VPN problem after upgrade BM 3.6 to 3.7

Hello,

I used BM 3.6 on NetWare 5.0+SP6a. A month ago I have migrated
across-the- 
wire my BM services to new machine with NetWare 6. I applied SP3 for 
NetWare and made in-place upgrade on BorderManager to version 3.7 and 

applied SP2 for BM. Nothing was changed with the configuration. With
my 
previous verion of NetWare and BM I had VPN connection site-to site
with 
my company's branch office and also client-to-site for users who needs
to 
connect the notwork via modems. 

Everything worked fine untill upgrade BM. I tried to workaround this 
problem:
I removed all previous filters, using FILTSRV -CF and DSTRACE to
remove 
them from eDirectory, next I used BRDCFG to recreate default filters
and 
FILTSRV MIGRATE to put them into eDirectory, but those filters
exceptions 
for VPN doesn't work. 
So, I manually added exceptions for VPN, following instructions from
BM 
3.7 documentation, using iManager. 

And still I have some errors:
When I try to login to network using VPN client I can login only to
the 
server hosting BM. I have 2 more servers running NW 6 with SP3 and
during 
executing login script I receive error 8884 The specific server is 
unknown. 
I have configured SLP with DA running on one of this 2 remainig
servers 
(not BM server), I can ping private addresses of all servers in my
LAN, 
but I can't see them. 

And one more problem: I can't run iManager, nor from Internet, nor
after 
loggin to my LAN via VPN client. I have added exception for port 2200
but 
doesn't work. iManager is installed on BM server and is available only

when I am loggedd directly to LAN via Novell client.

Some important information about my network configuration:
I have public address 217.17.32.70 mask 255.255.255.252 and the cable
from 
my ISP is plugged directly to the NIC with this address. I configured
VPN 
tunnell on this NIC with address 192.168.0.1 mask 255.255.255.0 I use 

dynamic and static NAT on this interface, so I added to static NAT
table 
entry mapped 192.168.0.1 onto itself. 
With BM 3.6 on NetWare 5.0 i used only default exceptions added by
BRDCFG 
with configuration mentioned above and everything worked fine.

After upgrade configuration is the same. Exceptions added by BRDCFG 
doesn't work. Exceptions added by myself.... doesn't works, because I
have 
errors. And till now, I don't know if site-to-site VPN will work, on 
Monday I'll go to branch office and try to recreate VPN connection.

Could you tell me, what I have done wrong? I have no idea, what I can
do 
else. Please, help.

Regards
Maja



0
maja
9/27/2003 3:02:28 PM
novell.bordermanager.vpn 2677 articles. 0 followers. Follow

9 Replies
520 Views

Similar Articles

[PageSpeed] 15
Get it on Google Play
Get it on Apple App Store

It's me again...
I have observed very strange symptoms:
a minute ago I tried to login to my LAN via modem and client-to-site
VPN. 
Now, my login script has finished without errors, I can see all
servers, I 
can connect to my GroupWise mialbox using private IP address, I can
run 
rconj on servers using private IP addresses of those servers, I can
run 
Remote Manager....
but NOT on the BorderManager server. On this serwer I can't run Remote

Manager, rconj nor iManager. I'm sure all NLM's are loaded on this
server. 
I use these programs on BorderManager server, when I'm directly logged
in 
via Novell client. May be I made a mistake in configuration and I have
a 
loopback in my network? 
Nothin was changed in my LAN configuration since my previous post.
I don't understand those symptoms :-((((
Any suggestion what I should correct in my LAN and VPN configuration,
and 
what can cause these symptoms?

Regards
Maja



0
maja
9/27/2003 3:55:00 PM
In article <opidb.142$ND1.132@prv-forum2.provo.novell.com>,  wrote:
> but NOT on the BorderManager server. On this serwer I can't run
Remote 
> Manager, rconj nor iManager.
>
On the BMgr server, try adding a static NAT mapping (on the public 
binding) for the private IP address to the private IP address.  

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on 
BorderManager, go to http://nscsysop.hypermart.net ***




0
Craig
9/27/2003 11:38:11 PM
> On the BMgr server, try adding a static NAT mapping (on the public 
> binding) for the private IP address to the private IP address.  

Added. Still can't run from outside LAN any administrative tool
located 
onto BM server.

Regards
Maja



0
maja
9/28/2003 6:20:08 PM
> > On the BMgr server, try adding a static NAT mapping (on the public

> > binding) for the private IP address to the private IP address.  
> 
> Added. Still can't run from outside LAN any administrative tool
located 
> onto BM server.

