openconnect, ssl connection failure - openconnect

I have ocserv setup on a vm, but when trying to connect through openconnect app getting these errors,
it will be helpful if any solution, tried various ocserv config file modifications but non-sucessfull
Logs:
` Disconnected
STAT: attempt=O; first-NEVER; prev=NEVER
STAT: connect=o; first-NE-VER; prev=NEVER
STAT: cancel=o; first=NEVER; prev=NEVER
LIB: POST https://<IP/hostname>/
L1B: Attempting to connect to server <IP/hostname>
LIB: Connected to <IP :443/hostname>
LIB: SSL negotiation with <IP/hostname>
L1B: Server certificate verify failed: certificate does not match hostname CALLBACK: onValidatePeerCert
LIB: SSI- connection failure: The operation timed out
LIB: Failed to open HTTPS connection to <IP/hostname>
Error obtaining cookie
VPN terminated with errors`
Update::: after few changes this is the current error im getting,
setup description: Vm has debian 9 installed with ocserv installed, also certificates. trying to connect useing openconnect android app, device has mobile data enabled with low speed.
Log:
Disconnected
STAT: attempt=O; first-NEVER; prev=NEVER
STAT: connect=o; first-NE-VER; prev=NEVER
STAT: cancel=o; first=NEVER; prev=NEVER
LIB: POST https://<IP/hostname>/
L1B: Attempting to connect to server <IP/hostname>
LIB: Connected to <IP :443/hostname>
L1B: SSL_negotiation with <IP/hostname>
L1B: SSL_connection failure: The operation timed out
L1B: Failed to open HTTPS connection to <IP/hostname>
Error obtaining cookie
VPN terminated with errors
Is their any SSL issue? or do I need to give 3rd party SSL to ocserv, if so how to install 3rd party SSL to ocserv.
Thanks in advance

The error message states that the server's certificate did not match its hostname. As your client checks this, you need to use a certificate that matches the hostname that you use to access the server.

Related

How to Access Remote PostgreSQL Database Server Through VPN

I'm currently working with my office server, when i want to connect to the server, i have to use their VPN. I have installed PostgreSQL database in their server and have succesfully migrate data to database from Django project. But, when i want to remote access from HeidiSQL, it always gives me Connection Timed Out Error eventhough i have already connected to their VPN.
I've tried to this code below
/var/lib/pgsql/14/data/pg_hba.conf
host all all 0.0.0.0/0 md5
host all all ::/0 md5
/var/lib/pgsql/14/data/postgresql.conf
listen_addresses = '*'
i have tried to refresh everytime i change files and see if i'm in the correct port but it still gives me Connection Timed Out Error
this is the full error message
could not connect to server: Connection Timed out (0x0000274C/10060). Is the server running on host "xxx.xxx.xxx.xxx" and accepting TCP/IP connections on port 5432 ?
NOTES
OS : CentOS 8
DB : PostgreSQL 14

