cannot telnet through a VPN tunnel using Sonic Wall routers - Unix

This is a discussion on cannot telnet through a VPN tunnel using Sonic Wall routers - Unix ; Hello, I have set up a VPN tunnel between 2 Sonic Wall routers. From location A, I can access network shared drives located at location B. But from location A, I cannot telnet to any Solaris UNIX workstations located at ...

+ Reply to Thread
Results 1 to 14 of 14

Thread: cannot telnet through a VPN tunnel using Sonic Wall routers

  1. cannot telnet through a VPN tunnel using Sonic Wall routers

    Hello,

    I have set up a VPN tunnel between 2 Sonic Wall routers. From
    location A, I can access network shared drives located at location B.
    But from location A, I cannot telnet to any Solaris UNIX workstations
    located at location B. Whenever I use telnet, I get error about
    cannot open port 23.

    Does Sonic Wall lock out port 23? Any suggestions how to fix this
    problem? Thanks.

  2. Re: cannot telnet through a VPN tunnel using Sonic Wall routers

    On Fri, 19 Sep 2008 08:39:16 -0700 (PDT),
    Michelle wrote:
    > Does Sonic Wall lock out port 23? Any suggestions how to fix this
    > problem? Thanks.


    You'd have to look at the particular configuration of those things.
    I think that of all people you are in the best position to do that.

    Note that it is a much better idea to use ssh instead of telnet,
    as telnet usually isn't setup to do encryption (but modern telnet
    implementations can do it).


    --
    j p d (at) d s b (dot) t u d e l f t (dot) n l .
    This message was originally posted on Usenet in plain text.
    Any other representation, additions, or changes do not have my
    consent and may be a violation of international copyright law.

  3. Re: cannot telnet through a VPN tunnel using Sonic Wall routers

    On Sep 19, 9:59*am, jpd wrote:
    > On Fri, 19 Sep 2008 08:39:16 -0700 (PDT),
    >
    > Michelle wrote:
    > > Does Sonic Wall lock out port 23? *Any suggestions how to fix this
    > > problem? *Thanks.

    >
    > You'd have to look at the particular configuration of those things.
    > I think that of all people you are in the best position to do that.
    >
    > Note that it is a much better idea to use ssh instead of telnet,
    > as telnet usually isn't setup to do encryption (but modern telnet
    > implementations can do it).
    >
    > --
    > * j p d (at) d s b (dot) t u d e l f t (dot) n l .
    > * This message was originally posted on Usenet in plain text.
    > * Any other representation, additions, or changes do not have my
    > * consent and may be a violation of international copyright law.




    I forgot to mention that I cannot ping to the UNIX station either.

  4. Re: cannot telnet through a VPN tunnel using Sonic Wall routers

    jpd wrote:
    > On Fri, 19 Sep 2008 08:39:16 -0700 (PDT),
    > Michelle wrote:
    >> Does Sonic Wall lock out port 23? Any suggestions how to fix this
    >> problem? Thanks.

    >
    > You'd have to look at the particular configuration of those things.
    > I think that of all people you are in the best position to do that.
    >
    > Note that it is a much better idea to use ssh instead of telnet,
    > as telnet usually isn't setup to do encryption (but modern telnet
    > implementations can do it).


    Since it's going through a VPN, so what? Most of the other protocols
    aren't encrypted either, that's the point of using a VPN.

    Jerry

  5. Re: cannot telnet through a VPN tunnel using Sonic Wall routers

    Begin
    On Fri, 19 Sep 2008 20:18:58 GMT, Jerry Peters wrote:
    > Since it's going through a VPN, so what? Most of the other protocols
    > aren't encrypted either, that's the point of using a VPN.


    If you trust passing your root passwords in the plain through both
    networks, then indeed, there is no need at all for further encryption.

    I wouldn't, and even if I did I'd prefer to make a habit out of using
    ssh. You only need to slip the teeniest bit, once, to compromise years
    of work. That is what makes security engineering hard.


    --
    j p d (at) d s b (dot) t u d e l f t (dot) n l .
    This message was originally posted on Usenet in plain text.
    Any other representation, additions, or changes do not have my
    consent and may be a violation of international copyright law.

  6. Re: cannot telnet through a VPN tunnel using Sonic Wall routers

    jpd writes:

    > Begin
    > On Fri, 19 Sep 2008 20:18:58 GMT, Jerry Peters wrote:
    >> Since it's going through a VPN, so what? Most of the other protocols
    >> aren't encrypted either, that's the point of using a VPN.


    Most of the point of a VPN is tunnel the whole TCP/IP stack using
    the public internet. Encryption does provide one level of privacy.
    If someone's sniffing your LAN, though, yer done.

    So, in that way, VPN's fail to make plaintext protocols carrying
    sensitive data and login credentials... suck any less.

    It's 2008. There is simply no good reason to leave telnet enabled for
    any device that supports ssh. And if you absolutely must use telnet,
    at least use s/key for authentication (one time passwords).

    > If you trust passing your root passwords in the plain through both
    > networks, then indeed, there is no need at all for further
    > encryption.
    >
    > I wouldn't, and even if I did I'd prefer to make a habit out of using
    > ssh. You only need to slip the teeniest bit, once, to compromise years
    > of work. That is what makes security engineering hard.


    And not to mention that if you haven't been good about patching your
    Solaris box, you can sorta telnet to em and login as any user without
    supplying a password[1]. And I have my own personal bets about
    whether a Solaris user who thinks a VPN takes all the risk out of
    telnet on their intranet would be all that on top of patching.

    [1] http://www.securityfocus.com/bid/22512
    --
    Todd H.
    http://www.toddh.net/

  7. Re: cannot telnet through a VPN tunnel using Sonic Wall routers

    On Sep 19, 8:39 am, Michelle wrote:
    > Hello,
    >
    > I have set up a VPN tunnel between 2 Sonic Wall routers. From
    > location A, I can access network shared drives located at location B.
    > But from location A, I cannot telnet to any Solaris UNIX workstations
    > located at location B. Whenever I use telnet, I get error about
    > cannot open port 23.


    Is the telnet port open on the Solaris boxes? [It's probably not]

    A "svcs telnet" issued on one of the Solaris boxes will reveal if
    telnet is "disabled" or "online". If disabled, it can be enabled
    by issuing a "svcadm enable telnet".

    As others have already commented (and with which I agree), use ssh
    instead.

    > Does Sonic Wall lock out port 23?


    It can be configured to do so; only you can answer that question.
    Login to the SonicWall and (this depends on the version of SonicOS
    as to how you get there) "Firewall -> Access Rules" will reveal if
    telnet is blocked; a default config will not block telnet over VPN.

  8. Re: cannot telnet through a VPN tunnel using Sonic Wall routers

    On Sep 19, 5:30 pm, Thad Floryan wrote:
    > > [...]
    > > Does Sonic Wall lock out port 23?

    >
    > It can be configured to do so; only you can answer that question.
    > Login to the SonicWall and (this depends on the version of SonicOS
    > as to how you get there) "Firewall -> Access Rules" will reveal if
    > telnet is blocked; a default config will not block telnet over VPN.


    You need to check both SonicWall's settings (i.e., at each end of the
    VPN tunnel). :-)

  9. Re: cannot telnet through a VPN tunnel using Sonic Wall routers

    On Sep 19, 5:56*pm, Thad Floryan wrote:
    > On Sep 19, 5:30 pm, Thad Floryan wrote:
    >
    > > > [...]
    > > > Does Sonic Wall lock out port 23?

    >
    > > It can be configured to do so; only you can answer that question.
    > > Login to the SonicWall and (this depends on the version of SonicOS
    > > as to how you get there) "Firewall -> Access Rules" will reveal if
    > > telnet is blocked; a default config will not block telnet over VPN.

    >
    > You need to check both SonicWall's settings (i.e., at each end of the
    > VPN tunnel). *:-)



    I know that those UNIX stations at location B allow telnet, because
    when I'm on a Windows PC located at location B, I can telnet to those
    UNIX stations at location B without any problem.

    It's when I go to a Windows PC located at location A, I cannot telnet
    via the VPN, and telnet to those UNIX stations at location B.


  10. Re: cannot telnet through a VPN tunnel using Sonic Wall routers

    On Sep 20, 1:03 am, Michelle wrote:
    > On Sep 19, 5:56 pm, Thad Floryan wrote:
    >
    > > On Sep 19, 5:30 pm, Thad Floryan wrote:

    >
    > > > > [...]
    > > > > Does Sonic Wall lock out port 23?

    >
    > > > It can be configured to do so; only you can answer that question.
    > > > Login to the SonicWall and (this depends on the version of SonicOS
    > > > as to how you get there) "Firewall -> Access Rules" will reveal if
    > > > telnet is blocked; a default config will not block telnet over VPN.

    >
    > > You need to check both SonicWall's settings (i.e., at each end of the
    > > VPN tunnel). :-)

    >
    > I know that those UNIX stations at location B allow telnet, because
    > when I'm on a Windows PC located at location B, I can telnet to those
    > UNIX stations at location B without any problem.
    >
    > It's when I go to a Windows PC located at location A, I cannot telnet
    > via the VPN, and telnet to those UNIX stations at location B.


    OK, then it's something in your SonicWall's config which has been
    changed from the default.

    Though it's been a year (company went belly-up), the company's
    SonicWall
    was IIRC a PRO-300 and I had a Tele2 (later a TZ-170) at home. Telnet
    worked fine from my home LAN to the company LAN over VPN. You must've
    changed something from the SonicWall's defaults. A colleague with a
    bank of Solaris machines at his home was also able to connect using
    a software VPN (perhaps Sun's, I dunno, like I wrote it's been a year)
    so you *need* to check what you've done.

    SonicWall's web site and forums suck (my apologies for writing that
    as much as I like SW's products). Yahoo has a "sonicwall" forum; you
    may wish to join it for there are some experts with SW's products
    there who can probably help you. The forum is:



  11. Re: cannot telnet through a VPN tunnel using Sonic Wall routers

    On Sep 20, 2:43 am, Thad Floryan wrote:
    > [...]
    > SonicWall's web site and forums suck (my apologies for writing that
    > as much as I like SW's products). Yahoo has a "sonicwall" forum; you
    > may wish to join it for there are some experts with SW's products
    > there who can probably help you. The forum is:
    >
    >


    Just some friendly tips: you need to state what SonicWall appliances
    you're using, what VPN client software you're using (if applicable),
    and you must show/state/display the firewall "rules" so someone can
    figure out what's being permitted and denied.

    So far you've revealed NOTHING about your configuration and, thus,
    there's no way anyone can help you. Seriously. :-)

    I've been using the SonicWall appliances for over a decade and have
    placed 100s of companies on the 'Net. SW's stuff is reliable, easy to
    use, and for the most part bug free (far more so than, say, IOS).

    What may help *you* is to login into both of your SonicWall appliances
    and go to (scratchin' my head here) System -> Diagnostics and select
    the "Tech Support Report". You must use something other than Firefox
    (which has major bugs, IE works OK from a Windows box) to save that
    report as an ASCII file onto disk. That report reveals everything
    about your device's configuration, moreso than the GUI menus. Examine
    the firewall rules -- there has to be something wrong there for your
    telnet sessions to fail.

  12. Re: cannot telnet through a VPN tunnel using Sonic Wall routers

    On Sat, 20 Sep 2008 03:35:20 -0700 (PDT),
    Thad Floryan wrote:
    > On Sep 20, 2:43 am, Thad Floryan wrote:
    > So far you've revealed NOTHING about your configuration and, thus,
    > there's no way anyone can help you. Seriously. :-)


    Seconded.


    > You must use something other than Firefox (which has major bugs, IE
    > works OK from a Windows box) to save that report as an ASCII file onto
    > disk. [...]


    Minor nit here, but germane to the discussion: If it works fine with
    IE on a windows box then that doesn't convince me the bugs are in FF.

    Rather, sonic wall will have tailored their appliance's web interface
    to work with IE (and its major bugs) such that browsers that are more
    standards compliant cease to display the content properly. That is, I
    expect anything but IE on a windows box to fail in interesting ways.

    You can argue about the why (they'll figure they're ``enterprise'' so
    conclude having to suck up to the masses of deployed IE on windows, and
    that situation itself is a security disaster busily happening), but that
    doesn't make it right. Rather, it blames a certain other company for not
    playing ball with everybody else. But we knew that.

    I would still point at IE on windows (for its failings) and sonic wall
    (for raising to gold standard a faulty implementation rather than the
    written specification detailing how it should be done) if I were to
    blame anybody or anything.


    Note that I have no quarrel with your pointing out the situation, but
    I do disagree your blame assignment.


    --
    j p d (at) d s b (dot) t u d e l f t (dot) n l .
    This message was originally posted on Usenet in plain text.
    Any other representation, additions, or changes do not have my
    consent and may be a violation of international copyright law.

  13. Re: cannot telnet through a VPN tunnel using Sonic Wall routers

    On Sep 20, 4:06 am, jpd wrote:
    > > [...]
    > > You must use something other than Firefox (which has major bugs, IE
    > > works OK from a Windows box) to save that report as an ASCII file onto
    > > disk. [...]

    >
    > Minor nit here, but germane to the discussion: If it works fine with
    > IE on a windows box then that doesn't convince me the bugs are in FF.


    Point conceded for a browser interface to SonicWall's appliances.

    > [...]
    > I would still point at IE on windows (for its failings) and sonic wall
    > (for raising to gold standard a faulty implementation rather than the
    > written specification detailing how it should be done) if I were to
    > blame anybody or anything.


    OK. I have no love of Microsoft and its products though I do use some
    of them. IE has so many bugs and standards violations it's
    incredible.
    One that hurts one of my apps is an IE failure to handle button back-
    ground images that's been on MS' bug web site since 2002; the app
    work fine with any other browser.

    Here's a beaut: try a large animated GIF in IE. Animated GIFs have
    been around for over a decade, yet (assuming running a Windows box)
    you'll have to pull the power plug if viewing some animated GIFs in
    IE.

    If you'd like to try this for yourself, here are two that work fine
    with Firefox and almost any browser except IE (any version):

    , and


    The "aster_anim" shows asteroid distribution in our solar system and
    the "ss_anim" shows our solar system's planetary positions. One
    of my hobbies for over 50 years is astronomy. I receive daily updated
    asteroid information from ULowell and Harvard. Both anims were created
    using XEphem (<http://www.xephem.com/), xwd and a small script I
    wrote.
    Note the XEphem site takes awhile to load due to too-many anims and an
    apparent slow 'Net connection.

    However, one thing I do a lot is "print" a web page to a PDF file for
    my future reference. There are sites "out there" that fail that
    procedure
    using Firefox and I have to bring up an instance of IE to "print" the
    page.

    And Firefox still, after years of complaining, does NOT have a "Print"
    option when right-clicking something; that bugs me. And why are the
    top bar menu options different depending on the platform? For example,
    on Windows options are under "Tools" but on UNIX/Linux it's "Edit".

    > Note that I have no quarrel with your pointing out the situation, but
    > I do disagree your blame assignment.


    No problemo! :-)

  14. Re: cannot telnet through a VPN tunnel using Sonic Wall routers

    On Sat, 20 Sep 2008 05:04:24 -0700 (PDT),
    Thad Floryan wrote:
    > On Sep 20, 4:06 am, jpd wrote:
    > OK. I have no love of Microsoft and its products though I do use some
    > of them. IE has so many bugs and standards violations it's
    > incredible.


    Worse, ``optimising'' for just one browser that isn't freely available
    to people who do not use the OS it comes with shuts those out. And who
    knows what happens in the next version?


    > If you'd like to try this for yourself, here are two that work fine
    > with Firefox and almost any browser except IE (any version):


    I can't test that without IE available here. :-)

    Interesting pictures though.


    > However, one thing I do a lot is "print" a web page to a PDF file
    > for my future reference. There are sites "out there" that fail that
    > procedure using Firefox and I have to bring up an instance of IE to
    > "print" the page.


    Firefox should've split off a set of options specifically for printing
    long ago. And yes, their printing is broken and the things they've tried
    all failed. If you can render things on the screen, how hard can it be
    to come up with correct PostScript output anyway?

    One of the places where it shows it's firmy a windows program. A pity.


    > And Firefox still, after years of complaining, does NOT have a "Print"
    > option when right-clicking something; that bugs me. And why are the
    > top bar menu options different depending on the platform? For example,
    > on Windows options are under "Tools" but on UNIX/Linux it's "Edit".


    That's among the least of its problems. The option that is supposed to
    stop the thing from searching as I type (which can be a real drag on
    slow boxes and with large documents) plain does not work at all.

    It pops up too often -- my wm doesn't suppress that so it should have an
    option to just not pop up whenever it feels like. After 2.0 it started
    to do that far more often and at inopportune moments. Its cut/paste
    selection mechanism got too smart and now usually gets it all wrong.
    Booting it when there were lots of tabs open causes it to render the box
    unusable for minutes also because it insists on popping up all windows
    for each tab it is about to load (not when it finishes). It doesn't have
    an option to ``start in the background''.

    It trashes, horribly.

    There are a bunch of other things wrong with it that aren't being fixed
    because the developers don't believe in it. ``It works fine for me''.
    Shyeah right. It sucks about as much on today's machines as netscape did
    back when on then contemporary hardware. It still beats IE. Amazing.


    --
    j p d (at) d s b (dot) t u d e l f t (dot) n l .
    This message was originally posted on Usenet in plain text.
    Any other representation, additions, or changes do not have my
    consent and may be a violation of international copyright law.

+ Reply to Thread