OK. After rebooting server I can use rconj via VPN. I also made some 
modifications in adminserv.conf. Apache was configured to listen on 
private IP. I added section for public IP and now I can run iManager
and 
Remote Manager via VPN. I don't understand, why I couldn't run
iManager 
via VPN if it was configured to listen on private IP but after adding 

section for public IP I can. Is it possible that this was a reason I 
couldn't run iManager?

Regards
Maja



0
maja
9/28/2003 6:55:45 PM
I don't know.  As you are finding out, the web-based services on 
NetWare can be pretty tough to debug sometimes.   If you were able to 

ping the private IP address of the BMgr server through the VPN, then 
you should also have been able to connect to the various management 
apps there.

Perhaps the server simply needed a reboot?

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on 
BorderManager, go to http://www.craigjconsulting.comt ***




0
Craig
9/29/2003 2:14:58 AM
> Perhaps the server simply needed a reboot?

Hi,
reboot after adding entry to NAT static table mapped private IP onto 
itself was needed. Command Reinitialize System was not enough. 
Yesterday I was in my company's branch office and configure VPN site
to 
site. Everything works fine :-))) On the beginning  I have problems
with 
running iManager on this server but I have discovered, that carefully 

configuring ports for all web-based services and certificates for all 

servers is very important. I recreated  all cerificates for server in 

branch office and also carefully modified adminserv.conf, especially
for 
SSL Certificates and ports entries. Now I have access to all servers
and 
all services in my Intranet via site-to-site and client to site VPN.
Thanks for help.

Regards
Maja



0
maja
9/30/2003 7:54:55 PM
In article <jcleb.433$qj1.197@prv-forum3.provo.novell.com>,  wrote:
> but I have discovered, that carefully 
> configuring ports for all web-based services and certificates for
all 
> servers is very important. I
>
Oh yeah!!!

It can help that you can simply have BMgr SSL Proxy authentication use

port 444 instead of 443.  Can resolve one little bit of port
contention 
that comes up sometimes.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on 
BorderManager, go to http://www.craigjconsulting.comt ***




0
Craig
9/30/2003 9:07:03 PM
> Oh yeah!!!

:-)))

> It can help that you can simply have BMgr SSL Proxy authentication
use 
> port 444 instead of 443.  Can resolve one little bit of port
contention 
> that comes up sometimes.

Very useful tip :-) I must tell you your site is very useful. Lately I

applied patch for BMgr licensing services following instructions from
your 
site. Thanks again :-)))

Regards
Maja





0
maja
10/2/2003 9:40:54 PM
In article <GX0fb.1228$mH2.507@prv-forum3.provo.novell.com>,  wrote:
> Very useful tip :-) I must tell you your site is very useful. Lately
I 
> applied patch for BMgr licensing services following instructions
from your 
> site. Thanks again :-)))
>
Thanks.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on 
BorderManager, go to http://www.craigjconsulting.com ***




0
Craig
10/2/2003 11:13:28 PM
Reply:

Similar Artilces:

upgrade BM 3.6 to 3.7 or 3.8
Hi, currently my bordermanager runs with 3.6 and NW 5.1SP5 Now I have to upgrade to a new version. I have 3.7 and 3.8 license. What is the best way? only upgrade to 3.7 (perhaps 3.8 is not stable yet)? with 3.8 first I have to upgrade (inplace) my server to NW 6.0 with NDS 8.7.1, but there is no 8.7.1 server in my tree (also I have 2 NW 4.11SP9 server). Will I loose my 3.6 configuration and filters at this time? I have no second server to try the various installation methods, so I have only one shot... Thanks Chris In article <ZmyLb.10085$VM1.1440...

BM 3.6 + VPN Client 3.7 + NAT + private ipaddress
Hallo, i've a new vodaphone D2 PCMCIA Data Connect Card ( Germany ) to dial into Internet over VPN-Client to my BM server. It work, but i cannot ping hosts in my private network. Over the provider i became also private ipaddresses ( 10.x.x.x ), so this addresses could not route over the BM !!! Had anyone an idea, if it is possible to route private ip addresses in VPN-Client to private ip addresses to bm ? Or, is it possible to give the vpn-client a second ipaddress from my private network ? How is the way to configure my bm + vpn client to get it to work ??? Or is t...

