Hi, I would recommend you use OpenSSH (for Windows PuTTYy is free) across your VPN with X11 forwarding enabled. You also need to run OpenSSH at least one of your UNix computers. When you use PuTTy from your Windows PC (having previous started eXceed) and make an OpenSSH connection with the Unix machine, your DISPLAY variable is automatically set; this will tunnel your X11 back to your remote PC. The beauty of this, if you telnet to another Unix computer and then manually set your DISPLAY to that define by PuTTy it is also tunnelled back to the remote laptop.
http://www.chiark.greenend.org.uk/~sgtatham/putty/ Ueckert, Samuel D. wrote:
Rob, Thanks for the input, but my design considerations are limited by company policy here. I have to provide one VPN solution for remote Windows and X users, plus meet various other criteria. Best Regards, Sam Ueckert. -----Original Message----- From: Laidlaw, Rob [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 10:29 AM To: [EMAIL PROTECTED] Subject: Re: [FW-1] SecureClient VPN + Hummingbird Exceed, NG FP3 Why not just use a secure X client like X-Secure which does the X-session over SSH? Might save you some headaches in the future. -Rob -----Original Message----- From: Ueckert, Samuel D. [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 9:42 AM To: [EMAIL PROTECTED] Subject: [FW-1] SecureClient VPN + Hummingbird Exceed, NG FP3 Hi, I am currently running a test network to evaluate whether Checkpoint NG will meet our VPN needs. Our goal is to run X sessions across a SecureClient VPN using Exceed. The VPN forms without any trouble, and I can access network resources on the protected network across the tunnel. I can ping the VPN client machine from the Unix host, and vice versa. I have Desktop Security essentially wide open, and I can initiate various sessions (FTP, for example) inbound to the machine running SecureClient from the protected network across the tunnel. When I attempt to initiate any X session (xterm, for example) across the tunnel, I get an error: "Xt: Can't open display 192.168.2.1:0.0" (the Office Mode address of my VPN client). I have tried with and without Office Mode enabled, and neither worked. The Exceed configuration is a 'known good' one; I can patch the client machine down on the protected network and connect just fine. I also tried connecting to the host machine across a router, without any firewalls between the client and the host, without running SecureClient, and connected just fine, so I am confident that the problem involves SecureClient. The test network is as follows: The client machine is running SecureClient NG FP3 on Windows XP SP1. Its default gateway is a Cisco router with two Ethernet interface. The router has no access lists or firewall sotware installed. The Exceed version on the client is 7.0 The other Ethernet interface of the Cisco connects to the external interface of the FW-1/VPN-1 gateway. It is running NG FP3 on Solaris 8. It's default gateway is the Cisco router. It NAT's (hide mode) between the internal network and the external network. The Unix host machine that I am connecting sits on the internal network behind the FW-1/VPN-1, and uses the FW-1 as it's gateway. It is also a Solaris 8 box. The Cisco router in this test network only exists so that the client machine and the FW-1/vpn-1 box don't have addresses on the same network, which is forbidden for Office mode. Any help you can lend would be appreciated. Best Regards, Sam Ueckert. ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= Disclaimer - 01/16/2003 This information in this email is confidential and may be legally privileged. It is intended solely for Mailing list for discussion of Firewall-1. Access to this Internet email by anyone else is unauthorized. EnvestnetPMC, Inc. does not accept time-sensitive transactional messages, including orders to buy and sell securities, account allocation instructions, or any other instructions affecting a client account, via e-mail. If you are not the intended recipient of this email, any disclosure, copying, or distribution of it is prohibited and may be unlawful. If you have received this email in error, please notify the sender and immediately and permanently delete it and destroy any copies of it that were printed out. When addressed to our clients, any opinions or advice contained in this email is subject to the terms and conditions expressed in any applicable governing EnvestnetPMC terms of business or agreements. ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
-- Regards Russell ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
