× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Thanks Simon.

Information I received was that a remote site had "unreliable" VPN. Makes
absolutely no sense. What that sounds like, to me, is set up a secure
connection and start data transfer. Then, a problem happens, so connection
falls back to unencrypted. Obvioous garbage.

At any rate, data transfer was being performed with straight FTP. No idea where
VPN tunnel starts, except not inside our facility.

John McKee

Quoting Simon Coulter <shc@xxxxxxxxxxxxxxxxx>:


On 06/02/2009, at 4:35 PM, John McKee wrote:

Does this make anyy sense? If data leaves one site, via a VPN,
would there be
anyy way to know the data was not encrypted?

Isn't really enough information to work with but ...

It's probably possible but unlikely. FTP uses two connections; one
(initiated by the client) for the control channel, and one (by
default) initiated by the server for the data channel. It's possible
that the client connects over the VPN to establish the control
channel but that the server connects directly for the data channel.
This would mean the control channel is encrypted via the VPN so UID/
PWD is protected but the data itself is not encrypted.

I would expect that for this to occur the VPN is incorrectly
configured or the client is directly addressable without the VPN.
Both states would indicate incorrect network configuration. You
should be able to work around the problem via PASV which instructs
the server to wait for a data connexion from the client or by
disabling both PASV and PORT which will create the data connexion to
the same port as the control channel (the default data connexion).

It will depend very much on the capabilities of your FTP client as to
whether either of these work-arounds is available or effective. Many
FTP clients don't actually implement the default data connexion
because there can be communication problems with it due to TCP time-
waits when closing sockets even though the RFC for FTP says they must
implement it. Some clients will allow disabling PORT but if so will
then use PASV. Not all clients allow disabling both PORT and PASV
although the iSeries FTP client is one that does.

The proper solution is to configure routing so the VPN client is
found ONLY via the VPN connexion.

Regards,
Simon Coulter.
--------------------------------------------------------------------
FlyByNight Software OS/400, i5/OS Technical Specialists

http://www.flybynight.com.au/
Phone: +61 2 6657 8251 Mobile: +61 0411 091 400 /"\
Fax: +61 2 6657 8251 \ /
X
ASCII Ribbon campaign against HTML E-Mail / \
--------------------------------------------------------------------



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.






As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.