svn over vpn

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

svn over vpn

Merlin Morgenstern
Hi there,

I am trying to get svn running over a vpn tunnel. Unvortunatelly there seems to be something I am missing. The tunnel is up an running, ping works. Subversion is set up and running as stand alone version.

After I do a checkout:
<a class="moz-txt-link-freetext" href="svn://10.8.0.6/test">svn://10.8.0.6/test

Subversion answers:
Checkout from <a class="moz-txt-link-freetext" href="svn://10.8.0.6/test">svn://10.8.0.6/test, revision HEAD, Fully recursive, Externals included Can't connect to host '10.8.0.6': Es konnte keine Verbindung hergestellt
werden, da der Zielcomputer die Verbindung verweigerte.


Do I have to configure subversion somehow to listen to that port 1149 of vpn and the ip adress?

Thank you for any help!!

Merlin
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: svn over vpn

Stefan Sperling
On Wed, Mar 18, 2009 at 01:59:33PM +0100, Merlin Morgenstern wrote:

>
>    Hi there,
>    I am trying to get svn running over a vpn tunnel. Unvortunatelly there
>    seems to be something I am missing. The tunnel is up an running, ping
>    works. Subversion is set up and running as stand alone version.
>    After I do a checkout:
>    [1]svn://10.8.0.6/test
>    Subversion answers:
>    Checkout from [2]svn://10.8.0.6/test, revision HEAD, Fully recursive,
>    Externals included Can't connect to host '10.8.0.6': Es konnte keine
>    Verbindung hergestellt
>    werden, da der Zielcomputer die Verbindung verweigerte.

Please report error messages in English, not everyone here understands
German.

$ export LANG=en_US
$ svn checkout ...

(FYI the error is essentially saying "connection refused").

>    Do I have to configure subversion somehow to listen to that port 1149
>    of vpn and the ip adress?

svnserve can only listen on a single interface/port.

You should not need to specify a port.

If you need access to the svn repository via multiple
IP addresses at the same time, use apache instead of svnserve.

But did you try connecting to the IP address that svnserve normally
listens on? Given that routing is set up appropriately on your client box,
it should try to connect to that IP through the VPN tunnel.
This is the most appropriate solution since VPNs are supposed to be
transparent to applications. Whether or not your computer sends packets
to some destination through the VPN tunnel is none of Subversion's business.
You didn't say what operating system your client is running and what kind
of VPN software you are using, so it's hard to give more concrete advice.

Or you can try: svnserve --listen-host 10.8.0.6
But this would mean that everyone else using the server will have
to switch to that IP, too, and it must be reachable by them, so it
may not be ideal.

Stefan

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: svn over vpn

Qazwart
In reply to this post by Merlin Morgenstern
For those who don't know German, this is the translation from Babelfish:

No connection could be made, since the goal computer refused the connection.

I know that VPNs will block ports that they don't want people to use.
It is very possible that your VPN is not allowing traffic on port
3690. Try telnetting to port 3690 on your Subversion server: You
should get something like this:

$ telnet svn-server 3690
Trying x.x.x.x...
Connected to svn-server.
Escape character is '^]'.
( success ( 2 2 ( ) ( edit-pipeline svndiff1 absent-entries
commit-revprops depth log-revprops partial-replay ) ) )

If you don't get that, you have several choices:

1). Try to convince your system admins to allow traffic on port 3690.
2). Try svnserve on another port
3). Use tunneling to  get around this problem.

See <http://svnbook.red-bean.com/en/1.4/svn.serverconfig.svnserve.html>
for more information about tunneling. You may have to use ssh to do
the tunneling for you.

One more choice is to do Subversion over HTTP. However, this will
really involve your System Administrators (since they probably control
which machines can run webservers) and may mean you have to make
changes in your repository. Plus, all users might have to do a "svn
switch" since the URL of their chcekouts changed.

On Wed, Mar 18, 2009 at 8:59 AM, Merlin Morgenstern
<[hidden email]> wrote:

> Hi there,
>
> I am trying to get svn running over a vpn tunnel. Unvortunatelly there seems
> to be something I am missing. The tunnel is up an running, ping works.
> Subversion is set up and running as stand alone version.
>
> After I do a checkout:
> svn://10.8.0.6/test
>
> Subversion answers:
> Checkout from svn://10.8.0.6/test, revision HEAD, Fully recursive, Externals
> included Can't connect to host '10.8.0.6': Es konnte keine Verbindung
> hergestellt
> werden, da der Zielcomputer die Verbindung verweigerte.
>
>
> Do I have to configure subversion somehow to listen to that port 1149 of vpn
> and the ip adress?
>
> Thank you for any help!!
>
> Merlin



--
--
David Weintraub
[hidden email]

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1348797

To unsubscribe from this discussion, e-mail: [[hidden email]].
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: svn over vpn

Stefan Sperling
In reply to this post by Stefan Sperling
On Wed, Mar 18, 2009 at 03:26:47PM +0100, Merlin Morgenstern wrote:
>    my setup is like this:
>    - One Root server where a cisco firewall and a susefirewall restrict
>    all ports except of: http, htttps, ssh and udp port 1194

When talking about restrictions on ports, you should always be clear
which direction you are talking about, e.g. "from the server's point
of view, all incoming/outgoing connections are blocked ..."

>    - XP Client running openvpn-gui
>    My goal is to be only able to run subversion over VPN for security
>    reasons. I do not want to open the svn port.
>    In a test run I disabled the firewal and did a simple checkout on
>    [3]svn://server/test
>    This worked.

If it works with the firewall disabled, you will need to fix
your firewall configuration to allow connections to svnserve
through the VPN interface.

How to do this depends largely on your Linux distribution, and the way
you run OpenVPN. There should be appropriate help forums for that.
I don't think the Subversion users list is appropriate.

Good luck,
Stefan

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: svn over vpn

Stefan Sperling
In reply to this post by Stefan Sperling
On Wed, Mar 18, 2009 at 03:26:47PM +0100, Merlin Morgenstern wrote:
>
>    Stefan Sperling wrote:
> But did you try connecting to the IP address that svnserve normally
> listens on?

By the way you never answered this question.

Stefan

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: svn over vpn

Qazwart
In reply to this post by Qazwart
On Wed, Mar 18, 2009 at 10:34 AM, David Weintraub <[hidden email]> wrote:
> I know that VPNs will block ports that they don't want people to use.
> It is very possible that your VPN is not allowing traffic on port
> 3690. Try telnetting to port 3690 on your Subversion server: You
> should get something like this:

Let me clarify: Try telneting TO your Subversion server machine over
the VPN and see if you can connect via port 3690.

Otherwise, you may need to create your own tunnel over the VPN.

--
David Weintraub
[hidden email]

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1349162

To unsubscribe from this discussion, e-mail: [[hidden email]].
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: svn over vpn

Merlin Morgenstern
In reply to this post by Stefan Sperling
Thank you all for your help. I have solved the problem and would like to share it with you. Might help somebody else.

1. The ip adress of the server over vpn is 10.8.0.1 - not .6 That would be the client
2. On the susefirewall I had to add svnserve as a service allowed
3. the --listen directive seems not to have an influence on my goals
3. The cisco firewall stays blocked for subversion. Only allow vpn.

Result: svn is now available exclusivly over VPN-tunnel!

Thank you all for your help.


Stefan Sperling wrote:
On Wed, Mar 18, 2009 at 01:59:33PM +0100, Merlin Morgenstern wrote:
  
   Hi there,
   I am trying to get svn running over a vpn tunnel. Unvortunatelly there
   seems to be something I am missing. The tunnel is up an running, ping
   works. Subversion is set up and running as stand alone version.
   After I do a checkout:
   [1]<a class="moz-txt-link-freetext" href="svn://10.8.0.6/test">svn://10.8.0.6/test
   Subversion answers:
   Checkout from [2]<a class="moz-txt-link-freetext" href="svn://10.8.0.6/test">svn://10.8.0.6/test, revision HEAD, Fully recursive,
   Externals included Can't connect to host '10.8.0.6': Es konnte keine
   Verbindung hergestellt
   werden, da der Zielcomputer die Verbindung verweigerte.
    

Please report error messages in English, not everyone here understands
German.

$ export LANG=en_US
$ svn checkout ...

(FYI the error is essentially saying "connection refused").

  
   Do I have to configure subversion somehow to listen to that port 1149
   of vpn and the ip adress?
    

svnserve can only listen on a single interface/port.

You should not need to specify a port.

If you need access to the svn repository via multiple
IP addresses at the same time, use apache instead of svnserve.

But did you try connecting to the IP address that svnserve normally
listens on? Given that routing is set up appropriately on your client box,
it should try to connect to that IP through the VPN tunnel.
This is the most appropriate solution since VPNs are supposed to be
transparent to applications. Whether or not your computer sends packets
to some destination through the VPN tunnel is none of Subversion's business.
You didn't say what operating system your client is running and what kind
of VPN software you are using, so it's hard to give more concrete advice.

Or you can try: svnserve --listen-host 10.8.0.6
But this would mean that everyone else using the server will have
to switch to that IP, too, and it must be reachable by them, so it
may not be ideal.

Stefan
  
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: svn over vpn

Hyden62
This post has NOT been accepted by the mailing list yet.
In reply to this post by Merlin Morgenstern
For a long time I have been using the vpn for android and it works amazingly. Have never had such issue with the connection. I think people that use free VPN they face such problems. If you invest in the good VPN then there won’t be any issue.
Loading...