I have a scenario in which i want to connect to the DRG from a Libreswan. I followed the official documentation:
https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/libreswan.htm
Tunnel is up, but no traffic is flowing.
My config is:
config setup
plutoopts="--perpeerlog"
protostack=auto
conn oracle-tunnel-1
left=DRG tunnel 1 public IP address
right=192.168.12.4
rightid=Libreswan public IP # See preceding note about 1-1 NAT device
authby=secret
leftsubnet=0.0.0.0/0
rightsubnet=0.0.0.0/0
auto=start
mark=5/0xffffff1 # Needs to be unique across all tunnels
vti-interface=vti1
vti-routing=no
encapsulation=no
conn oracle-tunnel-2
left=DRG tunnel 2 public IP address
right=192.168.12.4
rightid=Libreswan public IP # See preceding note about 1-1 NAT device
authby=secret
leftsubnet=0.0.0.0/0
rightsubnet=0.0.0.0/0
auto=start
mark=5/0xffffff2 # Needs to be unique across all tunnels
vti-interface=vti2
vti-routing=no
encapsulation=no
Tunnel is up:
#1: "oracle-tunnel-1":500 STATE_MAIN_I4 (ISAKMP SA established);
EVENT_SA_REPLACE in 2847s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0);
idle; import:admin initiate
#4: "oracle-tunnel-1":500 STATE_QUICK_I2 (sent QI2, IPsec SA established);
EVENT_SA_REPLACE in 27828s; newest IPSEC; eroute owner; isakmp#1; idle;
import:admin initiate
#4: "oracle-tunnel-1" esp.bbba50fa#DRG-IP esp.7db55be9#192.168.12.4
tun.0#DRG-IP tun.0#192.168.12.4 ref=0 refhim=0 Traffic: ESPin=0B
ESPout=0B! ESPmax=4194303B
#2: "oracle-tunnel-2":500 STATE_MAIN_I4 (ISAKMP SA established);
EVENT_SA_REPLACE in 2606s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0);
idle; import:admin initiate
#3: "oracle-tunnel-2":500 STATE_QUICK_I2 (sent QI2, IPsec SA established);
EVENT_SA_REPLACE in 27837s; newest IPSEC; eroute owner; isakmp#2; idle;
import:admin initiate
#3: "oracle-tunnel-2" esp.9dfaf013#DRG-IP esp.43348c8c#192.168.12.4
tun.0#DRG-IP tun.0#192.168.12.4 ref=0 refhim=0 Traffic: ESPin=84B
ESPout=0B! ESPmax=4194303B
But no traffic is flowing.
Any Ideas?
Related
I created an RDS DB Instance using a mocked boto3 rds client. Here's how I set it up in my conftest.py
#pytest.fixture
def aws_credentials():
"""Mocked AWS Credentials for moto."""
os.environ["AWS_ACCESS_KEY_ID"] = "testing"
os.environ["AWS_SECRET_ACCESS_KEY"] = "testing"
os.environ["AWS_SECURITY_TOKEN"] = "testing"
os.environ["AWS_SESSION_TOKEN"] = "testing"
#pytest.fixture
def rds_client(aws_credentials, aws_region):
with mock_rds():
client = boto3.client("rds", region_name=aws_region)
yield client
Following the example here (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.Connecting.Python.html) I set up my mysql connector like this:
db_instance = rds_client.create_db_instance(DBInstanceIdentifier="TestDBInstanceIdentifier",
DBInstanceClass="db.m4.large", Engine="mysql",
MasterUsername="root", DBName="TestDBName")
print("RDS Instance-----------------------------------------------------")
print(db_instance)
host = db_instance['DBInstance']['Endpoint']['Address']
port = db_instance['DBInstance']['Endpoint']['Port']
user = db_instance['DBInstance']['MasterUsername']
dbname = db_instance['DBInstance']['DBName']
print("Starting connection")
token = rds_client.generate_db_auth_token(DBHostname=host, Port=port, DBUsername=user, Region=aws_region)
mydb = mysql.connector.connect(host=host, database=dbname, user=user, passwd=token, port=port)
However, the connector can't find the DB:
FAILED test_read_rds_db - mysql.connector.errors.DatabaseError: 2005 (HY000): Unknown MySQL server host 'TestDBInstanceIdentifier.aaaaaaaaaa.us-east-1.rds.amazonaws.com' (8)
Has someone been able to set this up before?
