[Opensim-users] Any way to display the values of "IP" and "MyIP"

Rick Anderson rianders at docs.rutgers.edu
Wed Apr 11 19:43:50 UTC 2012 

I kind of bumped into this issue again. In this case no one is ever on
the internal network except for the other OpenSim servers.

At this point. The Robust Server, the OpenSim server, and client are
using fully qualified domain names. So now my user identity can't be
verified. Since I didn't use the IP address anymore it's now making a
comparison between the FQDN and the IP address of the robust server. I
don't know where this IP address is coming from.

19:39:03 - [USER AGENT SERVICE]: Unable to login user Rk.Jinn
@rugrid.rutgers.edu to grid http://174.129.197.43:8002/, reason:
Unable to verify identity


--Rick


On Wed, Apr 11, 2012 at 2:44 PM, Fleep Tuque <fleep513 at gmail.com> wrote:
> Unfortunately I have this issue too and if there's a way to trick it into
> working using the hosts file, I guess I haven't figured it out.
>
> Essentially I can't use the hypergrid from any of the machines on my
> internal network except the server, which I don't do very often because it's
> completely inconvenient.  If I really must hypergrid around to other grids,
> I start with a local account on someone else's grid to get around, but I can
> never HG to or from my own grid.  It's a bummer. :(
>
> - Chris/Fleep
>
> Chris M. Collins (SL/OS: Fleep Tuque)
> Center for Simulations & Virtual Environments Research (UCSIM)
> UCIT Instructional & Research Computing
> University of Cincinnati
> 406A Zimmer Hall
> 315 College Drive
> PO BOX 210088
> Cincinnati, OH 45221-0088
> chris.collins at uc.edu
> (513) 556-3018
>
> http://ucsim.uc.edu
>
>
> On Wed, Apr 11, 2012 at 2:37 PM, Rick Anderson <rianders at docs.rutgers.edu>
> wrote:
>>
>> Diva,
>>
>> I'll go back to using the rugrid.rutgers.edu in the robust
>> configuration and see what happens.
>> Robust.ini result,
>> ----
>> 18:17:50 - [HOME AGENT HANDLER]: Unauthorized machine 184.162.51.100
>> tried to set client ip to 165.230.192.41
>> 18:17:50 - [USER AGENT SERVICE]: Request to login user Rk.Jinn
>> @rugrid.rutgers.edu (@stored IP) to grid http://174.129.197.43:8002/
>> 18:17:50 - [USER AGENT SERVICE]: this grid:
>> http://rugrid.rutgers.edu:8002/, desired grid:
>> http://174.129.197.43:8002/
>> 18:17:50 - [GATEKEEPER SERVICE]: Login request for Rk.Jinn
>> @rugrid.rutgers.edu @ http://rugrid.rutgers.edu:8002/
>> (80861b47-0d09-49e0-a711-8e59851006f9) at JumpNexus0 using viewer
>> Imprudence 1.4.0.1, channel Imprudence, IP 165.230.192.41, Mac
>> 3bb974300b81b292f953727e3cf33574, Id0 6468c4a3c3a6f5fa9e55986a1017e0f0
>> Teleport Flags 0
>> 18:17:50 - [GATEKEEPER SERVICE]: Verifying http://174.129.197.43:8002
>> against http://rugrid.rutgers.edu:8002
>> 18:17:50 - [GATEKEEPER SERVICE]: Unable to verify identity of agent
>> Rk.Jinn @rugrid.rutgers.edu. Refusing service.
>> 18:17:50 - [USER AGENT SERVICE]: Unable to login user Rk.Jinn
>> @rugrid.rutgers.edu to grid http://174.129.197.43:8002/, reason:
>> Unable to verify identity
>> ----
>> In this case rugrid.rutgers.edu = 174.129.197.43.
>>
>> I'll try this next:
>> > Second, use the hosts files to adjust the mappings between domain names
>> > and
>> > IP addresses inside the network if needed.
>>
>> Also, this is running in the Amazon AWS cloud. So each machine has
>> public/private addresses.
>>
>>
>> -_Rick
>>
>> On Wed, Apr 11, 2012 at 1:13 PM, Diva Canto <diva at metaverseink.com> wrote:
>> > The higher-order bit of what I'm about to say is that OpenSim networking
>> > is
>> > a complicated matter. Hypergrid networking adds even more complexity to
>> > it.
>> > Having said that, let me explain a bit.
>> >
>> > The main source of problems arise when you have the following situation:
>> > (1) the servers are on a given network
>> > (2) some clients are also on that network
>> > (3) some clients are on external networks
>> > This is usually the case with universities, for example, depending on
>> > how
>> > the university network is set up. Hence you need to be extra careful.
>> >
>> > The Hypergrid performs several checks for ensuring identity security.
>> > These
>> > checks are based on the domain names that the grids use, on the IP
>> > addresses
>> > of the robust servers and on the IP addresses of the clients.
>> >
>> > The IP address from where the client logged in is the vital piece of
