program Files
PROMPT=$P$G
PSModulePath=C:\\Windows\\system32\\WindowsPowerShell\\v1.0\Modules\\
PTSMInstallPath_X86=C:\\Program Files (x86)\\Hewlett-Packard\\HP ProtectToo
ity Manager\\
PUBLIC=C:\\Users\\Public
QTJAVA=C:\\Program Files (x86)\\Java\\jre6\\lib\\ext\\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\\Windows
TEMP=C:\\Users\\georgi\\AppData\\Local\\Temp
TMP=C:\\Users\\georgi\\AppData\\Local\\Temp
USERDNSDOMAIN=EMEA.CPQCORP.NET
USERDOMAIN=EMEA
USERNAME=georgi
USERPROFILE=C:\\Users\\georgi
VSEDEFLOGDIR=C:\\ProgramData\\McAfee\\DesktopProtection
windir=C:\\Windows
windows_tracing_flags=3
windows_tracing_logfile=C:\\BVTBin\\Tests\\installpackage\\csilogfile.log

Hope this little trick hopes someone out there.
I will be glad to hear of other cool useful windows registry tweaks?

 

Web and Middleware JBoss Training at Hewlett Packard – Intro to JBoss JAVA application server

Thursday, November 21st, 2013

jboss application server logo- serve java servlet pages on Linux and Windows

I and my TEAM Web and Middleware Implementation Team @Hewlett Packard are assigned an online training to follow on topic of JBoss Application server.It is my first online training of this kind where a number of people are streamed a video from a trainer who explains in real time concepts of JBossA Community Drive open source middleware (Application Server), since some time JBoss is known under a new name (WildFly).

Wildfly new name of jboss application java servlet server

In short what is JBoss? – It is an application server similar to Apache Tomcat  -an open source software implementation of the Java Servlet and JavaServer Pages technologies.

Apache Tomcat java servlet application server logo

In case you wonder about what is Middleware it is a buzzword well established in Corporate world referring to all kind of servers in the middle between Servers on pure OS and hardware Level and end client. Middleware includes all kind of Web and Application servers like Apache, JBoss, Tomcat, Adobe's WebLogic Webserver, IBM WebSphere application server etc..

What this means is JBOSS is very similar to Tomcat but it is designed to run interpret through (Java Virtual Machine), higher scale of Java Applications and then return content to a a web browser. In other words if you need to have a Webserver with support for Java VM. JBoss is one of the open source technologies available which can be a substitute for Tomcat. In Fact Jboss itself started as a fork of Tomcat and n owadays, Jboss has an implementation of Tomcat embedded into itself. Jboss is mainly developed and supported by Redhat. It has 3 major releases used in IT Companies. Jboss 5, JBoss 6 and JBoss 7. In most production server systems running some kind of Java servlets currently still Jboss ver. 5 and Jboss v. 6 is used. Just like Tomcat, the server is messy in its structure. But if we have to compare Tomcat with Jboss then JBoss is at least 100 times more messy and hard to configure tune than Tomcat. Actually after getting to know JBoss 6 I would not advice anyone to use this Application server. Its too complex and all configuration and performance tuning is done through hundred of XML so it is like a hell for the usual System Administrator who likes clearness and simplicity. JBoss has a Web configuration interface which in version 7 is a bit advanced and easier to configure and get to know the server compared to previous versions. But same web interface for older releases is lousy and not nice. Just like Tomcat, JBoss supports clustering, here is full list of all features it supports:

  • Full clustering support for both traditional J2EE applications and EJB 3.0 POJO applications
  • Automatic discovery. Nodes in cluster find each other with no additional configuration.
  • Cluster-wide replicated JNDI context
  • Failover and load-balancing for JNDI, RMI and all EJB types
  • Stateful Session Bean state replication
  • HTTP Session replication
  • High Availability JMS
  • Farming. Distributed deployment of JBoss components. Deploying on one node deploys on all nodes.
     