Moto does not offer this functionality. It mocks the AWS API, but does not expose any RDBMS-functionality.
You could look into Localstack instead. It uses Moto in the background to mock calls to AWS, but offers features on top of that such as the ability to connect to an RDS instance.
See the docs here: https://docs.localstack.cloud/aws/rds/
I am developing Android mobile application on Windows(OS). I want to send data to couchbase server.
I am making mistake in URL for sync gateway. I am running services on my machine as well. I have already set up couchbase server.
My config.json file:
{
"log": ["HTTP+"],
"adminInterface": "127.0.0.1:4985",
"interface": "0.0.0.0:4984",
"databases": {
"db": {
"server": "http://localhost:8091",
"bucket": "mobile_data",
"users": {
"GUEST": {"disabled": false, "admin_channels": ["*"] }
}
}
}
}
My Android App code:
private void initCouchbase() {
// Create replicators to push & pull changes to & from Sync Gateway.
URL url = null;
try {
url = new URL("http://127.0.0.1:4984/db/");
} catch (MalformedURLException e) {
e.printStackTrace();
}
Replication push = database.createPushReplication(url);
Replication pull = database.createPullReplication(url);
push.setContinuous(true);
pull.setContinuous(true);
// Start replicators
push.start();
pull.start();
}
I am using my mobile for testing.
I am getting an error in connection with the URL.
Logcat:
01-28 19:21:23.851 28672-28718/com.example.yumnaasim.couchbaseapp W/RemoteRequest: com.couchbase.lite.replicator.RemoteRequest {GET, http://127.0.0.1:4984/db/_local/3259f53711e089457eaed7b5c61d82403d1a98e4}: executeRequest() Exception: java.net.ConnectException: Failed to connect to /127.0.0.1:4984. url: http://127.0.0.1:4984/db/_local/3259f53711e089457eaed7b5c61d82403d1a98e4
java.net.ConnectException: Failed to connect to /127.0.0.1:4984
at okhttp3.internal.io.RealConnection.connectSocket(RealConnection.java:187)
at okhttp3.internal.io.RealConnection.buildConnection(RealConnection.java:170)
at okhttp3.internal.io.RealConnection.connect(RealConnection.java:111)
at okhttp3.internal.http.StreamAllocation.findConnection(StreamAllocation.java:187)
at okhttp3.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:123)
at okhttp3.internal.http.StreamAllocation.newStream(StreamAllocation.java:93)
at okhttp3.internal.http.HttpEngine.connect(HttpEngine.java:296)
at okhttp3.internal.http.HttpEngine.sendRequest(HttpEngine.java:248)
at okhttp3.RealCall.getResponse(RealCall.java:243)
at okhttp3.RealCall$ApplicationInterceptorChain.proceed(RealCall.java:201)
at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:163)
at okhttp3.RealCall.execute(RealCall.java:57)
at com.couchbase.lite.replicator.RemoteRequest.executeRequest(RemoteRequest.java:261)
at com.couchbase.lite.replicator.RemoteRequest.execute(RemoteRequest.java:165)
at com.couchbase.lite.replicator.RemoteRequest.run(RemoteRequest.java:105)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:423)
at java.util.concurrent.FutureTask.run(FutureTask.java:237)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:269)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588)
at java.lang.Thread.run(Thread.java:818)
01-28 19:21:23.853 28672-28719/com.example.yumnaasim.couchbaseapp W/RemoteRequest: com.couchbase.lite.replicator.RemoteRequest {GET, http://127.0.0.1:4984/db/_local/3410a851b84016993416af638a20280537838364}: executeRequest() Exception: java.net.ConnectException: Failed to connect to /127.0.0.1:4984. url: http://127.0.0.1:4984/db/_local/3410a851b84016993416af638a20280537838364
java.net.ConnectException: Failed to connect to /127.0.0.1:4984
at okhttp3.internal.io.RealConnection.connectSocket(RealConnection.java:187)
at okhttp3.internal.io.RealConnection.buildConnection(RealConnection.java:170)
at okhttp3.internal.io.RealConnection.connect(RealConnection.java:111)
at okhttp3.internal.http.StreamAllocation.findConnection(StreamAllocation.java:187)
at okhttp3.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:123)
at okhttp3.internal.http.StreamAllocation.newStream(StreamAllocation.java:93)
