You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Willy Manga <ma...@gmail.com> on 2022/04/19 11:25:26 UTC
How to allow "WebSocket | HTTP tunnel request" with IPv6?
Hi,
I have installed guacamole and got the following errors [1] after a
successful authentication.
I'm aware of [2] where the solution was to set bind_host to 127.0.0.1
[3]. My question is how to allow that tunnel request in an IPv6-only
environment?
The 'Connection refused' seems like an issue with a service not allowed
in IPv6 somewhere within tomcat
In my setup, I use debian 11, guacamole 1.4 ... I'm planning to use v4
address only on the nginx proxy.
1. https://paste.debian.net/1238366/
2. https://lists.apache.org/thread/ttv4sc6jlbso1pfwpd1yo43ssk0rnwoz
3. https://lists.apache.org/thread/dm3coj38x3fhco0gxnyw0k22lwcp5wwy
--
Willy Manga
@ongolaboy
https://ongola.blogspot.com/
Re: How to allow "WebSocket | HTTP tunnel request" with IPv6?
Posted by Henri Alves de Godoy <he...@fca.unicamp.br>.
Hi Nick and Willy,
sorry i missed this message
enable ipv6 socket in your tomcat
<!--
<Connector address="[::]" executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
It should work now.
Att,
Henri
Em sex., 22 de jul. de 2022 às 22:44, Nick Couchman <vn...@apache.org>
escreveu:
> On Thu, Apr 21, 2022 at 4:36 AM Willy Manga <ma...@gmail.com> wrote:
> >
> > Hi Alves,
> >
> > On 19/04/2022 15:32, Henri Alves de Godoy wrote:
> > > Hi Willy,
> > >
> > > Assuming that your server where the tomcat/guacd daemon is is
> dual-stack
> > > and your internal environment is IPv6-only
> >
> > What if I want to avoid any IPv4 config ..
> >
>
> I would think you just need to enable IPv6 in Tomcat. There's nothing
> about Guacamole that is specific to one version or another - the
> default to IPv4 is a Tomcat configuration.
>
> -Nick
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
> For additional commands, e-mail: user-help@guacamole.apache.org
>
>
--
Re: How to allow "WebSocket | HTTP tunnel request" with IPv6?
Posted by Nick Couchman <vn...@apache.org>.
On Thu, Apr 21, 2022 at 4:36 AM Willy Manga <ma...@gmail.com> wrote:
>
> Hi Alves,
>
> On 19/04/2022 15:32, Henri Alves de Godoy wrote:
> > Hi Willy,
> >
> > Assuming that your server where the tomcat/guacd daemon is is dual-stack
> > and your internal environment is IPv6-only
>
> What if I want to avoid any IPv4 config ..
>
I would think you just need to enable IPv6 in Tomcat. There's nothing
about Guacamole that is specific to one version or another - the
default to IPv4 is a Tomcat configuration.
-Nick
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: How to allow "WebSocket | HTTP tunnel request" with IPv6?
Posted by Willy Manga <ma...@gmail.com>.
Hi Alves,
On 19/04/2022 15:32, Henri Alves de Godoy wrote:
> Hi Willy,
>
> Assuming that your server where the tomcat/guacd daemon is is dual-stack
> and your internal environment is IPv6-only
What if I want to avoid any IPv4 config ..
Here's what I want
+------------------+
| Network of hosts |
| using IPv6-only |
+------------------+
|
|
| (IPv6)
|
+-----------------+
|Guacamole/Tomcat |
+-----------------+
|
|
| (IPv6)
|
+-----------------+
| Nginx |
+-----------------+
|
|
(IPv4) | (IPv6)
|
+-----------------+
| Internet |
+-----------------+
> In the host configuration, put the IPv6 of the remote machine you want to
> access.
I don't have any issue accessing v6 hosts provided by guacamole.
> You can also change in guacd to bind the v6 address of localhost ::1
Here is my issue. By default, when you build from scratch guacamole 1.4
on debian 11, it will listen to ::1 . That setup will not work unless I
missed something.
I had to tell guacd to bind to 127.0.0.1 :(
Otherwise I got this
Apr 21 10:29:12 guac2 tomcat9[1811]: 10:29:12.870 [http-nio-8080-exec-6]
INFO o.a.g.r.auth.AuthenticationService - User "gogo" successfully
authenticated from 2001:db8:43:cafe::1.
Apr 21 10:29:14 guac2 tomcat9[1811]: 10:29:14.423 [http-nio-8080-exec-9]
ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket
tunnel to guacd failed: java.net.ConnectException: Connection refused
(Connection refused)
Apr 21 10:29:15 guac2 tomcat9[1811]: 10:29:15.369 [http-nio-8080-exec-1]
ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed:
java.net.ConnectException: Connection refused (Connection refused)
--
Willy Manga
@ongolaboy
https://ongola.blogspot.com/
Re: How to allow "WebSocket | HTTP tunnel request" with IPv6?
Posted by Henri Alves de Godoy <he...@fca.unicamp.br>.
Hi Willy,
Assuming that your server where the tomcat/guacd daemon is is dual-stack
and your internal environment is IPv6-only
In the host configuration, put the IPv6 of the remote machine you want to
access.
You can also change in guacd to bind the v6 address of localhost ::1
It works without any problems.
Att,
Henri
Em ter., 19 de abr. de 2022 às 08:25, Willy Manga <ma...@gmail.com>
escreveu:
> Hi,
>
> I have installed guacamole and got the following errors [1] after a
> successful authentication.
>
> I'm aware of [2] where the solution was to set bind_host to 127.0.0.1
> [3]. My question is how to allow that tunnel request in an IPv6-only
> environment?
>
> The 'Connection refused' seems like an issue with a service not allowed
> in IPv6 somewhere within tomcat
>
> In my setup, I use debian 11, guacamole 1.4 ... I'm planning to use v4
> address only on the nginx proxy.
>
> 1. https://paste.debian.net/1238366/
>
> 2. https://lists.apache.org/thread/ttv4sc6jlbso1pfwpd1yo43ssk0rnwoz
>
> 3. https://lists.apache.org/thread/dm3coj38x3fhco0gxnyw0k22lwcp5wwy
>
> --
> Willy Manga
> @ongolaboy
> https://ongola.blogspot.com/
>
--