From mail@mel.vin Tue Oct 15 20:08:48 2019 Received: (at 1012) by bugs.x2go.org; 15 Oct 2019 18:08:50 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.8 required=3.0 tests=BAYES_50,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mout02.posteo.de (mout02.posteo.de [185.67.36.142]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 459025DAED for <1012@bugs.x2go.org>; Tue, 15 Oct 2019 20:08:35 +0200 (CEST) Received: from submission (posteo.de [89.146.220.130]) by mout02.posteo.de (Postfix) with ESMTPS id A50912400E5 for <1012@bugs.x2go.org>; Tue, 15 Oct 2019 20:08:34 +0200 (CEST) Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 46t3MP6cyRz9rxL for <1012@bugs.x2go.org>; Tue, 15 Oct 2019 20:08:33 +0200 (CEST) From: Melvin Vermeeren To: 1012@bugs.x2go.org Subject: Issue has been resolved Date: Tue, 15 Oct 2019 20:08:28 +0200 Message-ID: <1904195.klsIam7rci@verm-r4e> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart4720267.Qom0uiC4Hy"; micalg="pgp-sha512"; protocol="application/pgp-signature" --nextPart4720267.Qom0uiC4Hy Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Found part of the issue. To secure the services I use OpenVPN, even for SSH. For this example the "public hostname" is example.com. When you connect to the OpenVPN service example.com you can now also reach example.com through the secure VPN with IP 10.8.0.1. The broker only listens on 10.8.0.1, so this means you need both a device holding the OpenVPN keys and username+password in the broker to log in. This way external, untrusted devices cannot try to log in at all. SSH daemon requires public keys, password auth is disabled. In session profiles inifile, previously the value was host=10.8.0.1. This way the SSH traffic gets tunnelled through the VPN too. Now that this is changed to host=example.com, I can see status "(suspended)" or "(running)" in x2goclient, depending on the server state. X2Go always uses the system's real $HOST to determine the session hostname. So even if inifile host=10.8.0.1 x2golistsessions will lists it as: 12345|foobar-50-....|50|example.com|... Even though suspended/running status now works clicking on the suspended session in x2goclient still starts up a new session. The broker log: > base_broker.X2GoBroker.select_session(): no X2Go Server could be contacted, > session startup will fail, tried these hosts: ['example.com'] The fix was to use the host syntax documented in load balancing mode: host=example.com (10.8.0.1) With this change everything works perfectly. I think the documentation, perhaps in the inifile itself, should add some IMPORTANT note regarding this. If the host field is not properly configured many things don't work properly. tl;dr The host name MUST match whatever is listed in x2golistsessions and the host IP/target MUST match whatever the broker is bound to. --nextPart4720267.Qom0uiC4Hy Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEETnzUjuV5O+rCrz6nRiwQnTrHuFkFAl2mCxwACgkQRiwQnTrH uFlqIw/+Ncjb2FrgkrcxcWl8akrX+nGGZnmI82Z0ufNeTU/RNgOc+s7iJ7lumxGA u3jJKjdif/i6uC5URI5zbUYJ3XNjfmpPah1TcFcFsgqQGV+mcAA4il0GgBRWEzMU AtHpbtuwUWnn2qMd0oUOL172g5ljT3jMQAzVaQsjqO2B9Td05+p1vPssey3tituv +77LZj65k+odM+DS1sFXqUzEaiubfAStEv2oTVwUzM8WSEEbP8PXWS1uTi28AdIP 7yNj8OLvg8JKVwwvKwtD6VNeP0VjE06koL+Jkg43WJxHsNS5A9tZeFJF03m1eGyY KFhItEGLl66x5Gbig45+vIGm5q8Y77fZNQTxTnIhoR7fuvOB3b1ck8lM+mrtM5hD S76voxj9YeyutfbGh/yLnN3GQybCTMqqxCdOlGT075IigAADlVE9XJOEkytfDcQC UziaTyPUGN4RFi/U3B10zDsrhAUNLS4TJyV0FxknW9b9N0ZmRd0rr7JysT8oYgtL DJHbmyK7USD4RWj5Eoa0xXL9Lf4wc8sZTQeKBtgyEdCLE7nQ3NxmMXv2J2s+n5KD ifc2sytJjel+Twh/oD50erdFBwGLMH9g37lxVX852zFmwLz6acM8ZY7R40LXyS3j hKZ6ceANvXuVxlHeL9vm8ijibmmeoZSz5hvGzWy8Bl58Hu2lgN8= =23hD -----END PGP SIGNATURE----- --nextPart4720267.Qom0uiC4Hy--