Re: remoting not working through vpn

In case anyone's interested in the solution:

The problem was that the server could not connect with the client using the
default machine name used by the TcpChannel. Most likely it was using the
local ip address rather than the ip address of the vpn connection. To fix the
problem, I manually set the machine name property of the TcpChannel to the ip
address of the vpn connection.

string ipAddress;
IDictionary prop = new Hashtable();
TcpChannel channel;

BinaryServerFormatterSinkProvider provider = new
BinaryServerFormatterSinkProvider();

provider.TypeFilterLevel =
System.Runtime.Serialization.Formatters.TypeFilterLevel.Full;

prop["name"] = "tcp";
prop["port"] = "0";
prop["machineName"] = "10.1.0.106";
channel = new TcpChannel(prop, null, provider);

Of course I'll need to get the ip address of the local machine dynamically
rather than hardcoding it, but that's the simple version.

Rich Wood

"Roy Chastain" wrote:

> I do not think you are going to solve this with events through firewalls. I base that opinion on what I have read from learned
> people and my own understanding of how this works.
>
> Take remoting out of the discussion for a minute This is really a TCP/IP problem.
>
> Basically you are creating and inbound and outbound TCP/IP connection. The client creates the connection inbound and the server
> then creates the connection outbound.
>
> Properly configured firewalls are not going to pass any unknown traffic (read that as port number) either inbound or OUTBOUND.
> that means that without configuring the firewall, the server to client connection will not work unless you reuse a 'standard'
> port. (Bad idea.)
>
> Good luck.
>
> On Fri, 19 Aug 2005 05:40:19 -0700, Rich Wood <RichWood@xxxxxxxxxxxxxxxx> wrote:
>
> >Roy,
> >
> >Thanks for your response.
> >
> >I am using events and the second scenario you described is exactly what is
> >happening. When we removed all firewalls on a machine connecting to the
> >network through vpn, it worked. When we changed the client remoting
> >configuration to use a specific port for the tcp channel instead of port "0"
> >and opened that port on the client's firewall, it worked. In our case this
> >isn't a solution because we need to be able to run multiple clients on each
> >machine.
> >
> >Since the clients connecting through VPN all have different ISP's and
> >firewall configurations, changing all of their firewalls isn't really an
> >option. At this point I'm trying to figure out exactly how the remoting
> >server is trying to communicate with the client and if there's a way to do it
> >that will allow the traffic through the firewall.
> >
> >As an alternative approach I guess we could have the server queue up
> >messages which would then be retrieved periodically by the clients. That
> >would be a major change and would result in using more bandwidth and
> >increased latency between sending and receiving messages.
> >
> >Any ideas?
> >
> >Thanks,
> >Rich Wood
> >
> >"Roy Chastain" wrote:
> >
> >> Am I to assume that you have created a two way channel and that you are actually referring to events that are being sent back from
> >> the server to the client?
> >>
> >> If so, then read on. If no, you may want to read my ramblings anyway.
> >>
> >> 1) - VPN connections. These can act differently depending on where the VPN terminates.
> >> For instance, I have ISA firewall and all my VPN connections terminate on the firewall system. They are then routed or NAT'd as
> >> appropriate to other networks that the firewall connects to. This could include another VPN to a site to site network. Once the
> >> data makes it (I will use INTO instead of THROUGH) the firewall, it is subject to firewall routing and NAT't rules.
> >>
> >> The other case might be that you have tunneled the VPN completely through the firewall and let it terminate on the server itself.
> >> In this case the firewall has NO effect on the connections traveling through the VPN.
> >>
> >> 2) - Addresses. This is probably your issue, but I don't know for sure.
> >> (Again assuming an event type 'response' from the server. The server has to know where to send the event. (This is not a reply
> >> at the TCP/IP level, but instead a separate outbound connection.) The problem may be in how the client system is presenting its
> >> address to the server. In other words the client could be telling the server it actual LAN address (the address associated with
> >> its NIC) instead of the address associated with its VPN.
> >>
> >> What I don't know is what mechanism remoting uses to 'capture' the address of a client when it will be needed to fire the events.
> >>
> >> HTH.
> >>
> >>
> >> On Thu, 18 Aug 2005 07:33:08 -0700, Rich Wood <RichWood@xxxxxxxxxxxxxxxx> wrote:
> >>
> >> >My application consists of a client and server that communicate via a Tcp
> >> >Channel. The client sends requests to the server which then sends data back
> >> >to the client. It works fine for clients on the LAN but not for clients
> >> >connected to the LAN through VPN. The clients are able to send requests to
> >> >the server, but when the server tries to send the data back to the clients,
> >> >I'm getting timeout errors. I suppose it's possible that it's just really
> >> >slow through VPN and that given more time it would eventually work. I don't
> >> >think this is the case since the communication to the server works and since
> >> >in the same application I'm able to get data from a sql server database
> >> >through VPN without much of a time lag.
> >> >
> >> >It seems to me like a connectivity or firewall problem. However, I'm able to
> >> >ping the client machine from the server machine and I'm under the (possibly
> >> >mistaken) impression that when a client makes a VPN connection to a LAN, it
> >> >has the same access through the firewall as machines on the local LAN. The
> >> >firewall doesn't block outbound traffic.
> >> >
> >> >Any help would be greatly appreciated.
> >> -------------------------------------------
> >> Roy Chastain
> >> KMSYS Worldwide, Inc.
> >> http://www.kmsys.com
> >>
> -------------------------------------------
> Roy Chastain
> KMSYS Worldwide, Inc.
> http://www.kmsys.com
>
.

Relevant Pages

  • Re: .Net Scalability problem
    ... LoadRunner will peak out a server with a few virtual users. ... To get an idea of load, ... Fire off the test client and watch the number of ... > So I think that the MTC generate concurrent connection and per ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Connection lost at same time every hour (sometimes)
    ... After making the two following alterations on the server the problem seems ... After analyze your ipconfig on SBS and client, ... Then, other connection is good, ...
    (microsoft.public.windows.server.sbs)
  • Re: server disconnection - very often
    ... Reason of permanent popups is VMware server aplication on clients. ... Run CEICW to configure the network of SBS: ... Two network adapters - manual router connection to broadband ... Uninstall VMware on client. ...
    (microsoft.public.windows.server.sbs)
  • Re: Lan setup 2 nic
    ... The external nic only has TCP/IP enabled. ... Ipconfig of the server is looking good, but the client is still missing the ... > connection so we have a 2 nic with router setup now. ...
    (microsoft.public.windows.server.sbs)
  • Re: More on Remote Desktop
    ... Chances are good, though, that he's already got VPN capabilities on his ... firewall to do it for $100. ... > server at home...or purchase additional/new hardware... ... >> my firewall makes the PPPoE connection to my ADSL ISP. ...
    (microsoft.public.windowsxp.network_web)