Problem Upgrading 3.6.2 to 3.6.3
Hi, I'm trying to upgrade Bugzilla from 3.6.2 to 3.6.3. When I run ./checksetup.pl get several missing perl modules. When I try and install the perl modules using the commands suggested by ../checksetup.pl I get the following error from several of the modules E.G. /usr/bin/perl install-module.pl Email::MIME::Modifier Running install for module 'Email::Simple::Creator' Running make for R/RJ/RJBS/Email-Simple-2.100.tar.gz Undefined subroutine &Compress::Zlib::gzopen called at /var/www/html/bugzilla-3.6.3/lib/CPAN/Tarzip.pm line 122. What am I missing. ...

Can I import VPN setting from BM 3.7 into BM 3.8
Hi all, we have a Netware 6.5 server with Bordermanager 3.7. (after migration from NW 5.1) This worked fine for a year, but now the server abends several times a day. Bordermanager is only used for Proxy and VPN. I want to replace the server with a new installed NW6.5 with BM 3.8. Can I quickly and easy import my current VPN settings from BM 3.7? Greetz, Erwin hi Erwin, You can't really "import" the VPN from a server to another one, unless you image it (but at the end you would have an identical server, i.e. 3.7). The safest way is to reconfigure the VPN in t...

bm 3.6 upgrade to 3.7
i have bm 3.6 running on a netware 5.0 server, sp6a. i want to upgrade it to bm 3.7. questions: 1. do i have to upgrade netware to 6.0 first. 2. what should i be on the lookout for, as far as potential problems. I do not believe that BM3.7 is supported on NW5.0 so the OS upgrade would have to precede the BM upgrade. Make sure that you save a copy of filters.cfg before you do the OS upgrade as this will otherwise be blitzed. I prefer to recreate the filters from scratch when doing a 3.7 upgrade, keeping the old filters.cfg as a note of what was in there. I also hate...

Upgrade BM 3.6 to 3.7
We have a NW 5.1sp2a server running BM 3.6 We have the software and licenses for 3.7 and would like to upgrade our server. Can I just put the CD in and upgrade 3.6 or is it more complicated than that? I will use Mr. Johnsons site as reference as far as the service pack and other fixes. My main concern is can I upgrade my current installation and keep my rules and filters? In article <w5Veb.1372$L41.624@prv-forum2.provo.novell.com>, wrote: > My main concern is can I upgrade my current installation and keep my > rules and filters? > Absolutely. Y...

BM 3.6
Upgrading from 3.6 to 3.7 but the filtsrv migrate option fails. I have unloaded filtsrv then filtsrv migrate which gives an error "iltsrv migration failed" and advises to unload filtsrv and retry. I have done this but it makes no difference. NW5.1 SP5 NBM 3.7 SP2 RW replica on server The schema also failed to update. I attempted to run it manually. schext addrulecontainer failed with error -604 schema extention failed with error -604 Thanks in advance gcrane@filcs.com wrote: > The schema also failed to update. This would explain why the filt...

VPN 3.6 slave to VPN 3.8 master
I have more or less gone through what I could to set this up. I exported the BM 3.8 master encryption key (minfo.vpn) and imported that to the BM 3.6 slave without any issue. I then created the slave (sinfo.vpn) file. I had setup the vpn tunnel ip's as 192.168.10.1 and when these were both masters, clients could access either one perfectly. We know the VPN's work. I changed 1 to a slave, but I halted what I was doing as I noted that the master and slave networks both are using 192.168.0.x for the private IP's. Questions: 1. Can a 3.6 slave talk to a 3.8 master?...

upgraded from BM 3.7 sp3 to BM 3.8 on Netware 6 sp5
Hi Having some issues with this and Novell will not take the call. Towards the end of the BM 3.8 install it crashed on filtsrv. The file copy seemed over and it was working on migrating or configuring. After the reboot I when I ran Dsrepair time sync it would give a -622 on all server including itself. The filters were blank. A migrate would not work as it could not communicate. I found a tid saying to redo netinfo.cfg. I did not delete the files just renamed them. After the reboot I was able to run the dsrepair timesycn and contact other servers. The migrate said it worked....

upgrade from bm 3.6 nw 6.0 to bm 3.8 nw 6.5
Hi, We've been asked to upgrade the 4 BM 3.6 servers that are used as our customer's proxy service, they are only used for proxy services, no firewall or vpn services. The servers are currently running NW 6.0, I see that 3.8 is only officially supported on NW 6.5. therefore, is there a recommended path from 3.6 NW 6.0 to 3.8 NW 6.5? Thanks Hi Mark, That's not correct. You can install BM3.8 on NW6.5, NW6.0 or NW5.1. Just upgrade to BM3.8, trying to follow as much as possible the recommended installation sequence in this web site: http://www.craigjconsultin...