>> > info
>> > that needs to be asserted throughout HG teleports. The user's home grid
>> > knows that address; the simulators that the user visit also know that
>> > address. In order for those simulators to make sure that the agent that
>> > they're getting is the real thing, and not a fake pretending to be a
>> > certain
>> > user, they call back to the user's home grid for IP verification. That's
>> > when that debug message gets printed out.
>> >
>> > Two things can happen: either the IP address of the client that the
>> > destination simulator gets is exactly the same as the IP address that
>> > the
>> > home grid saw at client login (normal case, when servers and clients are
>> > on
>> > separate networks) or the IP address of the client that the destination
>> > simulator gets is different than the one seen at login in the home grid,
>> > but
>> > is the same as the robust server -- which means that the client logged
>> > in in
>> > the same machine where the robust server runs. This happens in
>> > standalones
>> > ran at people's homes, for example, where there's just on box running
>> > both
>> > OpenSim and the viewer.
>> >
>> > So, what does this mean for people with  a mix of clients inside the
>> > server-side network and clients outside?
>> >
>> > First of all, stick to using domain names, not IP addresses. That is
>> > just
>> > bound to cause problems, because many times the IP addresses seen from
>> > the
>> > outside are different from the IP addresses seen from the inside of a
>> > network. If you fix it for one case, you screw it up for the other. So,
>> > rule
>> > #1: USE DOMAIN NAMES in the Robust configuration.
>> >
>> > Second, use the hosts files to adjust the mappings between domain names
>> > and
>> > IP addresses inside the network if needed.
>> >
>> > I am sure that this process of IP verification can be improved to
>> > account
>> > for these hybrid setups, but for the time being only the simplest of
>> > cases
>> > is accounted for (client logged in in the same machine as the home
>> > grid).
>> >
>> >
>> > On 4/11/2012 8:35 AM, Rick Anderson wrote:
>> >>
>> >> It turns out that MyIP displays the IP address when it can be found.
>> >> I changed my Robust configuration from rugrid.rutgers.edu to the IP
>> >> address and it now returns the correct client info:
>> >>
>> >> 15:32:39 - [USER AGENT SERVICE]: Verifying Client session
>> >> 7a0ffc9a-c6ea-4a8c-899d-88f9fe0da2bf with reported IP 165.230.192.41.
>> >> 15:32:39 - [USER AGENT SERVICE]: Comparing 165.230.192.41 with login
>> >> IP 165.230.192.41 and MyIP 165.230.192.41; result is True
>> >>
>> >> When I return my region is light blue. So I've made one step forward.
>> >>
>> >> -_Rick
>> >>
>> >> On Wed, Apr 11, 2012 at 11:24 AM, Rick Anderson
>> >> <rianders at docs.rutgers.edu>  wrote:
>> >>>
>> >>> I'm trying to trace down an error with the unauthorized machine
>> >>> message from "HOME AGENT HANDLER"  There is a value comparing login IP
>> >>> with MyIP with a result of false:
>> >>> 15:19:28 - [USER AGENT SERVICE]: Verifying Client session
>> >>> b5495ff5-827a-4bd2-98ee-2eb3e5dfe036 with reported IP 165.230.192.41.
>> >>> 15:19:28 - [USER AGENT SERVICE]: Comparing 165.230.192.41 with login
>> >>> IP  and MyIP ; result is False
>> >>>
>> >>> Can the values of "IP" and MyIP" be shown in the console?
>> >>>
>> >>> -_Rick
>> >>> --
>> >>> Rick Anderson
>> >>> Director of Virtual Worlds
>> >>> Division of Continuing Studies (DoCS)
>> >>> Rutgers University
>> >>> (732) 586-3265
>> >>
>> >>
>> >>
>> >
>> > _______________________________________________
>> > Opensim-users mailing list
>> > Opensim-users at lists.berlios.de
>> > https://lists.berlios.de/mailman/listinfo/opensim-users
>>
>>
>>
>> --
>> Rick Anderson
>> Director of Virtual Worlds
>> Division of Continuing Studies (DoCS)
>> Rutgers University
>> (732) 586-3265
>> _______________________________________________
>> Opensim-users mailing list
>> Opensim-users at lists.berlios.de
>> https://lists.berlios.de/mailman/listinfo/opensim-users
>
>
>
> _______________________________________________
> Opensim-users mailing list
> Opensim-users at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-users



-- 
Rick Anderson
Director of Virtual Worlds
Division of Continuing Studies (DoCS)
Rutgers University
(732) 586-3265

More information about the Opensim-users mailing list