Istio1.9 integration with virtual machine (aws ec2) getting host file as empty

I have installed mysql in a VM and wanted my EKS with istio 1.9 installed to talk with them, i am following this https://istio.io/latest/docs/setup/install/virtual-machine/ but when am doing this step the host file which getting generated is empty file.
With this empty host file i tried but when starting the vm with this command am getting
> sudo systemctl start istio
when tailed this file
*/var/log/istio/istio.log*
2021-03-22T18:44:02.332421Z info Proxy role ips=[10.8.1.179 fe80::dc:36ff:fed3:9eea] type=sidecar id=ip-10-8-1-179.vm domain=vm.svc.cluster.local
2021-03-22T18:44:02.332429Z info JWT policy is third-party-jwt
2021-03-22T18:44:02.332438Z info Pilot SAN: [istiod.istio-system.svc]
2021-03-22T18:44:02.332443Z info CA Endpoint istiod.istio-system.svc:15012, provider Citadel
2021-03-22T18:44:02.332997Z info Using CA istiod.istio-system.svc:15012 cert with certs: /etc/certs/root-cert.pem
2021-03-22T18:44:02.333093Z info citadelclient Citadel client using custom root cert: istiod.istio-system.svc:15012
2021-03-22T18:44:02.410934Z info ads All caches have been synced up in 82.7974ms, marking server ready
2021-03-22T18:44:02.411247Z info sds SDS server for workload certificates started, listening on "./etc/istio/proxy/SDS"
2021-03-22T18:44:02.424855Z info sds Start SDS grpc server
2021-03-22T18:44:02.425044Z info xdsproxy Initializing with upstream address "istiod.istio-system.svc:15012" and cluster "Kubernetes"
2021-03-22T18:44:02.425341Z info Starting proxy agent
2021-03-22T18:44:02.425483Z info dns Starting local udp DNS server at localhost:15053
2021-03-22T18:44:02.427627Z info dns Starting local tcp DNS server at localhost:15053
2021-03-22T18:44:02.427683Z info Opening status port 15020
2021-03-22T18:44:02.432407Z info Received new config, creating new Envoy epoch 0
2021-03-22T18:44:02.433999Z info Epoch 0 starting
2021-03-22T18:44:02.690764Z warn ca ca request failed, starting attempt 1 in 91.93939ms
2021-03-22T18:44:02.693579Z info Envoy command: [-c etc/istio/proxy/envoy-rev0.json --restart-epoch 0 --drain-time-s 45 --parent-shutdown-time-s 60 --service-cluster istio-proxy --service-node sidecar~10.8.1.179~ip-10-8-1-179.vm~vm.svc.cluster.local --local-address-ip-version v4 --bootstrap-version 3 --log-format %Y-%m-%dT%T.%fZ %l envoy %n %v -l warning --component-log-level misc:error --concurrency 2]
2021-03-22T18:44:02.782817Z warn ca ca request failed, starting attempt 2 in 195.226287ms
2021-03-22T18:44:02.978344Z warn ca ca request failed, starting attempt 3 in 414.326774ms
2021-03-22T18:44:03.392946Z warn ca ca request failed, starting attempt 4 in 857.998629ms
2021-03-22T18:44:04.251227Z warn sds failed to warm certificate: failed to generate workload certificate: create certificate: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp: lookup istiod.istio-system.svc on 10.8.0.2:53: no such host"
2021-03-22T18:44:04.849207Z warn ca ca request failed, starting attempt 1 in 91.182413ms
2021-03-22T18:44:04.940652Z warn ca ca request failed, starting attempt 2 in 207.680983ms
2021-03-22T18:44:05.148598Z warn ca ca request failed, starting attempt 3 in 384.121814ms
2021-03-22T18:44:05.533019Z warn ca ca request failed, starting attempt 4 in 787.704352ms
2021-03-22T18:44:06.321042Z warn sds failed to warm certificate: failed to generate workload certificate: create certificate: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp: lookup istiod.istio-system.svc on 10.8.0.2:53: no such host"

code-server WebSocket close with status code 1006

I am trying to install code-server 3.6.2 on a cloud platform. I have tried both AWS and digitalocean machines but in both systems, I can open code server but it gives an error "WebSocket close with status code 1006".
I have followed the procedure from https://www.digitalocean.com/community/tutorials/how-to-set-up-the-code-server-cloud-ide-platform-on-ubuntu-20-04
code-server uses websocket to connect.Do you use HTTPS?
If so, you should Use wss to forward ws.like this:
// forward websocket (wss -> ws)
httpsServer.on('upgrade', function (req, socket, head) {
proxy.ws(req, socket, head, {
target: 'ws://...',
ws: true
})
})
Usually this and other errors happen when you use code server locally
To solve it you can use the --link parameter that gives you a url with temporary https, or you can also use ngrok
//Option 1
code-server --host 127.0.0.1 --bind-addr 0.0.0.0:9000 --auth password --link
//Option 2
code-server --host 127.0.0.1 --bind-addr 0.0.0.0:9000 --auth password
ngrok http 9000

Error : curl: (7) Failed to connect to 127.0.0.1 port 80: Connection refused

I have a R code deployed on AWS server to fetch twitter data which is basically creating an API.
I want to fetch the data on local system using this API which is fetching the data using the function running on aws server.
I'm using this command :
$curl "http://127.0.0.1 ip-public ip:8000/meaning?woeid=23424848&n=1"
But i'm getting the error below :
curl: (7) Failed to connect to 127.0.0.1 port 80: Connection refused
curl: (6) Could not resolve host: ip-public ip

Connection with neo4j-client failed on OS X yosemite

I've tried to establish a connection by both command line and in my C++ project.
In a "secure" version I received:
OpenSSL error: 336130315:SSL routines:SSL3_GET_RECORD:wrong version number
If I try with an insecure connection, I received:
connection to 'neo4j://localhost:7474' failed: Could not agree on a protocol version
but I successfully access to the db via browser on the same port number.
How could I repair?
An insecure connection is good for me.