VPN thru BM 3.6 t oW2K VPN
--____NKHXHHECQEOVYUGORWTG____ Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Hi, Is it possible to create a VPN from a W2k-machine to a W2K-Server in the = Internet from a NAT-Network across Bordermanager ? Greetings Uwe --____NKHXHHECQEOVYUGORWTG____ Content-Type: multipart/related; boundary="____HOHDEQRUFCFDMNBJPEJB____" --____HOHDEQRUFCFDMNBJPEJB____ Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN&qu...

BM 3.7.3 to 3.9.2 upgrade....
Anyone done this? Our customer has loads of URLs set up to be blocked within the Proxy etc, would rather not have to reproduce all these. VPN isn't an issue, they only use C2S which I can deal with. Probably going to move to new hardware.. Any tips would be greatly appreciated. Richard. -- rsargeant ------------------------------------------------------------------------ Move to new hardware is the easiest way overall. If you can put in a 3.8 step, it might be easier. One option you have would be to copy the existing rules to the new BM container (OU...

3.6.1
I know I am not the first one to have problems and I believe our problems are environment related. The problems are mostly with Jagmanger (doesn't work on NT 4.0) and PB 7.0.3 cannot connect to the server. Here is our environment - spot the error please? CLASSPATH=C:\Program Files\Sybase\Jaguar CTS 3.5\html\classes;C:\Program Files\Sybase\Shared\Sun\Jdk122\lib\classes.zip;c:\program files\sybase\shared\powerbuilder\classes.zip COMPUTERNAME=DSNIYBGU040532 ComSpec=C:\WINNT\system32\cmd.exe HOMEDRIVE=H: HOMEPATH=\ JAGUAR=C:\Program Files\Sybase\Jaguar CTS 3.5 JAGUAR_CLIENT_ROOT=...

BM 3.6
Hello all, I'm looking for some suggestions/opinions on how to go about upgrading our existing BM 3.6 server running on NW5.1, SP4 to BM 3.7, NW6, and also on a new server (new hardware). Should I upgrade to 3.7 on the existing NW5.1, SP4 server and then do an across the wire migration to the new server with NW6? Or is it easier/better to not upgrade the existing BM 3.6 server and just install BM3.7 on the new server with NW6? Any suggestions are appreciated as I am new to Border Manager and could use some help. thanks, Alain In article <znN5...

Web resources about - VPN problem after upgrade BM 3.6 to 3.7 - novell.bordermanager.vpn

Problem novel - Wikipedia, the free encyclopedia
Working class, or proletarian novels are often also social problem novels . This was in many ways a reaction to rapid industrialization , and ...

Surprise! Lawyers Are Problem Drinkers
Assuming there are 10 attorneys on your team, statistically, two to three of the attorneys are suffering from drinking problems, depression, ...

This $2 billion startup CEO thinks the biggest problem facing European entrepreneurs today is 'bad advice' ...
... really bad advice, right." "There's starting to be a network of older people that have been [there]" Has Klarna been affected by this problem? ...

Ben Carson has a problem with Bill Clinton's history with women
GOP hopeful blames former President Clinton for coarsening American children

Engine problem sends Virginia-bound plane back to New York
... shortly after takeoff. A spokesman for the FAA says the crew of Commutair Flight 3585 declared an emergency because of an "engine-related problem" ...

Thanks, Obama. Fewer people have problems paying medical bills.
... In the first half of 2011 through the first half of 2014, approximately one in five persons under age 65 was in a family that had problems ...

The Displacement Problem
A problem with gentrification-led involuntary displacement is that makes it being poor even more unaffordable by pricing people out of areas ...

Carrie Underwood Admits Her 'Mom Problems' Include Getting Peed On
Carrie Underwood Admits Her 'Mom Problems' Include Getting Peed On

Major League Baseball's Biggest Problems
Major League Baseball may never be healthier than it is now, but that doesn't mean it's flawless. Here's some key problems the league needs to ...

PARIS' ISIS PROBLEM Youth in France leave for Syria at 'alarming' rate
PARIS' ISIS PROBLEM Youth in France leave for Syria at 'alarming' rate

Resources last updated: 12/30/2015 4:26:35 PM