Looks like JBoss is among the few Application Servers supporting deployment of Java JSP, WAR Archive files, SAR Archives, JMS (Java Message Service), JNDI (Java Naming and Directory Interface). Jboss supports load balancing between clustered nodes, supports SOAP, Java servlet faces and Java MQ (Messaging Queue). JBoss can be installed on GNU / Linux, FreeBSD and Windows. So far from what I've learned for JBOSS I prefer not to use it and don't recommend this Application server to anyone. Its too complex and doesn't worth the effort to learn. Proprietary products like WebLogic and Webspehere are in light years better.

Tiny PHP script to dump your browser set HTTP headers (useful in debugging)

Friday, March 30th, 2012

While browsing I stumbled upon a nice blog article

Dumping HTTP headers

The arcitle, points at few ways to DUMP the HTTP headers obtained from user browser.
As I'm not proficient with Ruby, Java and AOL Server what catched my attention is a tiny php for loop, which loops through all the HTTP_* browser set variables and prints them out. Here is the PHP script code:

<?php<br />
foreach($_SERVER as $h=>$v)<br />
if(ereg('HTTP_(.+)',$h,$hp))<br />
echo "<li>$h = $v</li>\n";<br />
header('Content-type: text/html');<br />
?>

The script is pretty easy to use, just place it in a directory on a WebServer capable of executing php and save it under a name like:
show_HTTP_headers.php

If you don't want to bother copy pasting above code, you can also download the dump_HTTP_headers.php script here , rename the dump_HTTP_headers.php.txt to dump_HTTP_headers.php and you're ready to go.

Follow to the respective url to exec the script. I've installed the script on my webserver, so if you are curious of the output the script will be returning check your own browser HTTP set values by clicking here.
PHP will produce output like the one in the screenshot you see below, the shot is taken from my Opera browser:

Screenshot show HTTP headers.php script Opera Debian Linux

Another sample of the text output the script produce whilst invoked in my Epiphany GNOME browser is:

HTTP_HOST = www.pc-freak.net
HTTP_USER_AGENT = Mozilla/5.0 (X11; U; Linux x86_64; en-us) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+ Debian/squeeze (2.30.6-1) Epiphany/2.30.6
HTTP_ACCEPT = application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
HTTP_ACCEPT_ENCODING = gzip
HTTP_ACCEPT_LANGUAGE = en-us, en;q=0.90
HTTP_COOKIE = __qca=P0-2141911651-1294433424320;
__utma_a2a=8614995036.1305562814.1274005888.1319809825.1320152237.2021;wooMeta=MzMxJjMyOCY1NTcmODU1MDMmMTMwODQyNDA1MDUyNCYxMzI4MjcwNjk0ODc0JiYxMDAmJjImJiYm; 3ec0a0ded7adebfeauth=22770a75911b9fb92360ec8b9cf586c9;
__unam=56cea60-12ed86f16c4-3ee02a99-3019;
__utma=238407297.1677217909.1260789806.1333014220.1333023753.1606;
__utmb=238407297.1.10.1333023754; __utmc=238407297;
__utmz=238407297.1332444980.1586.413.utmcsr=pc-freak.net|utmccn=(referral)|utmcmd=referral|utmcct=/blog/

You see the script returns, plenty of useful information for debugging purposes:
HTTP_HOST – Virtual Host Webserver name
HTTP_USER_AGENT – The browser exact type useragent returnedHTTP_ACCEPT – the type of MIME applications accepted by the WebServerHTTP_ACCEPT_LANGUAGE – The language types the browser has support for
HTTP_ACCEPT_ENCODING – This PHP variable is usually set to gzip or deflate by the browser if the browser has support for webserver returned content gzipping.
If HTTP_ACCEPT_ENCODING is there, then this means remote webserver is configured to return its HTML and static files in gzipped form.
HTTP_COOKIE – Information about browser cookies, this info can be used for XSS attacks etc. 🙂
HTTP_COOKIE also contains the referrar which in the above case is:
__utmz=238407297.1332444980.1586.413.utmcsr=pc-freak.net|utmccn=(referral)
The Cookie information HTTP var also contains information of the exact link referrar:
|utmcmd=referral|utmcct=/blog/

For the sake of comparison show_HTTP_headers.php script output from elinks text browser is like so:

* HTTP_HOST = www.pc-freak.net
* HTTP_USER_AGENT = Links (2.3pre1; Linux 2.6.32-5-amd64 x86_64; 143x42)
* HTTP_ACCEPT = */*
* HTTP_ACCEPT_ENCODING = gzip,deflate * HTTP_ACCEPT_CHARSET = us-ascii, ISO-8859-1, ISO-8859-2, ISO-8859-3, ISO-8859-4, ISO-8859-5, ISO-8859-6, ISO-8859-7, ISO-8859-8, ISO-8859-9, ISO-8859-10, ISO-8859-13, ISO-8859-14, ISO-8859-15, ISO-8859-16, windows-1250, windows-1251, windows-1252, windows-1256,
windows-1257, cp437, cp737, cp850, cp852, cp866, x-cp866-u, x-mac, x-mac-ce, x-kam-cs, koi8-r, koi8-u, koi8-ru, TCVN-5712, VISCII,utf-8 * HTTP_ACCEPT_LANGUAGE = en,*;q=0.1
* HTTP_CONNECTION = keep-alive
One good reason, why it is good to give this script a run is cause it can help you reveal problems with HTTP headers impoperly set cookies, language encoding problems, security holes etc. Also the script is a good example, for starters in learning PHP programming.

 

TalkonAut Free Program to use Jabber protocol on Apple IPad (IBad)

Friday, February 3rd, 2012

 

TalkonAut Free Mobile Phones and Apple devices java program logo

I've installed Jabber as a platform for internal company communication for a company. It was a requirement for this jabber server to be accessed from a different type of computers / devices different in size, hardware and OS e.g. (Mac OS X, Windows, Linux, Ipad, mobile phones etc.)

Happily there is plenty of free software programs which allows access to jabber for free. On the major operating systems GNU / Linux, Mac OS X and Windows the client jabber accounts are working fine with the wonderful free software Pidgin The Universal Chat Client

One of the jabber clients, however was primary had to be used on Apple's proprietary IPad / IBad as Richard Stallman likes to call it 😉

The person who had to have the Jabber protocol working on IPad program was not a proficient user and therefore I had the task to find a program to be able to talk to the Jabber protocol for him.
A quick search in Google for jabber ipad client led me to few programs said to support Jabber on Ipad :
 

 

  • BeejiveIM for IPad
  • Jabba

Jabba was looking quite, nice but unfortunately costs $1.99 and should be purchased in Apple's App Store and it was preferrable not to spend money on a trivial thing as a Jabber client.
I gave BeejiveIM a try but it required some very complex registration, as well as again required to be purchased (if I remember correctly), so it wasn't an option either.

Then thanksfully, I found TalknOut which is free and it is a perfect jabber client for Apple Ipad
Talkonaut is a program also supporting both Jabber (XMPP) and GTalk2VoIP, hence supporting Google Talk and MSN/Live Messanger.
It is written Java and therefore works on any device that has Java installed. Talkonaut supports the following mobile architectures:
 

  • Apple's IPhone and Ipad
  • Google Android Phones
  • Many of the Nokia Symbian's S60 3rd and 5th edition "smart" phones
  • Windows Mobile 5.x and 6.x
  • Java J2ME based phones

Installing TalkonAut is a piece of cake from Ipod's Safari you click on the Install link and it gets installed. I will not get into details on how it is configured as this also is pretty easy.
Here is how it looks like on Ipad after configured and the user is logged in Jabber:
TalkonAut Jabber XMPP Mobile client Apple Ipad Screenshot

Something really unique and nice for the program is the way the chat dialogs gets ordered, the idea to place one person's sending on the left side and the replying one on right is innovative and something I've not seen in another chat client 😉

TalkonAut Sender and replier message on different side screenshotTalkonaut should also support VoIP (voice conversations), between mobile users, I'm curious if somebody used the program for VoIP and can share feedback?

How to make pptp VPN connection to use IPMI port (IPKVM / Web KVM) on Debian Linux

Wednesday, July 27th, 2011

If you have used KVM, before you certainly have faced the requirement asked by many Dedicated Server Provider, for establishment of a PPTP (mppe / mppoe) or the so called Microsoft VPN tunnel to be able to later access via the tunnel through a Private IP address the web based Java Applet giving control to the Physical screen, monitor and mouse on the server.

This is pretty handy as sometimes the server is not booting and one needs a further direct access to the server physical Monitor.
Establishing the Microsoft VPN connection on Windows is a pretty trivial task and is easily achieved by navigating to:

Properties > Networking (tab) > Select IPv4 > Properties > Advanced > Uncheck "Use default gateway on remote network".

However achiving the same task on Linux seemed to be not such a trivial, task and it seems I cannot find anywhere information or precise procedure how to establish the necessery VPN (ptpt) ms encrypted tunnel.

Thanksfully I was able to find a way to do the same tunnel on my Debian Linux, after a bunch of experimentation with the ppp linux command.

To be able to establish the IPMI VPN tunnel, first I had to install a couple of software packages, e.g.:

root@linux:~# apt-get install ppp pppconfig pppoeconf pptp-linux

Further on it was necessery to load up two kernel modules to enable the pptp mppe support:

root@linux:~# modprobe ppp_mppe
root@linux:~# modprobe ppp-deflate

I’ve also enabled the modules to be loading up during my next Linux boot with /etc/modules to not be bother to load up the same modules after reboot manually:

root@linux:~# echo ppp_mppe >> /etc/modules
root@linux:~# echo ppp-deflate >> /etc/modules

Another thing I had to do is to enable the require-mppe-128 option in /etc/ppp/options.pptp.
Here is how:

root@linux:~# sed -e 's$#require-mppe-128$require-mppe-128$g' /etc/ppp/options.pptp >> /tmp/options.pptp
root@linux:~# mv /tmp/options.pptp /etc/ppp/options.pptp
root@linux:~# echo 'nodefaultroute' >> /etc/ppp/options.pptp

In order to enable debug log for the ppp tunnel I also edited /etc/syslog.conf and included the following configuration inside:

root@linux:~# vim /etc/syslog.conf
*.=debug;
news.none;mail.none -/var/log/debug
*.=debug;*.=info;
*.=debug;*.=info;
root@linux:~# killall -HUP rsyslogd

The most important part of course is the command line with ppp command to connect to the remote IP via the VPN tunnel ;), here is how I achieved that:

root@linux:~# pppd debug require-mppe pty "pptp ipmiuk2.net --nolaunchpppd" file /etc/ppp/options.pptp user My_Dedi_Isp_Given_Username password The_Isp_Given_Password

This command, brings up the ppp interface and makes the tunnel between my IP and the remote VPN target host.

Info about the tunnel could be observed with command:

ifconfig -a ppp
ppp0 Link encap:Point-to-Point Protocol
inet addr:10.20.254.32 P-t-P:10.20.0.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1496 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:70 (70.0 B) TX bytes:672 (672.0 B)

One more thing before I could finally access the IPMI’s web interface via the private IP was to add routing to the private IP address via the tunnel other side IP address:

# 10.20.0.1 P-t-P IP address
ip route add 10.20.1.124/32 dev ppp0

Now logically one would thing the Web interface to login and use the Java Applet to connect to the server would be accessible but no IT wasn’t !

It took me a while to figure out what is the problem and if not the guys in irc.freenode.net ##networking helped me I would never really find out why http://10.20.1.124/ and https://10.20.1.124/ were inaccessible.

Strangely enough both ports 80 and 443 were opened on 10.20.1.124 and it seems like working, however though I can ping both 10.20.1.124 and 10.20.0.1 there was no possible way to access 10.20.1.124 with TCP traffic.

Routing to the Microsoft Tunnel was fine as I’ve double checked all was fine except whether I tried accessing the IPMI web interface the browser was trying to open the URL and keeps opening like forever.

Thanksfully after a long time of futile try outs, a tip was suggested by a good guy in freenode nick named ne2k

To make the TCP connection in the Microsoft Tunnel work and consequently be able to access the webserver on the remote IPMI host, one needs to change the default MTU set for the ppp0 tunnel interface.
Here is how:


ip link set ppp0 mtu 1438

And tadam! It’s done now IPKVM is accessible via http://10.20.1.124 or https://10.20.1.124 web interface. Horay ! 🙂