02-18-2003 12:39 PM - edited 02-21-2020 12:21 PM
In my evnrionment, I use Concentrator 3k and Cisco VPN client 3.5.x for VPN connection. My users have problem using x11 from remote workstations (x11-server) to UNIX servers (x11-client) in the inside network. From my sniffer capture and firewall log (CheckPoint FW1), the issue is related to the virtual IP of the workstation assigned to the VPN client and the real/physical IP of the workstation (VPN Client).
First, workstation send XDMCP (udp-177) to the internal server (x11-client) using the VPN ip address. Multiple XDMCP traffic then going back and forth between the workstation and the server. Then, the server (as expect) initiates x11 (tcp 6000) session to the workstation. Yet, this time the server (x11-client) is using the workstation 's physical IP address instead of the VPN 's IP. As the result, the connection can't be established (drop/reject by the workstation).
Would anyone have any suggestions on this issue? FYI, the x-windows product we uses is called "Exceed v6", don't know if this makes a difference.
Thanks.
-Raymond Ng
02-18-2003 02:26 PM
I would suggest not using X11 by itself. Using an ssh client to connect into the server with X11 forwarding enabled, you should never have to worry about this problem again. It will set the display variable accordingly. Also, it has the added benefit of allowing you to close port 6000 from listening on your servers since all X11 communication is done through the secure tunnel. Once you get it set up, you'll never want to go back.
02-18-2003 02:33 PM
Thanks, but I am afraid that this is not an option in my environment.
-raymond
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide