[FreeNX-kNX] Sanity check...

Fabian Franz FabianFranz at gmx.de
Sat Apr 23 12:03:52 UTC 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Samstag, 23. April 2005 09:19 schrieb Ed Warnicke:
> I am trying to debug an issue I'm seeing, and I want to
> make sure I understand how FreeNX handles 'ssl tunneling'.

Ok.

>
> From what I can find in the nxserver/nxnode code,
> if 'ssl tunneling' is enabled via the ENCRYPTION environment
> variable then nxnode will only accept connections from
> 127.0.0.1 (localhost) and nxserver uses netcat to connect
> to the nxagent spawned by nxnode and redirect all of
> it's input and output via the ssh connection to nxserver.

Completely correct.

>
> It seems that in the case of an encrypted connection,
> after the 'NX> 999 Bye' all traffic should then be the
> normal chatter between the nxproxy on the client
> side and the nxagent on the server side.

Yes, perhaps we can do some magic like:

exec 3>&1 # save stdout
exec 1>&2 # put all stdout to stderr instead
netcat >&3 # connect with old stdout

to prevent the effects that _any_ message goes to stdout after the bye 
command.

But this needs testing and evaulation.

> Info: Connection with remote proxy established.
> Error: Parse error in remote options string 'NX> '."

I thought it was when nxagent did not start. Then netcat would not be started 
and such the NX> goes to stdout to the proxy ...

You can debug this by doing something like that:

log "netcat started"
netcat [...]
log "netcat finished"

>
> Is my understanding of how Freenx 'ssl tunneling' works
> and what is causing this error message correct?

Yes, somehow.

>
> I *think* the problem I reported here:
> http://developer.berlios.de/bugs/?func=detailbug&bug_id=3603&group_id=2978

Ok.

cu

Fabian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCajmuI0lSH7CXz7MRAoQ1AJ9ZM4p64P6AhNXmBB4khBb2I4Tm2QCfc86K
Adrgec70eK5wXPJWfvsSlNQ=
=LX0K
-----END PGP SIGNATURE-----




More information about the FreeNX-kNX mailing list