at okhttp3.internal.http.HttpEngine.connect(HttpEngine.java:296)
at okhttp3.internal.http.HttpEngine.sendRequest(HttpEngine.java:248)
at okhttp3.RealCall.getResponse(RealCall.java:243)
at okhttp3.RealCall$ApplicationInterceptorChain.proceed(RealCall.java:201)
at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:163)
at okhttp3.RealCall.execute(RealCall.java:57)
at com.couchbase.lite.replicator.RemoteRequest.executeRequest(RemoteRequest.java:261)
at com.couchbase.lite.replicator.RemoteRequest.execute(RemoteRequest.java:165)
at com.couchbase.lite.replicator.RemoteRequest.run(RemoteRequest.java:105)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:423)
at java.util.concurrent.FutureTask.run(FutureTask.java:237)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:269)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588)
at java.lang.Thread.run(Thread.java:818)
01-28 19:21:25.877 28450-28450/? I/Finsky: [1] com.google.android.finsky.scheduler.ak.a(146): onJobSchedulerWakeup
The problem is with your Android app URL. You have http://127.0.0.1:4984/db/. This tries to connect to the Android device itself.
You need to have the external IP address of your server there instead. You configured Sync Gateway correctly with "interface": "0.0.0.0:4984". Beware, though, that you have guest access on ("GUEST": {"disabled": false, "admin_channels": ["*"] }, so you have no security as it stands.
You can reach on localhost with adb reverse port forwarding:
adb reverse tcp:4984 tcp:4984
After port forwarding, that is certain that you will encounter ssl problem. You have three options to solve this issue:
1- Add network security config for permit cleartext on localhost
Easy to apply: https://developer.android.com/training/articles/security-config
Maybe security vulnerability
2- Create and install custom ssl and push emulator/physical devices via adb
Every developer should install certificate to their machine, emulator
and physical devices(Maybe scripting needed)
All service projects which used by Android should serve with ssl
Complexity
3- Permit cleartext globally while debugging
Quick to apply
You shouldn't forget in the prod environment.
Adb Extra:
If you have connected multiple devices, you can select device "-s {deviceId}" parameter
For removing port forwarding, adb forward -remove tcp: {specifiedPort} or -remove-all
following instructions from Jeremy Gooch, see http://goochgooch.co.uk/2014/08/01/building-mosquitto-1-4/, i installed mosquitto over websockets on RPi. i can sub/pub messages to test site http://test.mosquitto.org/ws.html
from that point, i enabled user and topic access control in mosquitto.conf for more tests, but the strange point is that when i start mosquitto again, i see socket errors per second...
sudo /usr/local/sbin/mosquitto -v -c /etc/mosquitto/mosquitto.conf
1429857948: mosquitto version 1.4 (build date 2015-04-20 22:04:51+0800) starting
1429857948: Config loaded from /etc/mosquitto/mosquitto.conf.
1429857948: Opening ipv4 listen socket on port 1883.
1429857948: Opening ipv6 listen socket on port 1883.
1429857948: Warning: Address family not supported by protocol
1429857949: New connection from 127.0.0.1 on port 1883.
1429857949: Sending CONNACK to 127.0.0.1 (0, 5)
1429857949: Socket error on client <unknown>, disconnecting.
1429857950: New connection from 127.0.0.1 on port 1883.
1429857950: Sending CONNACK to 127.0.0.1 (0, 5)
...
i modify the config file to enable ACL only, comment out all others, the socket errors are still there. config file looks now:
sudo nano /etc/mosquitto/mosquitto.conf
autosave_interval 1800
persistence true
persistence_file m2.db
persistence_location /var/tmp/
connection_messages true
log_timestamp true
log_dest stderr
log_type error
log_type warning
log_type debug
allow_anonymous false
password_file /etc/mosquitto/mqtt.pw
acl_file /etc/mosquitto/mqtt.acl
port 1883
protocol mqtt
i even test to use the sample password_file and acl_file, but same error.
searched on google, also no result, could anyone help on this? thanks.
1429857949: Sending CONNACK to 127.0.0.1 (0, 5)
CONNACK return code of 5 means the connection was not authorised. If it
works with allow_anonymous=true, then it sounds like your client isn't
sending a username / or isn't sending a correct username&password.
It looks like you have a Paho Python client running.
I had the same problem my solution was that I wasn't closing the connection. Once I added client.Disconnect() it solved my problem.
Code:
public IEnumerator ooverhere()
{
MqttClient client;
client = new MqttClient(urlPath, port, false, MqttSslProtocols.None, null, null);
client.ProtocolVersion = MqttProtocolVersion.Version_3_1;
byte code = client.Connect(Guid.NewGuid().ToString(), user, pass);
if (code == 0)
{
Debug.Log("successful connection ...");
//client.MqttMsgPublishReceived += client_recievedMessage;
Debug.Log("your client id is: " + client.ClientId);
client.Subscribe(new string[] { "example" }, new byte[] { 0 });
client.Publish("Helpme", Encoding.UTF8.GetBytes("#" + 0));
yield return client;
client.Disconnect();
}
}
I'm trying to set up HS from a 12c database that will eventually send data across to a remote MySQL server.
I have installed the odbc driver;
root ~ # rpm -ivh mysql-connector-odbc-5.3.4-1.el6.x86_64.rpm
This is my listener.ora file;
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = ap-ora-records-test.ap.local)(PORT = 1521))
)
)
This is my tnsnames.ora file;
RECORDSDB =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = ap-ora-records-test.ap.local)(PORT = 1521))
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = recordsdb.ap.local)
)
)
MYSQL =
(DESCRIPTION=
(ADDRESS=(PROTOCOL=tcp)(HOST=ap-ora-records-test.ap.local)(PORT=1521))
(CONNECT_DATA=(SID=MYSQL))
(HS=OK)
)
I connected to the database, and created the database link;
SQL> CREATE DATABASE LINK MYSQL
2 CONNECT TO "root" IDENTIFIED BY "removed"
3 USING 'mysql';
Restarting the lsnrctl;
./bin/lsnrctl reload
./bin/lsnrctl stop
./bin/lsnrctl start
./bin/lsnrctl status
./bin/lsnrctl status
LSNRCTL for Linux: Version 12.1.0.1.0 - Production on 08-SEP-2014 10:54:42
Copyright (c) 1991, 2013, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 12.1.0.1.0 - Production
Start Date 08-SEP-2014 10:42:05
Uptime 0 days 0 hr. 12 min. 37 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/12.1.0/dbhome_1/network/admin/listener.ora
Listener Log File /u01/app/oracle/product/12.1.0/dbhome_1/log/diag/tnslsnr/ap-ora-records-test/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=ap-ora-records-test.ap.local)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=ap-ora-records-test.ap.local)(PORT=8080))(Presentation=HTTP)(Session=RAW))
Services Summary...
Service "recordsdb.ap.local" has 1 instance(s).
Instance "recordsdb", status READY, has 1 handler(s) for this service...
Service "recordsdbXDB.ap.local" has 1 instance(s).
Instance "recordsdb", status READY, has 1 handler(s) for this service...
The command completed successfully
As well as tnsping;
oracle /u01/app/oracle/product/12.1.0/dbhome_1 $ ./bin/tnsping ap-ora-records-test
TNS Ping Utility for Linux: Version 12.1.0.1.0 - Production on 08-SEP-2014 10:42:44
Copyright (c) 1997, 2013, Oracle. All rights reserved.
Used parameter files:
/u01/app/oracle/product/12.1.0/dbhome_1/network/admin/sqlnet.ora
Used EZCONNECT adapter to resolve the alias
Attempting to contact (DESCRIPTION=(CONNECT_DATA=(SERVICE_NAME=))(ADDRESS=(PROTOCOL=TCP)(HOST=::1)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST=127.0.0.1)(PORT=1521)))
OK (0 msec)
I then tried getting a piece of data - SQL> SELECT * from MYSQL.users#mysql; which gave the following result;
ERROR at line 1:
ORA-28545: error diagnosed by Net8 when connecting to an agent
Unable to retrieve text of NETWORK/NCR message 65535
ORA-02063: preceding 2 lines from MYSQL
Where am I going wrong?
edit 1:
This is my creation code;
CREATE SHARED PUBLIC DATABASE LINK mysql_remote_shared
CONNECT TO root IDENTIFIED BY password
AUTHENTICATED BY root IDENTIFIED BY password
USING 'mysql';
I'm trying to connect our ejabberd server to MySQL to add the mod_archive_odbc module. We're running ejabberd 2.1.13. The rest of the server uses mnesia for storage. I tried the DSN approach first, but that failed. I'm currently getting this error in erlang.log:
=PROGRESS REPORT==== 24-Sep-2013::13:50:27 ===
supervisor: {local,ejabberd_sup}
started: [{pid,<0.777.0>},
{name,'ejabberd_mod_archive_odbc_chat.hostname.com'},
{mfargs,
{mod_archive_odbc,start_link,
["chat.hostname.com",
[{database_type,"mysql"},
{default_auto_save,true},
{enforce_default_auto_save,false},
{default_expire,infinity},
{enforce_min_expire,0},
{enforce_max_expire,infinity},
{replication_expire,31536000},
{session_duration,1800},
{wipeout_interval,86400}]]}},
{restart_type,permanent},
{shutdown,1000},
{child_type,worker}]
=CRASH REPORT==== 24-Sep-2013::13:50:36 === crasher:
initial call: mod_archive_odbc:init/1
pid: <0.777.0>
registered_name: 'ejabberd_mod_archive_odbc_chat.hostname.com'
exception exit: {aborted,{no_exists,[sql_pool,"chat.hostname.com"]}}
in function gen_server:terminate/6
ancestors: [ejabberd_sup,<0.37.0>]
This is what the modules section looks like:
{mod_archive_odbc, [{database_type, "mysql"},
{default_auto_save, true},
{enforce_default_auto_save, false},
{default_expire, infinity},
{enforce_min_expire, 0},
{enforce_max_expire, infinity},
{replication_expire, 31536000},
{session_duration, 1800},
{wipeout_interval, 86400}]}
This is what the database section looks like:
{odbc_server, {mysql, "localhost", "ejabberd", "ejabberd", "password"}}.
I can connect to the mysql server locally and remotely using the ejabberd user as well.
Here is the ngrep output while the errors occur:
# ngrep port 3306
interface: eth0 (10.179.7.192/255.255.255.192)
filter: (ip or ip6) and ( port 3306 )
^Cexit
0 received, 0 dropped
# ngrep -d lo port 3306
interface: lo (127.0.0.0/255.0.0.0)
filter: (ip or ip6) and ( port 3306 )
^Cexit
0 received, 0 dropped
Here is ngrep output if I connect to MySQL with the ejabberd user via another computer on the network
# ngrep port 3306
interface: eth0 (10.179.7.192/255.255.255.192)
filter: (ip or ip6) and ( port 3306 )
####
T 10.179.7.235:3306 -> XX.XXX.XXX.XXX:55909 [AP]
J....5.5.32.....xxpKb-VK...................UKXV(a2rh6r].mysql_native_password.
##
T XX.XXX.XXX.XXX:55909 -> 10.179.7.235:3306 [AP]
>...................................ejabberd....).p.P..lt=BTK..w..
##
T 10.179.7.235:3306 -> XX.XXX.XXX.XXX:55909 [AP]
...........
#
T XX.XXX.XXX.XXX:55909 -> 10.179.7.235:3306 [AP]
!....select ##version_comment limit 1
#
T 10.179.7.235:3306 -> XX.XXX.XXX.XXX:55909 [AP]
.....'....def....##version_comment............................MySQL Community Server (GPL).........
##
T XX.XXX.XXX.XXX:55909 -> 10.179.7.235:3306 [AP]
.....
###
The MySQL module appears to be installed:
(ejabberd#ip-10-179-7-235)1> ejabberd_check:check_database_module(mysql).
ok
The problem was the changes I was making were not being updated within the actual service. Another question, How to uninstall odbc for Ejabberd?, and the comments above by #giavac made me realize that apparently the configuration file is not always authoritative for the configuration.
Specifically, I fixed my problem by adding this line:
override_local.